TechSpot

Possible infection or something else

By Pilif
Jun 26, 2015
  1. Hey all, It all started a month or so ago. When I was browsing some page the browser got dark and the CPU go high. Then the PC started to get slower. I scaned with different software without much luck identifying any thing. Then I installed Malwarebytes Anti-Malware and could run it, but didn't do any scan. The next morning I booted the pc and wanted to do the scan but now I can't start it it always crashes and the chameleon mode also. I managed to install some older version and to update the database but it didn't find any thing. Here are my OTL and FRST logs thanks in advance.
    attached because of the character limit.
     

    Attached Files:

    Last edited: Jun 26, 2015
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Please observe forum rules.
    All logs must be pasted not attached.
    I only need FRST logs.
     
  3. Pilif

    Pilif TS Rookie Topic Starter

    I'm Sorry here are the logs
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
    Ran by kr (administrator) on KR-TU on 26-06-2015 23:27:28
    Running from E:\Karl
    Loaded Profiles: kr (Available Profiles: kr)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
    (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
    (brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
    (Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (UJI per a CATCert) C:\Program Files\TU Sofia\Clauer TU Sofia\clos-win.exe
    (Fork, Ltd.) C:\Windows\Parse\wpxsvc.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Joyent, Inc) C:\Windows\Parse\versions\1.3.9\bin\node.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
    (HP) C:\Windows\System32\HPSIsvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Fork, Ltd.) C:\Windows\Parse\versions\1.3.9\node_modules\triggers\bin\lightevt.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (VMware, Inc.) C:\Windows\System32\vmnat.exe
    (VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
    (VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
    (Bernd Dietzel) C:\Program Files\RegRunner2009\RegRunner2009.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Mozilla Community) C:\Program Files\Light\light.exe
    (Mozilla Corporation) C:\Program Files\Light\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    () C:\Program Files\Sublime Text 3\sublime_text.exe
    () C:\Program Files\Sublime Text 3\plugin_host.exe
    (OldTimer Tools) E:\Karl\OTL.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-09-16] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-27] (IDT, Inc.)
    HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
    HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [323128 2011-07-06] (Hewlett-Packard Company)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [91648 2011-08-19] (IvoSoft)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-06] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-01-06] (Atheros Commnucations)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-08] (Avast Software s.r.o.)
    HKLM\...\Run: [Bonus.SSR.FR10] => C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2011-06-08] (ABBYY.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {25e4c922-4f77-11e3-bc0c-005056c00008} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {2e6d915b-0f11-11e3-8518-005056c00008} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {4fcdab4d-bebc-11e2-a474-6431508f4295} - G:\SISetup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {54ec8418-308a-11e1-a0b4-6431508f4295} - V:\autorun.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {65a52ec1-7704-11e4-bd13-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {65a52ec3-7704-11e4-bd13-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {65a53173-7704-11e4-bd13-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {6fe581f8-04af-11e2-a761-6431508f4295} - V:\autorun.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {7662ae5e-1a97-11e1-8a6c-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {7fe43070-c24e-11e4-baac-6431508f4295} - V:\xsetup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {8a8acbe0-fd38-11e2-b4d6-6431508f4295} - G:\AutoRun.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {8a8acbef-fd38-11e2-b4d6-6431508f4295} - G:\AutoRun.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {9137ee0f-3d28-11e2-b0ea-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {91a54dc9-a0d5-11e2-a45c-6431508f4295} - V:\xsetup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {930304f0-e4e9-11e0-8bda-6431508f4295} - V:\SETUP.EXE
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {998084ee-f338-11e4-8b7b-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {99808506-f338-11e4-8b7b-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {a28e8d9f-d6c8-11e4-8b8a-6431508f4295} - V:\SETUP.EXE
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {a4197659-fa24-11e4-b9a3-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {ac528ccc-f1c3-11e2-a727-6431508f4295} - D:\iLinker.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {b440b8bb-5048-11e2-af36-6431508f4295} - V:\Setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {c259561b-c376-11e2-9847-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {ccd70df1-e930-11e2-b415-6431508f4295} - G:\SISetup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {d29c65c9-37b7-11e2-a392-6431508f4295} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL V:\setup.hta
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {da1c84ec-c5b5-11e4-8acb-6431508f4295} - V:\xsetup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {dd09288b-c636-11e4-b21c-6431508f4295} - V:\xsetup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {e48558bc-5042-11e2-a4d7-6431508f4295} - V:\Setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {e48558d2-5042-11e2-a4d7-6431508f4295} - V:\Setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {ed5ec56c-1579-11e3-b794-005056c00008} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {f187db14-f96f-11e4-ad06-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {fab4b713-c652-11e3-8ee8-005056c00008} - V:\Setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {fe3dd526-fb09-11e4-817e-6431508f4295} - V:\setup.exe
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\MountPoints2: {fe3dd5db-fb09-11e4-817e-6431508f4295} - V:\setup.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RegRunner2009.lnk [2011-09-21]
    ShortcutTarget: RegRunner2009.lnk -> C:\Program Files\RegRunner2009\RegRunner2009.exe (Bernd Dietzel)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)
    BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)
    Toolbar: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP15-15155/event/ieatgpc1.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 141.44.1.9 141.44.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-06-23] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-10-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll [2012-01-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=1.1.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
    FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll [2013-01-24] (Wolfram Research, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\kr\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-08-14] (Cisco WebEx LLC)
    FF Extension: German Dictionary (de-DE), classical spelling standards - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\alterechtschreibung@googlemail.com [2015-06-22]
    FF Extension: Bulgarian Dictionary - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\bg-BG@dictionaries.addons.mozilla.org [2015-06-22]
    FF Extension: United States English Spellchecker - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\en-US@dictionaries.addons.mozilla.org [2015-06-22]
    FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-06-21]
    FF Extension: Firebug - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-21]
    FF Extension: Ghostery - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\firefox@ghostery.com.xpi [2015-06-21]
    FF Extension: Forecastfox (fix version) - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\forecastfox@s3_fix_version.xpi [2015-06-21]
    FF Extension: Self-Destructing Cookies - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-06-21]
    FF Extension: Deutsch (DE) Language Pack - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-06-22]
    FF Extension: English (US) Language Pack - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2015-06-22]
    FF Extension: searchOnTab - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\searchontab@sogame.cat.xpi [2015-06-21]
    FF Extension: Flagfox - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-06-21]
    FF Extension: HttpFox - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2015-06-21]
    FF Extension: Adblock Plus - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-21]
    FF Extension: BetterPrivacy - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-21]
    FF Extension: Greasemonkey - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-24]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-26]
    FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
    FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-26]

    Chrome:
    =======
    CHR Profile: C:\Users\kr\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\kr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-16]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
    R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
    R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2011-01-06] (Atheros Commnucations) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-23] (Avast Software)
    R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
    R2 CLOS; C:\Program Files\TU Sofia\Clauer TU Sofia\clos-win.exe [98304 2011-01-26] (UJI per a CATCert) [File not signed]
    R2 CronService; C:\Windows\Parse\wpxsvc.exe [611854 2015-06-08] (Fork, Ltd.) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-10-24] (Flexera Software, Inc.)
    R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-11-17] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-11-17] (Hewlett-Packard) [File not signed]
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-10-24] (SolidWorks) [File not signed]
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-27] (IDT, Inc.)
    R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
    R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
    R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
    R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
    R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
    S3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [X]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AlteraUSBBlaster; C:\Windows\System32\drivers\usbblstr.sys [58960 2010-06-27] (FTDI Ltd.)
    S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-03-07] (Google Inc)
    S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
    S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-03-06] (LG Electronics Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
    S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-01-06] (Atheros)
    R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [98400 2010-10-28] (SysProgs.org)
    S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [258720 2011-01-06] (Atheros)
    R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-06] (Atheros)
    S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-01-06] (Atheros)
    S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-01-06] (Atheros)
    S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-01-06] (Atheros)
    S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.)
    S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [241824 2011-01-06] (Atheros)
    R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [21600 2011-12-21] (IVT Corporation.)
    R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43088 2013-08-15] ()
    R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-24] (Emsisoft GmbH)
    S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2015-01-23] (FTDI Ltd.)
    R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
    S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2009-02-25] (Hewlett Packard)
    S2 ISMPUSBFilter; C:\Windows\System32\DRIVERS\ISMPUSBFilter.sys [16384 2012-12-04] (Innostor Technology Corporation) [File not signed]
    S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [23288 2012-12-24] (IVT Corporation.)
    S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [27256 2012-12-24] (IVT Corporation.)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
    S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [10760 2012-04-07] (Sysinternals) [File not signed]
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
    R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [69504 2011-06-10] (Renesas Electronics Corporation)
    R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [161664 2011-06-10] (Renesas Electronics Corporation)
    S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
    S3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [52312 2011-11-11] (NCH Software)
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
    S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
    R2 TVicPort; C:\Windows\system32\Drivers\TVicPort.sys [14544 2005-03-30] (EnTech Taiwan) [File not signed]
    S3 USB18PRG; C:\Windows\System32\Drivers\USB18PRG.sys [46152 2009-11-17] (mikroElektronika)
    R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-23] (Avast Software)
    R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
    S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
    R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
    R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
    S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
    R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
    S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
    R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2011-02-04] (Jungo)
    S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2011-02-04] (Xilinx, Inc.)
    S3 XilinxFirmwarePusb2Loader; C:\Windows\System32\Drivers\xusb_xp2.sys [17920 2011-02-04] (Xilinx, Inc.)
    R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2011-02-04] (Xilinx, Inc.) [File not signed]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    S3 SMIGrabber3E; System32\Drivers\SmiUsbGrabber3E.sys [X]
    U3 aswMBR; \??\C:\Users\kr\AppData\Local\Temp\aswMBR.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-26 20:45 - 2015-06-26 20:45 - 00010070 _____ C:\Windows\DPINST.LOG
    2015-06-25 21:15 - 2015-06-25 21:15 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-25 21:15 - 2015-06-25 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    2015-06-25 21:14 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-06-25 21:13 - 2015-06-25 21:15 - 00000000 ____D C:\Users\kr\AppData\Roaming\Malwarebytes
    2015-06-25 21:13 - 2015-06-25 21:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2015-06-25 20:35 - 2015-06-26 10:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-06-24 13:32 - 2015-06-24 13:32 - 00002254 _____ C:\EamClean.log
    2015-06-24 13:29 - 2015-06-24 13:29 - 00000000 ____D C:\ProgramData\Emsisoft
    2015-06-24 13:20 - 2015-06-24 13:20 - 00001013 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2015-06-24 13:20 - 2015-06-24 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    2015-06-24 13:19 - 2015-06-26 22:47 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2015-06-24 13:19 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
    2015-06-24 13:11 - 2015-06-24 13:11 - 00140424 _____ C:\Users\kr\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-06-24 13:01 - 2015-06-24 13:04 - 00000000 ____D C:\AdwCleaner
    2015-06-24 10:18 - 2015-06-26 23:27 - 00000000 ____D C:\FRST
    2015-06-24 07:46 - 2015-06-26 10:03 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-23 22:37 - 2015-06-25 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-06-23 21:23 - 2015-06-23 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-06-23 21:23 - 2015-06-23 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-06-23 21:11 - 2015-06-23 21:12 - 00000217 _____ C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
    2015-06-23 15:00 - 2012-04-07 19:34 - 00010760 _____ (Sysinternals) C:\Windows\system32\Drivers\myfault.sys
    2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\Users\kr\Downloads\New folder
    2015-06-21 15:55 - 2015-06-21 15:55 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-06-21 15:55 - 2015-06-21 15:55 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-06-21 15:55 - 2015-06-21 15:55 - 00000000 ____D C:\ProgramData\Mozilla
    2015-06-21 15:55 - 2015-06-21 15:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2015-06-20 18:18 - 2009-06-11 00:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150620-181829.backup
    2015-06-20 18:08 - 2015-06-20 18:08 - 00000000 ____D C:\Users\kr\Documents\ProcAlyzer Dumps
    2015-06-20 18:01 - 2015-06-20 18:01 - 00000000 ____D C:\Users\kr\AppData\Roaming\Wireshark
    2015-06-20 17:52 - 2015-06-20 17:53 - 00000000 ____D C:\Program Files\Wireshark
    2015-06-20 17:52 - 2015-06-20 17:52 - 00001694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2015-06-20 17:52 - 2015-06-20 17:52 - 00001682 _____ C:\Users\Public\Desktop\Wireshark.lnk
    2015-06-20 17:52 - 2015-06-20 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    2015-06-20 17:49 - 2015-06-21 08:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2015-06-20 17:49 - 2015-06-20 17:54 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2015-06-20 17:49 - 2015-06-20 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-06-20 17:49 - 2015-06-20 17:49 - 00002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-06-20 17:49 - 2015-06-20 17:49 - 00002083 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-06-20 17:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2015-06-19 07:07 - 2015-06-26 10:02 - 00000728 _____ C:\Windows\setupact.log
    2015-06-19 07:07 - 2015-06-19 07:07 - 00000000 _____ C:\Windows\setuperr.log
    2015-06-19 07:06 - 2015-06-26 10:02 - 00004636 _____ C:\Windows\PFRO.log
    2015-06-18 11:39 - 2015-06-18 11:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2015-06-18 09:48 - 2015-06-26 19:07 - 00000600 _____ C:\Users\kr\AppData\Local\PUTTY.RND
    2015-06-17 11:42 - 2015-06-17 11:42 - 00000218 _____ C:\Users\kr\.recently-used.xbel
    2015-06-16 18:44 - 2015-06-26 19:07 - 00000000 ____D C:\Users\kr\AppData\Roaming\FileZilla
    2015-06-16 18:43 - 2015-06-16 18:43 - 00001910 _____ C:\Users\kr\Desktop\FileZilla Client.lnk
    2015-06-16 18:43 - 2015-06-16 18:43 - 00000000 ____D C:\Users\kr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2015-06-16 18:43 - 2015-06-16 18:43 - 00000000 ____D C:\Program Files\FileZilla FTP Client
    2015-06-16 18:41 - 2015-06-16 18:40 - 06228864 _____ (Tim Kosse) C:\Users\kr\Downloads\FileZilla_3.11.0.2_win32-setup.exe
    2015-06-16 13:46 - 2015-06-16 13:46 - 00000000 ____D C:\Users\kr\AppData\Local\TeamViewer
    2015-06-16 13:44 - 2015-06-23 14:18 - 00000496 _____ C:\Windows\system32\TeamViewer10_Hooks.log
    2015-06-16 13:44 - 2015-06-23 14:17 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-06-16 13:44 - 2015-06-23 14:17 - 00000877 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-06-16 10:22 - 2015-06-16 10:22 - 00000000 ____D C:\Users\kr\Tracing
    2015-06-16 08:02 - 2015-06-23 21:13 - 00000000 ____D C:\Program Files\Google
    2015-06-16 08:02 - 2015-06-16 08:03 - 00000000 ____D C:\Users\kr\AppData\Local\Google
    2015-06-09 09:54 - 2015-06-23 18:35 - 00000000 ____D C:\Program Files\OpenVPN
    2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Windows\Prey
    2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Windows\Parse

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-26 22:54 - 2012-11-27 10:36 - 00061440 ___SH C:\Users\kr\Thumbs.db
    2015-06-26 22:51 - 2014-01-12 12:29 - 00000097 _____ C:\Users\kr\.asadminpass
    2015-06-26 22:39 - 2011-09-21 16:39 - 00000000 ____D C:\Users\kr
    2015-06-26 22:19 - 2011-10-25 14:57 - 00000000 ____D C:\Users\kr\AppData\Roaming\Skype
    2015-06-26 20:36 - 2015-03-08 18:31 - 00000000 ____D C:\Windows\pss
    2015-06-26 19:59 - 2011-09-26 09:33 - 00000000 ____D C:\Users\kr\.smplayer
    2015-06-26 19:36 - 2014-02-06 15:51 - 02048295 _____ C:\Windows\WindowsUpdate.log
    2015-06-26 17:24 - 2011-09-22 08:48 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
    2015-06-26 13:52 - 2011-10-25 15:06 - 00000000 ____D C:\Users\kr\AppData\Roaming\Macromedia
    2015-06-26 13:28 - 2011-12-06 10:33 - 00000000 ____D C:\Users\kr\AppData\Local\CrashDumps
    2015-06-26 13:10 - 2015-05-15 21:09 - 00000540 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
    2015-06-26 10:11 - 2009-07-14 07:34 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-26 10:11 - 2009-07-14 07:34 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-26 10:04 - 2013-08-16 11:03 - 00000000 ____D C:\ProgramData\VMware
    2015-06-25 20:19 - 2012-05-24 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera
    2015-06-25 16:31 - 2015-03-08 19:28 - 00007614 _____ C:\Users\kr\AppData\Local\Resmon.ResmonCfg
    2015-06-24 11:01 - 2011-11-29 17:59 - 00000000 ____D C:\Users\kr\Documents\MATLAB
    2015-06-23 15:05 - 2014-01-25 16:53 - 00000000 ____D C:\Users\kr\AppData\Roaming\TeamViewer
    2015-06-23 14:18 - 2014-01-25 16:47 - 00000000 ____D C:\Program Files\TeamViewer
    2015-06-22 17:10 - 2011-09-21 16:52 - 00000000 ____D C:\Users\kr\AppData\Roaming\hpqLog
    2015-06-21 22:42 - 2011-09-26 09:31 - 00000000 ____D C:\Users\kr\AppData\Roaming\vlc
    2015-06-21 15:55 - 2014-04-11 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-06-21 15:55 - 2012-03-23 19:49 - 00000000 ____D C:\Users\kr\AppData\Local\Mozilla
    2015-06-21 11:08 - 2013-02-28 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera 12.1 Build 177
    2015-06-20 17:52 - 2013-04-09 09:31 - 00000000 ____D C:\Program Files\WinPcap
    2015-06-19 07:13 - 2013-10-22 11:30 - 00000000 ____D C:\Users\kr\AppData\Local\Adobe
    2015-06-19 07:06 - 2009-07-14 07:33 - 00523704 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-18 17:02 - 2010-11-21 00:01 - 00784668 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-17 11:43 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\.gconfd
    2015-06-17 11:42 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\AppData\Roaming\gedit
    2015-06-17 11:42 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\.gconf
    2015-06-16 19:22 - 2011-09-22 08:33 - 00000000 ____D C:\Program Files\Pale Moon
    2015-06-16 10:21 - 2014-10-24 12:31 - 00000000 ___RD C:\Program Files\Skype
    2015-06-16 10:21 - 2011-10-25 14:56 - 00000000 ____D C:\ProgramData\Skype
    2015-06-08 12:05 - 2013-03-18 18:02 - 00000029 _____ C:\Windows\system32\TempWmicBatchFile.bat

    ==================== Files in the root of some directories =======

    2012-03-30 18:38 - 2007-11-20 10:26 - 0000060 ____R () C:\Program Files\BRINST.INI
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000039 _____ () C:\Users\kr\AppData\Roaming\Camdata.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamLayout.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamShapes.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0004510 _____ () C:\Users\kr\AppData\Roaming\CamStudio.cfg
    2015-06-23 21:11 - 2015-06-23 21:12 - 0000217 _____ () C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
    2011-09-28 08:43 - 2013-07-27 13:15 - 0007680 _____ () C:\Users\kr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-03-09 18:02 - 2014-03-09 18:02 - 0004096 ____H () C:\Users\kr\AppData\Local\keyfile3.drm
    2015-06-18 09:48 - 2015-06-26 19:07 - 0000600 _____ () C:\Users\kr\AppData\Local\PUTTY.RND
    2015-04-02 19:02 - 2015-04-02 19:02 - 0004998 _____ () C:\Users\kr\AppData\Local\recently-used.xbel
    2015-03-08 19:28 - 2015-06-25 16:31 - 0007614 _____ () C:\Users\kr\AppData\Local\Resmon.ResmonCfg

    Files to move or delete:
    ====================
    C:\Users\kr\comcat5sa.dll


    Some files in TEMP:
    ====================
    C:\Users\kr\AppData\Local\Temp\Quarantine.exe
    C:\Users\kr\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-23 11:52

    ==================== End of log ============================
     
  4. Pilif

    Pilif TS Rookie Topic Starter

    I have to split the Addition log in two.
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
    Ran by kr at 2015-06-26 23:28:41
    Running from E:\Karl
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2225793313-3862077144-1271436542-500 - Administrator - Disabled)
    Guest (S-1-5-21-2225793313-3862077144-1271436542-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2225793313-3862077144-1271436542-1009 - Limited - Disabled)
    kr (S-1-5-21-2225793313-3862077144-1271436542-1000 - Administrator - Enabled) => C:\Users\kr

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
    AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM\...\uTorrent) (Version: 3.2.0 - )
    1.2 (HKLM\...\WiKiCapture_is1) (Version: - BBTradeSales)
    32 Bit HP CIO Components Installer (Version: 18.1.4 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
    ABBYY FineReader 10 Professional Edition (HKLM\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.338.70023 - ABBYY)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arduino (HKLM\...\Arduino) (Version: 1.6.0 - Arduino LLC)
    Arena 13.50.00000 (HKLM\...\{BD78DE74-95DB-429D-A66F-6306BCEDA640}) (Version: 13.50.00000 - Rockwell Automation, Inc.)
    Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{8DB1C181-4D7F-2508-DD37-64A22F3BC817}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
    Avidemux 2.5 (32-bit) (HKLM\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
    BASCOM-AVR (HKLM\...\{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1) (Version: 1.11.9.8 - MCS Electronics)
    Battle for Wesnoth 1.12.0 (HKLM\...\Battle for Wesnoth 1.12.0) (Version: 1.12.0 - )
    Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.02.000.55 - Име на компания)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Boost C++ Libraries 1.47 (HKLM\...\boost_1_47) (Version: - )
    Brother Driver Deployment Wizard (HKLM\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
    Carmageddon 2 Carpocalypse Now (HKLM\...\GOGPACKCARMAGEDDON2_is1) (Version: 2.0.0.26 - GOG.com)
    CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
    Cheat Engine 6.2 (HKLM\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
    Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
    Classic Shell (HKLM\...\{101A3855-EB37-4760-9DCB-BA04A28E0F75}) (Version: 3.2.0 - IvoSoft)
    Clauer Manager TU Sofia 2011012621 (HKLM\...\Clauer Manager TU Sofia) (Version: 2011012621 - Clauer Manager TU Sofia)
    CMake 2.8, a cross-platform, open-source build system (HKLM\...\CMake 2.8.6) (Version: 2.8.6 - Kitware)
    CodeLite (HKLM\...\CodeLite_is1) (Version: - )
    Command & Conquer™ Red Alert™ 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
    Command-Center (HKLM\...\{ACB6A62E-758E-4CF2-AD13-E34D0927108E}) (Version: 6.0.0 - ERC)
    ContaCam (HKLM\...\ContaCam) (Version: 4.9.5 - Contaware.com)
    Debut Video Capture Software (HKLM\...\Debut) (Version: - NCH Software)
    Digilent Software (HKLM\...\Digilent Software) (Version: 1.0.198 - Digilent, Inc.)
    DiskInternals Linux Reader (HKLM\...\DiskInternals Linux Reader) (Version: 1.9.2.0 - DiskInternals Research)
    DJ Java Decompiler v.3.12.12.98 (HKLM\...\{38814B4D-E1BC-4ABE-BA9A-1D76CC678882}) (Version: 1.9 - Atanas Neshkov 2009)
    doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
    EAGLE 6.6.0 (HKLM\...\EAGLE 6.6.0) (Version: 6.6.0 - CadSoft Computer GmbH)
    Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
    Enscript-1.6.3 Sources (GnuWin32) (HKLM\...\Enscript-1.6.3-src_is1) (Version: 1.6.3 - GnuWin32)
    eSupport UndeletePlus 3.0.3.1206 (HKLM\...\eSupport UndeletePlus_is1) (Version: - Copyright © 2011 eSupport.com • All Rights Reserved)
    EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
    Evince 2.32.0 (HKLM\...\{923638DC-4B4D-4678-BA52-2905B6BAA431}) (Version: 2.32.0 - (Custom build))
    FileZilla Client 3.11.0.2 (HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
    Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
    Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.3.0.1110 - Foxit Corporation)
    FreeCAD 0.14 - A free open source CAD system (HKLM\...\FreeCAD 0.14) (Version: 0.14.3700 - Juergen Riegel)
    gedit 2.30.1 (HKLM\...\gedit_is1) (Version: 2.30.1 - GNOME)
    GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
    GitHub (HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\5f7eb300e2ea4ebf) (Version: 2.13.1.2 - GitHub, Inc.)
    GOG.com Carmageddon 2 (HKLM\...\{753f4dd7-070a-4364-b384-36a077200785}.sdb) (Version: - )
    Hama Black Force Pad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
    Highlight (HKLM\...\Highlight Code Converter_is1) (Version: - André Simon)
    HP HotKey Support (HKLM\...\{76997589-A71A-4651-9956-F2F79972A54D}) (Version: 4.0.20.1 - Hewlett-Packard Company)
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
    IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
    InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
    Intel(R) Display Audio Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
    ISO Creator 1.0 (HKLM\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java SE Development Kit 8 Update 31 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
    JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
    LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
    LibreOffice 3.6 (HKLM\...\{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}) (Version: 3.6.3.2 - The Document Foundation)
    Light 30.0 (x86 en-US) (HKLM\...\Light 30.0 (x86 en-US)) (Version: 30.0 - Light)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Mathematica Extras 9.0 (4055459) (HKLM\...\A-WIN-Extras 9.0.1 4055459_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
    MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office Proofing Tools 2013 – български (HKLM\...\{90150000-001F-0402-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10111.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
    Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
    mikroProg Suite For PIC (remove only) (HKLM\...\mikroProg Suite For PIC) (Version: - mikroElektronika)
    MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
    MoodleXMLBuilder (HKLM\...\{0C43647C-3398-4E00-B37B-F7C1649121CD}) (Version: 0.4.0 - Nash Community College)
    Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
    MProg 3.0a (HKLM\...\MProg 3.0a) (Version: - )
    Musik & Audio Restaurator Pro 5.0 (HKLM\...\Musik & Audio Restaurator Pro 5_is1) (Version: 5.0 - Softfeld)
    Nightly 14.0a1 (x86 en-US) (HKLM\...\Nightly 14.0a1 (x86 en-US)) (Version: 14.0a1 - Mozilla)
    Notepad++ (HKLM\...\Notepad++) (Version: 6.7 - Notepad++ Team)
    Oracle VM VirtualBox 4.1.2 (HKLM\...\{CEDA7B06-A6C0-4C0F-9B5A-9B7F68D110F9}) (Version: 4.1.2 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Pale Moon 25.5.0 (x86 en-US) (HKLM\...\Pale Moon 25.5.0 (x86 en-US)) (Version: 25.5.0 - Moonchild Productions)
    Papilio DesignLab version v1.0.6b (HKLM\...\{EA516BE9-B80D-47A2-880B-457C76A42B05}_is1) (Version: v1.0.6b - Gadget Factory)
    PDF24 Creator 5.0.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
    PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
    Prey Anti-Theft (Version: 1.3.9 - Prey, Inc.) Hidden
    PuTTY version 0.63 (HKLM\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
    Python 2.7 numpy-1.6.1 (HKLM\...\numpy-py2.7) (Version: - )
    Python 2.7 PIL-1.1.7 (HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\PIL-py2.7) (Version: - )
    Python 2.7 scipy-0.10.0 (HKLM\...\scipy-py2.7) (Version: - )
    Python 2.7.2 (HKLM\...\{2E295B5B-1AD4-4d36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
    Quake 2 HD 2.138 (HKLM\...\Quake 2 HD 2.138) (Version: - )
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    RealFlight G4 R/C Simulator (HKLM\...\RealFlightG4Pro) (Version: - )
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
    Realterm 2.0.0.70 (HKLM\...\Realterm) (Version: 2.0.0.70 - Broadcast Equipment)
    Red Alert 3 (HKLM\...\Red Alert 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
    RegRunner 3.2.2009.5 (HKLM\...\RegRunner2009_is1) (Version: - Bernd Dietzel)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
    RidNacs 2.0.3 (HKLM\...\RidNacs_is1) (Version: - Stephan Plath)
    ScanMaster-ELM 2.1.104.771 (HKLM\...\ScanMaster-ELM_is1) (Version: 2.1.104.771 - WGSoft.de)
    Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    SMPlayer 0.6.9 (HKLM\...\SMPlayer) (Version: 0.6.9 - RVM)
    SolidWorks 2013 SP03 (Version: 21.130.60 - SolidWorks) Hidden
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    STAR WARS™ Jedi Knight™ - Jedi Academy™ (HKLM\...\1428935726_is1) (Version: 2.0.0.4 - GOG.com)
    Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
    Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Subtitle Edit 3.3.15 (HKLM\...\SubtitleEdit_is1) (Version: 3.3.15.2 - Nikse)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.25.0 - Synaptics Incorporated)
    TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
    Tera Term 4.82 (HKLM\...\Tera Term_is1) (Version: - )
    Theme Resource Changer X86 v1.0 (HKLM\...\Theme Resource Changer X86 v1.0) (Version: - Bad *** Apps)
    UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
    VMware Player (HKLM\...\VMware_Player) (Version: 5.0.2 - VMware, Inc)
    VMware Player (Version: 5.0.2 - VMware, Inc.) Hidden
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.3 - Bazis)
    Windows Driver Package - Gadget Factory (www.gadgetfactory.net) (usbser) Ports (01/01/2014 5.1.2600.0) (HKLM\...\12A4597A02952BC2F77BDF80670A5FAF519E1C91) (Version: 01/01/2014 5.1.2600.0 - Gadget Factory (www.gadgetfactory.net))
    Windows Driver Package - Gadget Factory CDM Driver Package - Bus/D2XX Driver (01/01/2015 2.10.00) (HKLM\...\047D0E090E4F3AD2A17DDA8AB7111887CFD607E7) (Version: 01/01/2015 2.10.00 - Gadget Factory)
    Windows Driver Package - Gadget Factory CDM Driver Package (01/01/2015 2.10.00) (HKLM\...\C6584C86AD8E8485EE09AF5CC256A12974884CE9) (Version: 01/01/2015 2.10.00 - Gadget Factory)
    Windows Driver Package - mikroElektronika (USB18PRG) ClassName (07/10/2010 6.1.7600) (HKLM\...\CD96D3050368767200B0ECC33803F2FED72C4D70) (Version: 07/10/2010 6.1.7600 - mikroElektronika)
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    Wireshark 1.12.6 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.6 - The Wireshark developer community, http://www.wireshark.org)
    Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (HKLM\...\M-WIN-L 9.0.1 4055652_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
    wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
    XCOM: Enemy Within (HKLM\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )
    Xilinx Design Tools (C:\Xilinx\14.2\ISE_DS) (HKLM\...\Xilinx Design Tools) (Version: - Xilinx, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1226\atucfobj.dll (Cisco WebEx LLC)
    CustomCLSID: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000_Classes\CLSID\{DB6F5E05-1887-F2B0-0F79-A4299B05FF47}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000_Classes\CLSID\{EC58DFB0-3710-9902-B615-C72409B9CC59}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    15-05-2015 11:49:28 Scheduled Checkpoint
    26-05-2015 11:15:41 Scheduled Checkpoint
    04-06-2015 14:54:48 Scheduled Checkpoint
    09-06-2015 09:54:37 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
    16-06-2015 12:13:08 Scheduled Checkpoint
    21-06-2015 10:48:42 Removed Evernote v. 5.8.1
    25-06-2015 21:07:44 Malwarebytes Anti-Rootkit Restore Point
    26-06-2015 20:42:46 Removed Nokia Connectivity Cable Driver
    26-06-2015 20:44:42 Removed PC Connectivity Solution

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 05:04 - 2015-06-23 17:43 - 00450769 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1D1A6C3E-7848-4101-8B9C-64FC78479B70} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.)
    Task: {24B4C0EA-0E35-440F-8827-48A97A8E9DCE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {3EAFF550-BA1C-4787-8B5F-EDFCF9AD495B} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win32\MATLABStartupAccelerator.exe
    Task: {6C76CABC-3E0F-4EBA-A225-5E8EE5169DE0} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
    Task: {70D6E3DB-6975-49D2-A25A-77BACD17B79B} - System32\Tasks\{8C25CF63-2915-47AC-BD0C-7C28739A1DC8} => pcalua.exe -a "C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" -c /X86
    Task: {B454721B-CB35-434A-B1F3-95A80A912564} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {B4F91CC5-3322-42B4-89BF-D2014928C67F} - System32\Tasks\{306E8E77-1AE2-4273-A6E8-E71BF28B3A57} => pcalua.exe -a "E:\C\Easycap Drivers SMI GRABBER DEVICE\Easycap Drivers SMI GRABBER DEVICE\Drivers\Setup.exe" -d "E:\C\Easycap Drivers SMI GRABBER DEVICE\Easycap Drivers SMI GRABBER DEVICE\Drivers"
    Task: {BEA805CC-9ECE-4EEC-A29D-66DC4A0AFE1C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {CDDEE405-A830-49D7-97A1-7377B13B18AA} - System32\Tasks\{A3ED46DD-17AE-4D2A-B74C-C5C2C406AD6E} => pcalua.exe -a G:\sp53628_Audio.exe -d G:\
    Task: {D026B107-A52D-4CF1-9F40-B7E594B6A670} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
    Task: {D0331E50-77E8-4FA3-A6F5-6F566668FE20} - System32\Tasks\{0625B781-359D-491E-872E-FEBAB7CA62C9} => pcalua.exe -a E:\C\grabber_saa7113_usb-smi2022_drv_v1.0.22b\Grabber_SAA7113_USB-SMI2022_DRV_V1.0.22B\SetupPkt\Setup.exe -d E:\C\grabber_saa7113_usb-smi2022_drv_v1.0.22b\Grabber_SAA7113_USB-SMI2022_DRV_V1.0.22B\SetupPkt
    Task: {EB0AC1F2-3B20-4FF5-A0A9-EFB6F2326272} - System32\Tasks\{AF4ABDC6-482F-4ECD-B05D-DC6B63305C73} => pcalua.exe -a V:\Redist\DirectX\dxsetup.exe -d V:\Redist\DirectX
    Task: {F63503AA-CCF3-4BAF-B8C2-3BA86F619776} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {FA782B40-7718-4F91-867F-E8FD3BCDA4D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {FDE5A5DE-53D2-46EE-87AC-49CFB9493CB8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2009-02-18 20:25 - 2009-02-18 20:25 - 00081920 _____ () C:\Windows\system32\ClauerStoreProvider.dll
    2015-06-02 18:20 - 2015-06-02 18:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2015-06-20 17:49 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-06-20 17:49 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2014-05-12 12:49 - 2014-05-12 12:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
    2015-04-23 10:38 - 2015-04-23 10:38 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-23 10:38 - 2015-04-23 10:38 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-06-25 19:36 - 2015-06-25 19:36 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062501\algo.dll
    2015-06-26 10:16 - 2015-06-26 10:16 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062600\algo.dll
    2015-06-26 22:21 - 2015-06-26 22:21 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062601\algo.dll
    2013-05-17 10:17 - 2012-08-21 16:06 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
    2013-05-17 10:18 - 2012-08-21 16:06 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2009-02-18 20:25 - 2009-02-18 20:25 - 00864256 _____ () C:\Windows\system32\CLAUER-LIBEAY32.dll
    2015-06-20 17:49 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-06-20 17:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-06-20 17:49 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-02-26 02:28 - 2013-02-26 02:28 - 01260624 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
    2011-03-26 08:28 - 2011-03-26 08:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
    2015-04-23 10:38 - 2015-04-23 10:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2012-03-15 17:50 - 2012-03-15 17:50 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a9cb06a8468a5457719abba04b925a85\IsdiInterop.ni.dll
    2011-09-21 17:32 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2014-06-20 13:43 - 2014-06-20 07:13 - 03368448 _____ () C:\Program Files\Light\mozjs.dll
    2015-06-23 21:23 - 2015-06-23 21:23 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
    2015-04-05 15:59 - 2015-04-05 15:59 - 04076288 _____ () C:\Program Files\Sublime Text 3\sublime_text.exe
    2015-04-05 15:59 - 2015-04-05 15:59 - 00481280 _____ () C:\Program Files\Sublime Text 3\plugin_host.exe
    2015-04-05 15:59 - 2015-04-05 15:59 - 00720896 _____ () C:\Program Files\Sublime Text 3\_hashlib.pyd
    2015-04-05 15:59 - 2015-04-05 15:59 - 00049152 _____ () C:\Program Files\Sublime Text 3\_socket.pyd
    2015-04-05 15:59 - 2015-04-05 15:59 - 00085504 _____ () C:\Program Files\Sublime Text 3\_ctypes.pyd

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)
     
  5. Pilif

    Pilif TS Rookie Topic Starter

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7866 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 141.44.1.9 - 141.44.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: RasAuto => 3
    MSCONFIG\Services: RpcLocator => 3
    MSCONFIG\Services: SolidWorks Licensing Service => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Fast Starta.lnk => C:\Windows\pss\SolidWorks 2013 Fast Starta.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^kr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{CC944947-6EC5-476E-8B00-0D5368D15830}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{8A40EE69-788C-4CDF-89D9-DAD72E85A1DE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [TCP Query User{68AB4D42-D26C-4E52-B4EE-429499FDCEA2}E:\vbox\lan_party\half-life\hl.exe] => (Allow) E:\vbox\lan_party\half-life\hl.exe
    FirewallRules: [UDP Query User{D7FB644C-6DEE-4122-85AC-83BE2631AD93}E:\vbox\lan_party\half-life\hl.exe] => (Allow) E:\vbox\lan_party\half-life\hl.exe
    FirewallRules: [TCP Query User{D20854DB-F262-4C1B-886E-6050A75ACD66}E:\vbox\lan_party\starcraft\starcraft\starcraft.exe] => (Allow) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [UDP Query User{9FD17366-30EC-42D4-93CA-15A450619293}E:\vbox\lan_party\starcraft\starcraft\starcraft.exe] => (Allow) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [{B9BB0597-A587-4395-BADA-84AF9224D846}] => (Block) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [{5951ABD3-50F3-4560-9D16-67A116FD23FA}] => (Block) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [TCP Query User{368EC994-0E80-417F-818C-D6EF2E3A3864}E:\vbox\lan_party\warcraft iii\war3.exe] => (Allow) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [UDP Query User{3EDBF19D-AE78-40B7-8511-C60D1802860D}E:\vbox\lan_party\warcraft iii\war3.exe] => (Allow) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [{7ADEE422-87E7-4F35-8E0F-BD936B79D1EB}] => (Block) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [{813C097C-1EDE-4CCF-B8C1-07FBACCEC387}] => (Block) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [TCP Query User{4D1E985D-0719-4C08-B0DB-9E4B29654520}E:\vbox\lan_party\quake iii arena\quake3.exe] => (Allow) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [UDP Query User{1B6ABCF2-3293-4C8A-8ECB-66F30680EB81}E:\vbox\lan_party\quake iii arena\quake3.exe] => (Allow) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [{A01FDAA6-9328-4D20-8451-69AC9CAD7FF9}] => (Block) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [{17B06487-AE65-4AD3-8FE4-7E17E96EA667}] => (Block) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [TCP Query User{69B60D61-9713-43A7-8BFB-92502276B672}C:\program files\java\jdk1.7.0_02\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\bin\java.exe
    FirewallRules: [UDP Query User{EAC3F0F7-48C0-4BD0-BC6B-1BE20E74E868}C:\program files\java\jdk1.7.0_02\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\bin\java.exe
    FirewallRules: [TCP Query User{4ADC2686-C047-426C-9534-28C76EE45EB3}C:\program files\java\jdk1.7.0_02\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\jre\bin\java.exe
    FirewallRules: [UDP Query User{154E4AEE-54DB-40CF-BFE9-482DE6CBCF68}C:\program files\java\jdk1.7.0_02\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\jre\bin\java.exe
    FirewallRules: [TCP Query User{6403B561-41D3-45A0-B316-E399A228E16E}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
    FirewallRules: [UDP Query User{D4C66D5D-E459-49B4-9E5C-A04442B6AFB2}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
    FirewallRules: [TCP Query User{3693D8E1-2EAF-4AA5-95AA-BD7F3F2B2D72}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\java.exe
    FirewallRules: [UDP Query User{2522D213-A20B-4E99-A7F4-21245624CCB2}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\java.exe
    FirewallRules: [TCP Query User{475C9434-AC89-4C0E-85A9-283D1D0CF646}C:\program files\java\jdk1.6.0_21\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\bin\java.exe
    FirewallRules: [UDP Query User{FEEC500C-3E66-40C7-A012-58C5361E2CBE}C:\program files\java\jdk1.6.0_21\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\bin\java.exe
    FirewallRules: [{6FFC6696-65F7-4892-9C45-B75E588DAACA}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
    FirewallRules: [{553C50CD-F925-40BB-9BC0-989FC025AD46}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{F738635C-51E6-43DB-8959-82970BE2C424}F:\easysetupassistant\wr941n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [UDP Query User{944E8ED3-4077-4AEE-AA0A-90AD4BEB881D}F:\easysetupassistant\wr941n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [{500EC65B-500E-4F1B-9BF0-170DCF4767E4}] => (Block) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [{4B158215-CC56-402B-81FB-0B68DDEED6D7}] => (Block) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [TCP Query User{088897BD-BA7F-4F03-AFD8-D4977975CA1B}C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{42F7962E-397C-4BD7-8CB7-F71AD510E55B}C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [TCP Query User{5CAA7932-C378-43AB-9A53-CD4B73F67064}C:\program files\matlab\r2010b\bin\win32\matlab.exe] => (Block) C:\program files\matlab\r2010b\bin\win32\matlab.exe
    FirewallRules: [UDP Query User{749FCBBE-F21C-4BBE-97EA-9EF6C7A189F8}C:\program files\matlab\r2010b\bin\win32\matlab.exe] => (Block) C:\program files\matlab\r2010b\bin\win32\matlab.exe
    FirewallRules: [TCP Query User{F7923A9A-E4C4-46D1-9D8A-E281492A2C01}D:\lan_p\team fortress 2\hl2.exe] => (Allow) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [UDP Query User{E0E2CE8A-B525-4D37-8C0A-C3D6B4889130}D:\lan_p\team fortress 2\hl2.exe] => (Allow) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [{4F2DB2F3-7216-4AA3-AA28-E0533488EFA2}] => (Block) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [{61235A03-EE09-444E-AFAE-EC0421DF7B3F}] => (Block) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [TCP Query User{46DF9C8D-9533-40C3-BF48-783E89BE207E}C:\program files\metro last light\metrollbenchmark.exe] => (Allow) C:\program files\metro last light\metrollbenchmark.exe
    FirewallRules: [UDP Query User{2B1F9908-29A0-49D5-83A8-A73E5888CD56}C:\program files\metro last light\metrollbenchmark.exe] => (Allow) C:\program files\metro last light\metrollbenchmark.exe
    FirewallRules: [{680C7257-C172-40DE-A48C-3EF9743E997E}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{80B6665E-8268-4D22-B275-3AD14152F88E}] => (Block) %ProgramFiles%\NCH Software\Debut\debut.exe
    FirewallRules: [{7A96DC58-0D0B-4928-A1DD-E6C1798D15DA}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [{FFADA5F9-5145-4DC7-8676-B2ADF0790317}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [TCP Query User{EF6042AE-351F-4C8A-A13C-EB3D279B69D9}C:\program files\saints row iv\saintsrowiv.exe] => (Block) C:\program files\saints row iv\saintsrowiv.exe
    FirewallRules: [UDP Query User{5F777DF3-FFA0-4598-AFA9-809D44A61A6D}C:\program files\saints row iv\saintsrowiv.exe] => (Block) C:\program files\saints row iv\saintsrowiv.exe
    FirewallRules: [TCP Query User{0A68E713-C43B-4560-A760-8687D57D90E2}C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe
    FirewallRules: [UDP Query User{C7FA33E7-1C5B-42C5-A204-0B0E6403D624}C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe
    FirewallRules: [TCP Query User{4EE2B0D6-F4AF-4FF8-8330-2C31D7D1F27C}F:\easysetupassistant\easysetupassistant.exe] => (Allow) F:\easysetupassistant\easysetupassistant.exe
    FirewallRules: [UDP Query User{7DEB9645-F4D9-43A3-9C63-EDB7C02E202E}F:\easysetupassistant\easysetupassistant.exe] => (Allow) F:\easysetupassistant\easysetupassistant.exe
    FirewallRules: [{3DE902B5-063D-4A9F-9A82-D9B52D44622F}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    FirewallRules: [{0E8DAAE2-B236-4495-94FB-E38B7B40AC74}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    FirewallRules: [TCP Query User{075DCC92-AD6F-41A5-ADA6-6E3D43619F5D}C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe
    FirewallRules: [UDP Query User{8D1B751B-1F27-4D99-B740-1D4BF4A5271F}C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe
    FirewallRules: [TCP Query User{6F3AA9F4-A340-4ED6-A19B-01B38963FF1C}E:\games\half-life\hl.exe] => (Block) E:\games\half-life\hl.exe
    FirewallRules: [UDP Query User{189C87F1-BF59-48C5-A56E-EC8066BE48EA}E:\games\half-life\hl.exe] => (Block) E:\games\half-life\hl.exe
    FirewallRules: [TCP Query User{BB54B515-160B-4039-BE6B-D6EE69D04A02}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{DB69601C-9550-4058-9C13-86C34E590C15}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [{744FC9A9-A2A3-4D8C-A502-68F2085E232F}] => (Block) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [{E6C32388-CC12-4FC1-A0C8-6B4FA80C5CBA}] => (Block) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [TCP Query User{0AC53948-C8F6-4733-B6DE-E1087F66906C}C:\glassfish3\jdk7\bin\java.exe] => (Allow) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [UDP Query User{0830C44D-5FEC-46EC-A13C-8B33F610C4C3}C:\glassfish3\jdk7\bin\java.exe] => (Allow) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [{0DEAB858-AB42-4970-96E0-546675ABEF81}] => (Block) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [{EFDBC488-DF9C-427A-9170-44B77D605ADF}] => (Block) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [TCP Query User{0B8AC7C3-F179-4BCB-88D1-76ABD1759D5E}C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe] => (Block) C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe
    FirewallRules: [UDP Query User{92B085B2-2B60-4CB4-AF58-5B86BDA4C2DE}C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe] => (Block) C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe
    FirewallRules: [TCP Query User{5E2FAABE-15B5-4394-824D-AB28876EC2B0}F:\files\setup\groma quick start.exe] => (Block) F:\files\setup\groma quick start.exe
    FirewallRules: [UDP Query User{D03BD055-86CF-45DD-90C8-005F700983E3}F:\files\setup\groma quick start.exe] => (Block) F:\files\setup\groma quick start.exe
    FirewallRules: [TCP Query User{C6EFE531-2330-427B-80BB-5504C6EECBE9}F:\groma quick start.exe] => (Block) F:\groma quick start.exe
    FirewallRules: [UDP Query User{A6DD1C89-7D60-4FBC-B040-BD3DFBA652AE}F:\groma quick start.exe] => (Block) F:\groma quick start.exe
    FirewallRules: [{87AF8E3A-C804-41F8-9548-6BC99F45149B}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\Mathematica.exe
    FirewallRules: [{2891FA93-EEBF-4445-9109-7F2C83DDE485}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\Mathematica.exe
    FirewallRules: [{1CC6F8AA-BD4C-4ADC-B260-4CAE1F3104B0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\MathKernel.exe
    FirewallRules: [{DF53D796-9A38-4E9E-AAC1-44C82D9852C4}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\MathKernel.exe
    FirewallRules: [{0AB6A9ED-C5A3-4618-B0C6-38A85074544E}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\math.exe
    FirewallRules: [{DDF6BB33-E631-4B46-9BBD-5F558C4C0AAD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\math.exe
    FirewallRules: [{054C7C57-3E14-497C-ACBA-B4CEC2E1675F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{C9EB0444-1836-4734-88BA-FBBC89E80C29}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{F6F67933-24C7-426D-B6A1-C576B220B5F0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{FA67C1FD-FB6C-47F5-A734-DBB2D9823CB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{5534FB9F-50F2-4318-9646-66DCF9DFE3C9}C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe] => (Block) C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe
    FirewallRules: [UDP Query User{4D5AFE30-6902-4EDE-9F92-C05C6468184F}C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe] => (Block) C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe
    FirewallRules: [TCP Query User{1F3E8D41-6F31-44D4-A0BC-8C357400D126}C:\Program Files\BEL\Realterm\realterm.exe] => (Allow) C:\Program Files\BEL\Realterm\realterm.exe
    FirewallRules: [UDP Query User{9EDE6F37-7642-4864-A7C9-3F76FAB1734B}C:\Program Files\BEL\Realterm\realterm.exe] => (Allow) C:\Program Files\BEL\Realterm\realterm.exe
    FirewallRules: [TCP Query User{B7C09E15-A68A-4771-8978-B19037D6A5DD}C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe
    FirewallRules: [UDP Query User{02216E95-2C96-4C32-A28D-2FEEE0A70862}C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe
    FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [TCP Query User{A966AB96-68E7-42A4-99AA-5F70390DEE97}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
    FirewallRules: [UDP Query User{B91BBF22-5A14-404C-8B55-7543195CD99C}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
    FirewallRules: [TCP Query User{EFC238CF-3FBA-4A5F-A718-BBB3DF2ACF0E}C:\program files\quicktime\quicktimeplayer.exe] => (Allow) C:\program files\quicktime\quicktimeplayer.exe
    FirewallRules: [UDP Query User{545981A7-833F-4EA1-9A15-7CAD71900180}C:\program files\quicktime\quicktimeplayer.exe] => (Allow) C:\program files\quicktime\quicktimeplayer.exe
    FirewallRules: [TCP Query User{F6C55A97-0503-483D-AD70-814BD080F212}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe
    FirewallRules: [UDP Query User{35CC7AF4-5B4C-4621-8CEC-35EDD45C1CBA}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe
    FirewallRules: [TCP Query User{19C7F04E-5ACB-4472-B491-49B7F4DF9757}C:\program files\smplayer\mplayer\mplayer.exe] => (Allow) C:\program files\smplayer\mplayer\mplayer.exe
    FirewallRules: [UDP Query User{5F3063ED-9519-4DF8-8468-5716C826AB6E}C:\program files\smplayer\mplayer\mplayer.exe] => (Allow) C:\program files\smplayer\mplayer\mplayer.exe
    FirewallRules: [{1F11F57D-0D17-4F76-8B28-ED652AB262B7}] => (Allow) C:\Program Files\ContaCam\ContaCam.exe
    FirewallRules: [{1412DF5C-73F5-457D-AC22-F2C341D26C0E}] => (Allow) C:\Program Files\ContaCam\ContaCam.exe
    FirewallRules: [{E7150A22-C4EC-4896-99B2-27ECD07AAD09}] => (Allow) C:\Program Files\ContaCam\microapache\mapache.exe
    FirewallRules: [{7A8A369C-C03D-43B3-98CE-139C9FE8B64B}] => (Allow) C:\Program Files\ContaCam\microapache\mapache.exe
    FirewallRules: [TCP Query User{558034E8-27D4-49AF-B725-17C5B42004E3}F:\tl-r860\easysetupassistant.exe] => (Allow) F:\tl-r860\easysetupassistant.exe
    FirewallRules: [UDP Query User{CF0BDB72-4915-4981-B77B-5606EC160779}F:\tl-r860\easysetupassistant.exe] => (Allow) F:\tl-r860\easysetupassistant.exe
    FirewallRules: [{A39DC162-67FF-4B9D-A13A-BB2D39D56984}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B0BF9408-97D4-408C-9662-BABBF5603762}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A6FD7FAC-0015-48BB-A6DA-7F6433CFE70F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    FirewallRules: [{27001305-36E5-44B7-946D-D95E9BBD61FD}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    FirewallRules: [{52D4A3C9-9CDC-4EFB-968D-62C08F98DA42}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
    FirewallRules: [{1E663F96-5D27-4A13-83A4-C1B2146906F9}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
    FirewallRules: [{0083A5B9-9025-4689-B76B-EA57FCB3D34B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
    FirewallRules: [{8D587246-6561-4696-9669-3DFF25D76709}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
    FirewallRules: [TCP Query User{AE475361-B007-43A9-A765-6131EEDA807F}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
    FirewallRules: [UDP Query User{5F6AEBA5-BC8A-4ADE-86C9-CC1EE6A71B7E}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
    FirewallRules: [TCP Query User{80879904-DBB2-44ED-A15A-AAB75403CAB2}C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [UDP Query User{7346D6E5-342E-42FD-BA30-C3A7BC90C8D8}C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [TCP Query User{E75048A9-72DF-4148-9934-C41256D9F047}C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{A602E1F8-089F-4891-8E71-831F28256420}C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [TCP Query User{C71C5BEB-E531-4F35-ACA2-9859AC788C5B}E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe] => (Allow) E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe
    FirewallRules: [UDP Query User{A94079E1-0A47-4FCD-B7F0-16FAAE256356}E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe] => (Allow) E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe
    FirewallRules: [TCP Query User{1F31CDFB-707C-4E70-9C1A-EDCCAF29CE9A}C:\designlab-1.0.4\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.4\java\bin\javaw.exe
    FirewallRules: [UDP Query User{02352100-C952-4810-8B02-88BFDC092000}C:\designlab-1.0.4\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.4\java\bin\javaw.exe
    FirewallRules: [TCP Query User{3FDE83BD-F3D2-432C-ACF0-682D9314E8A9}C:\designlab-1.0.5\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [UDP Query User{BE587B04-72B4-4A52-83A6-52606C9B750B}C:\designlab-1.0.5\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [{04249AEC-FAF7-408D-8A1C-39BA3A73984E}] => (Block) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [{1A5ED67B-EDFD-4544-B7F5-6BCD3620D06D}] => (Block) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [{ACA73E4F-143E-4CC1-8390-0B49B7502D68}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{F72ED59C-5A89-4D94-AB18-C9C0E40B6BC8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [TCP Query User{EB4D76F3-0E27-4C45-8282-FA08A662A8CE}C:\program files\quake 2 hd\berserker.exe] => (Block) C:\program files\quake 2 hd\berserker.exe
    FirewallRules: [UDP Query User{8E226D23-A220-4639-B275-C8336C2E1AAD}C:\program files\quake 2 hd\berserker.exe] => (Block) C:\program files\quake 2 hd\berserker.exe
    FirewallRules: [TCP Query User{89C0AC4E-7FAA-48A6-AB92-190125798380}C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe] => (Block) C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe
    FirewallRules: [UDP Query User{623D1369-5717-4BA7-8398-383A20AE3BDD}C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe] => (Block) C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe
    FirewallRules: [TCP Query User{5FF116FD-E991-40D7-B462-137D69CC517E}C:\designlab-1.0.6\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6\java\bin\javaw.exe
    FirewallRules: [UDP Query User{3ED22BB1-E936-415D-BD80-D822E874B8B8}C:\designlab-1.0.6\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6\java\bin\javaw.exe
    FirewallRules: [TCP Query User{FE252C76-1E14-4007-8511-68984EA0AD8D}C:\designlab-1.0.6b\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6b\java\bin\javaw.exe
    FirewallRules: [UDP Query User{BBB3D860-6D6B-450C-8DB2-AD8A650AD63F}C:\designlab-1.0.6b\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6b\java\bin\javaw.exe
    FirewallRules: [{FE45794D-FB7C-4D4C-8498-78BEBA732B84}] => (Allow) C:\Windows\Parse\versions\1.3.9\bin\node.exe
    FirewallRules: [{97DF9104-F115-43E6-9F81-0EC1E6DC8440}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{44E84B16-B462-4E2C-887D-0846CDCC4381}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{A3C97326-5510-4090-9B8A-E9C338D31F41}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{B4C7FEA7-306D-44D1-9D9F-60CB2BEEAED5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{2BA6FC6E-D0AB-46F7-BA03-CEB152EEF930}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{5DCD9577-2043-484E-B3F5-C4C9C942534D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Atheros AR3011 Bluetooth 3.0 + HS Adapter
    Description: Atheros AR3011 Bluetooth 3.0 + HS Adapter
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Atheros Communications
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/26/2015 10:05:36 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/26/2015 03:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13666

    Error: (06/26/2015 03:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13666

    Error: (06/26/2015 03:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/26/2015 03:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 12652

    Error: (06/26/2015 03:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 12652

    Error: (06/26/2015 03:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/26/2015 03:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11560

    Error: (06/26/2015 03:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11560

    Error: (06/26/2015 03:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (06/26/2015 05:24:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.

    Error: (06/26/2015 10:03:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MP Tool Filters Driver service failed to start due to the following error:
    %%1058

    Error: (06/26/2015 09:41:42 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

    Error: (06/25/2015 07:33:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
    %%1053

    Error: (06/25/2015 07:33:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

    Error: (06/25/2015 07:32:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MP Tool Filters Driver service failed to start due to the following error:
    %%1058

    Error: (06/25/2015 02:12:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/25/2015 02:02:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (06/25/2015 02:02:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (06/25/2015 02:02:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


    Microsoft Office:
    =========================
    Error: (06/26/2015 10:05:36 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"E:\Karl\Rootkit_Remover_3022\BootkitRemoval_x64.exe

    Error: (06/26/2015 03:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13666

    Error: (06/26/2015 03:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13666

    Error: (06/26/2015 03:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/26/2015 03:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 12652

    Error: (06/26/2015 03:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 12652

    Error: (06/26/2015 03:28:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/26/2015 03:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 11560

    Error: (06/26/2015 03:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 11560

    Error: (06/26/2015 03:28:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
    Percentage of memory in use: 71%
    Total physical RAM: 3014.37 MB
    Available physical RAM: 852.86 MB
    Total Pagefile: 6027.02 MB
    Available Pagefile: 2583.2 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1895.09 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:195.31 GB) (Free:19.74 GB) NTFS
    Drive e: () (Fixed) (Total:292.97 GB) (Free:17.88 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 5524C46F)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=107.8 GB) - (Type=83)
    Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    I don't see much so far.

    NOTE. Before attempting step 2 below (MBAM)...
    1. Uninstall Malwarebytes' Anti-Malware using Add/Remove (Programs & Features) programs in the control panel.
    2. Restart your computer (very important).
    3. Download and run this utility.
    4. It will ask to restart your computer (please allow it to).
    5. After the computer restarts, install the latest version from here.
    See if it'll run.

    ========================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. Pilif

    Pilif TS Rookie Topic Starter

    Thank you. here are the logs

    RogueKiller V10.8.6.0 [Jun 22 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : kr [Administrator]
    Started from : C:\Users\kr\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 06/27/2015 19:29:22

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] UnsignedThemesSvc.exe(1268) -- C:\Windows\UnsignedThemesSvc.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 8 ¤¤¤
    [PUP] HKEY_USERS\S-1-5-21-2225793313-3862077144-1271436542-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 141.44.1.9 141.44.1.1 [GERMANY (DE)][-] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 141.44.1.9 141.44.1.1 [GERMANY (DE)][-] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 141.44.1.9 141.44.1.1 [GERMANY (DE)][-] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C9CDDC9-3214-4A13-B84B-AB89C2D8E856} | DhcpNameServer : 141.44.1.9 141.44.1.1 [GERMANY (DE)][-] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4C9CDDC9-3214-4A13-B84B-AB89C2D8E856} | DhcpNameServer : 141.44.1.9 141.44.1.1 [GERMANY (DE)][-] -> Found
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4C9CDDC9-3214-4A13-B84B-AB89C2D8E856} | DhcpNameServer : 141.44.1.9 141.44.1.1 [GERMANY (DE)][-] -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-2225793313-3862077144-1271436542-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++
    --- User ---
    [MBR] 8336508276768421c694683805377173
    [BSP] cc0dd482c1a047f5b6a1f51d97833756 : Linux|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 206848 | Size: 110379 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 226263040 | Size: 299999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 840660992 | Size: 200000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    ====================================================
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 27.6.2015 ã.
    Scan Time: 19:43 ÷.
    Logfile: malb.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.06.27.03
    Rootkit Database: v2015.06.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: kr

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 342544
    Time Elapsed: 28 min, 5 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    =========================================

    # AdwCleaner v4.207 - Logfile created 27/06/2015 at 20:17:53
    # Updated 21/06/2015 by Xplode
    # Database : 2015-06-23.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x86)
    # Username : kr - KR-TU
    # Running from : E:\Karl\adwcleaner_4.207.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\Boost
    Folder Deleted : C:\Program Files\DriverToolkit
    Folder Deleted : C:\Users\kr\AppData\Local\DriverToolkit
    File Deleted : C:\Users\kr\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\td1zpmdk.default\Extensions\jid0-62jR3sq6mHTLknusEa92dfyvGcs@jetpack.xpi

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\DriverToolkit

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16457


    -\\ Mozilla Firefox v38.0.5 (x86 de)


    -\\ Pale Moon v25.5.0 (en-US)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [1888 bytes] - [24/06/2015 13:01:17]
    AdwCleaner[R1].txt - [1450 bytes] - [27/06/2015 20:15:15]
    AdwCleaner[S0].txt - [2014 bytes] - [24/06/2015 13:04:37]
    AdwCleaner[S1].txt - [1389 bytes] - [27/06/2015 20:17:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1448 bytes] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.1.9 (06.27.2015:2)
    OS: Windows 7 Professional x86
    Ran by kr on áê¡ 27.06.2015 £. at 20:35:56,86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Tasks

    ~~~ Registry Values

    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folders

    ~~~ FireFox

    ~~~ Chrome

    [C:\Users\kr\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\kr\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\kr\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\kr\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on áê¡ 27.06.2015 £. at 20:42:42,60
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. Pilif

    Pilif TS Rookie Topic Starter

    Here is the log

    ComboFix 15-06-27.01 - kr 06.2015 г. 21:15:10.1.4 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1251.359.1033.18.3014.1729 [GMT 3:00]
    Running from: c:\users\kr\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: Emsisoft Anti-Malware *Enabled/Updated* {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Emsisoft Anti-Malware *Enabled/Updated* {9425001D-A331-13F4-34E6-D05C71B96A74}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\kr\AppData\Local\assembly\tmp
    c:\users\kr\AppData\Roaming\.#
    c:\users\kr\AppData\Roaming\Microsoft\Windows\Recent\GitHub.appref-ms
    E:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-05-27 to 2015-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2015-06-27 18:31 . 2015-06-27 18:31 -------- d-----w- c:\users\kr\AppData\Local\temp
    2015-06-27 18:31 . 2015-06-27 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-06-27 17:36 . 2015-06-27 17:36 -------- d-----w- C:\RegBackup
    2015-06-27 16:22 . 2015-06-27 16:24 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-27 16:21 . 2015-06-18 05:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-06-27 16:21 . 2015-06-18 05:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-06-27 16:21 . 2015-06-18 05:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-06-27 16:21 . 2015-06-27 16:23 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-06-27 16:21 . 2015-06-27 16:21 -------- d-----w- c:\programdata\Malwarebytes
    2015-06-27 16:11 . 2015-06-27 16:11 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-06-27 16:11 . 2015-06-27 16:42 -------- d-----w- c:\programdata\RogueKiller
    2015-06-25 17:35 . 2015-06-27 16:00 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-06-24 10:29 . 2015-06-24 10:29 -------- d-----w- c:\programdata\Emsisoft
    2015-06-24 10:19 . 2015-03-23 21:17 111368 ----a-w- c:\windows\system32\drivers\epp32.sys
    2015-06-24 10:19 . 2015-06-27 18:12 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2015-06-24 10:01 . 2015-06-27 17:24 -------- d-----w- C:\AdwCleaner
    2015-06-24 07:18 . 2015-06-26 20:29 -------- d-----w- C:\FRST
    2015-06-23 18:23 . 2015-06-23 18:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-06-23 18:23 . 2015-06-23 18:23 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-06-23 12:00 . 2012-04-07 16:34 10760 ----a-w- c:\windows\system32\drivers\myfault.sys
    2015-06-20 15:01 . 2015-06-20 15:01 -------- d-----w- c:\users\kr\AppData\Roaming\Wireshark
    2015-06-20 14:52 . 2015-06-20 14:53 -------- d-----w- c:\program files\Wireshark
    2015-06-20 14:49 . 2013-09-20 07:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
    2015-06-20 14:49 . 2015-06-21 05:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2015-06-20 14:49 . 2015-06-20 14:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2015-06-16 15:44 . 2015-06-27 13:29 -------- d-----w- c:\users\kr\AppData\Roaming\FileZilla
    2015-06-16 15:43 . 2015-06-16 15:43 -------- d-----w- c:\program files\FileZilla FTP Client
    2015-06-16 10:46 . 2015-06-16 10:46 -------- d-----w- c:\users\kr\AppData\Local\TeamViewer
    2015-06-16 07:22 . 2015-06-16 07:22 -------- d-----w- c:\users\kr\Tracing
    2015-06-16 05:02 . 2015-06-23 18:13 -------- d-----w- c:\program files\Google
    2015-06-16 05:02 . 2015-06-16 05:03 -------- d-----w- c:\users\kr\AppData\Local\Google
    2015-06-09 06:54 . 2015-06-23 15:35 -------- d-----w- c:\program files\OpenVPN
    2015-06-08 09:10 . 2015-06-08 09:10 -------- d-----w- c:\windows\Prey
    2015-06-08 09:10 . 2015-06-08 09:10 -------- d-----w- c:\windows\Parse
    2015-06-02 06:44 . 2015-06-25 09:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0BD9574-4A3A-4235-A3F4-F89653D377EA}\offreg.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-27 07:39 . 2011-09-26 06:52 428120 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2015-06-08 09:05 . 2013-03-18 15:02 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
    2015-04-23 07:39 . 2014-02-06 11:45 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-04-23 07:39 . 2014-04-25 11:53 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-04-23 07:39 . 2013-03-24 08:50 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-04-23 07:39 . 2013-03-24 08:50 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-04-23 07:39 . 2012-03-22 17:22 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-04-23 07:39 . 2011-09-26 06:52 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-04-23 07:38 . 2015-04-23 07:39 291312 ----a-w- c:\windows\system32\aswBoot.exe
    2015-04-23 07:38 . 2015-04-23 07:38 43112 ----a-w- c:\windows\avastSS.scr
    2015-04-23 07:38 . 2011-09-26 06:52 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-04-23 07:38 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
    @="{594D4122-1F87-41E2-96C7-825FB4796516}"
    [HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
    2011-08-19 19:13 505344 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-09-15 2295080]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-27 1138783]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
    "QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-06 323128]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-05 143384]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-05 176664]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-05 178200]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
    "Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-08-19 91648]
    "AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-01-06 490656]
    "AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-01-06 302240]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-08 5515496]
    "Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2011-06-08 941320]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
    "emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2015-05-26 4923832]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    RegRunner2009.lnk - c:\program files\RegRunner2009\RegRunner2009.exe [2011-9-21 1280000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 90624]
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Fast Starta.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Starta.lnk
    backup=c:\windows\pss\SolidWorks 2013 Fast Starta.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^kr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
    path=c:\users\kr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    backup=c:\windows\pss\EvernoteClipper.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2013-04-21 18:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
    2012-11-16 10:05 162408 ----a-w- c:\program files\PDF24\pdf24.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2013-05-01 00:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-23 106912]
    R2 ISMPUSBFilter;MP Tool Filters Driver;c:\windows\system32\DRIVERS\ISMPUSBFilter.sys [2012-12-04 16384]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
    R3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2010-06-27 58960]
    R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2012-03-07 25856]
    R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2012-03-06 23040]
    R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2012-03-06 27776]
    R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys [2012-03-06 73728]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-06 34976]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-06 258720]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 175776]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 49312]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 141088]
    R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-06 241824]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
    R3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2009-02-25 17432]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    R3 IvtAudioBusSrv;IvtAudioBusSrv;c:\windows\system32\Drivers\IvtBtBus.sys [2012-12-24 23288]
    R3 IvtComBusSrv;IvtComBusSrv;c:\windows\system32\Drivers\btcombus.sys [x]
    R3 IvtPanBusSrv;IvtPanBusSrv;c:\windows\system32\Drivers\btnetBus.sys [2012-12-24 27256]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
    R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-08-21 17408]
    R3 MYFAULT;MYFAULT;c:\windows\system32\drivers\myfault.sys [2012-04-07 10760]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
    R3 SMIGrabber3E;SMI Grabber Device FCHS 3E;c:\windows\system32\Drivers\SmiUsbGrabber3E.sys [x]
    R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2011-11-11 52312]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2013-10-17 25088]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 USB18PRG;mikroElektronika USB18F Device (x86 Platform);c:\windows\system32\Drivers\USB18PRG.sys [2009-11-17 46152]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-08-15 82736]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 12800]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-24 1343400]
    R3 XilinxFirmwareEmbeddedLpLoader;XilinxFirmwareEmbeddedLpLoader;c:\windows\system32\Drivers\xusb_emb.sys [2011-02-03 17408]
    R3 XilinxFirmwarePusb2Loader;XilinxFirmwarePusb2Loader;c:\windows\system32\Drivers\xusb_xp2.sys [2011-02-03 17920]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-12-21 21600]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 71152]
    S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 61464]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-23 787760]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-06-27 428120]
    S1 epp32;epp32;c:\windows\system32\DRIVERS\epp32.sys [2015-03-23 111368]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 158512]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 90928]
    S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2015-05-26 5155576]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-23 24144]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-23 74976]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-01-06 56480]
    S2 CLOS;CLOS;c:\program files\TU Sofia\Clauer TU Sofia\clos-win.exe [2011-01-26 98304]
    S2 CronService;Cron Service;c:\windows\Parse\wpxsvc.exe [2015-06-08 611854]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
    S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-06 1698360]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-11-24 99896]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
    S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096]
    S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-04-23 220752]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-10-11 721048]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-04-23 3207800]
    S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2010-10-28 98400]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-06 24736]
    S3 debutfilter;Debut Upper Filter Driver v6.20.00;c:\windows\system32\DRIVERS\debutfilterx86.sys [2013-08-15 43088]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 144472]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
    S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 69504]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 161664]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 116016]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-27 c:\windows\Tasks\MATLAB R2014a Startup Accelerator.job
    - c:\program files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2015-05-15 09:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: &Citavi Picker... - file://c:\program files\Internet Explorer\Citavi Picker\ShowContextMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
    TCP: DhcpNameServer = 141.44.1.9 141.44.1.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    AddRemove-boost_1_47 - c:\program files\boost\boost_1_47\uninstall.exe
    AddRemove-Carmageddon 2 Carpocalypse Now - c:\gog games\Carmageddon 2 Carpocalypse Now\unins000.exe
    AddRemove-eSupport UndeletePlus_is1 - c:\program files\eSupport.com\eSupport UndeletePlus\unins000.exe
    AddRemove-GOGPACKCARMAGEDDON2_is1 - c:\gog games\Carmageddon 2 Carpocalypse Now\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-06-27 21:35:27
    ComboFix-quarantined-files.txt 2015-06-27 18:35
    .
    Pre-Run: 20 869 283 840 bytes free
    Post-Run: 20 762 951 680 bytes free
    .
    - - End Of File - - 85860365CB850E9C222EDCA4E3967C59
    EA923EB0EC0060F1451E9AD7B5762CFE
     
  10. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  11. Pilif

    Pilif TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
    Ran by kr (administrator) on KR-TU on 27-06-2015 22:04:01
    Running from E:\Karl
    Loaded Profiles: kr (Available Profiles: kr)
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
    (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (brother Industries Ltd) C:\Windows\System32\BRSVC01A.EXE
    (brother Industries Ltd) C:\Windows\System32\BRSS01A.EXE
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
    (Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
    (Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
    (Bernd Dietzel) C:\Program Files\RegRunner2009\RegRunner2009.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (UJI per a CATCert) C:\Program Files\TU Sofia\Clauer TU Sofia\clos-win.exe
    (Fork, Ltd.) C:\Windows\Parse\wpxsvc.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
    (Joyent, Inc) C:\Windows\Parse\versions\1.3.9\bin\node.exe
    (Fork, Ltd.) C:\Windows\Parse\versions\1.3.9\node_modules\triggers\bin\lightevt.exe
    (HP) C:\Windows\System32\HPSIsvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (VMware, Inc.) C:\Windows\System32\vmnat.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
    (VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
    (VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Mozilla Community) C:\Program Files\Light\light.exe
    (Mozilla Corporation) C:\Program Files\Light\plugin-container.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    () C:\Program Files\SMPlayer\smplayer.exe
    () C:\Program Files\SMPlayer\mplayer\mplayer.exe
    () C:\Program Files\SMPlayer\smplayer.exe
    () C:\Program Files\SMPlayer\mplayer\mplayer.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-09-16] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-27] (IDT, Inc.)
    HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
    HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [323128 2011-07-06] (Hewlett-Packard Company)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [91648 2011-08-19] (IvoSoft)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-06] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-01-06] (Atheros Commnucations)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-08] (Avast Software s.r.o.)
    HKLM\...\Run: [Bonus.SSR.FR10] => C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [941320 2011-06-08] (ABBYY.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RegRunner2009.lnk [2011-09-21]
    ShortcutTarget: RegRunner2009.lnk -> C:\Program Files\RegRunner2009\RegRunner2009.exe (Bernd Dietzel)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)
    BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2011-08-19] (IvoSoft)
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP15-15155/event/ieatgpc1.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 141.44.1.9 141.44.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-06-23] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-10-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll [2012-01-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=1.1.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2011-07-14] (the VideoLAN Team)
    FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll [2013-01-24] (Wolfram Research, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\kr\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-08-14] (Cisco WebEx LLC)
    FF Extension: German Dictionary (de-DE), classical spelling standards - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\alterechtschreibung@googlemail.com [2015-06-22]
    FF Extension: Bulgarian Dictionary - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\bg-BG@dictionaries.addons.mozilla.org [2015-06-22]
    FF Extension: United States English Spellchecker - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\en-US@dictionaries.addons.mozilla.org [2015-06-22]
    FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-06-21]
    FF Extension: Firebug - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-21]
    FF Extension: Ghostery - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\firefox@ghostery.com.xpi [2015-06-21]
    FF Extension: Forecastfox (fix version) - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\forecastfox@s3_fix_version.xpi [2015-06-21]
    FF Extension: Self-Destructing Cookies - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-06-21]
    FF Extension: Deutsch (DE) Language Pack - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-06-22]
    FF Extension: English (US) Language Pack - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2015-06-22]
    FF Extension: searchOnTab - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\searchontab@sogame.cat.xpi [2015-06-21]
    FF Extension: Flagfox - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-06-21]
    FF Extension: HttpFox - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2015-06-21]
    FF Extension: Adblock Plus - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-21]
    FF Extension: BetterPrivacy - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-06-21]
    FF Extension: Greasemonkey - C:\Users\kr\AppData\Roaming\Mozilla\Firefox\Profiles\nyxn901s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-24]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-26]
    FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
    FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-26]

    Chrome:
    =======
    CHR Profile: C:\Users\kr\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\kr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-16]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
    R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
    R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2011-01-06] (Atheros Commnucations) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-23] (Avast Software)
    R2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) [File not signed]
    R2 CLOS; C:\Program Files\TU Sofia\Clauer TU Sofia\clos-win.exe [98304 2011-01-26] (UJI per a CATCert) [File not signed]
    R2 CronService; C:\Windows\Parse\wpxsvc.exe [611854 2015-06-08] (Fork, Ltd.) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-10-24] (Flexera Software, Inc.)
    R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [1698360 2011-07-06] (Hewlett-Packard Company)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-11-17] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-11-17] (Hewlett-Packard) [File not signed]
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-10-24] (SolidWorks) [File not signed]
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-27] (IDT, Inc.)
    R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
    R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
    R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
    R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
    R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
    S3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [X]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AlteraUSBBlaster; C:\Windows\System32\drivers\usbblstr.sys [58960 2010-06-27] (FTDI Ltd.)
    S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-03-07] (Google Inc)
    S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-03-06] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-03-06] (LG Electronics Inc.)
    S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-03-06] (LG Electronics Inc.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-27] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
    S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-01-06] (Atheros)
    R3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [98400 2010-10-28] (SysProgs.org)
    S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [258720 2011-01-06] (Atheros)
    R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-06] (Atheros)
    S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-01-06] (Atheros)
    S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-01-06] (Atheros)
    S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-01-06] (Atheros)
    S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.)
    S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [241824 2011-01-06] (Atheros)
    R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [21600 2011-12-21] (IVT Corporation.)
    R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx86.sys [43088 2013-08-15] ()
    R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-03-24] (Emsisoft GmbH)
    S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2015-01-23] (FTDI Ltd.)
    R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
    S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2009-02-25] (Hewlett Packard)
    S2 ISMPUSBFilter; C:\Windows\System32\DRIVERS\ISMPUSBFilter.sys [16384 2012-12-04] (Innostor Technology Corporation) [File not signed]
    S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [23288 2012-12-24] (IVT Corporation.)
    S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [27256 2012-12-24] (IVT Corporation.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
    S3 MYFAULT; C:\Windows\system32\drivers\myfault.sys [10760 2012-04-07] (Sysinternals) [File not signed]
    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
    R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [69504 2011-06-10] (Renesas Electronics Corporation)
    R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [161664 2011-06-10] (Renesas Electronics Corporation)
    S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
    S3 stdriver; C:\Windows\System32\DRIVERS\stdriver32.sys [52312 2011-11-11] (NCH Software)
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
    S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-10-17] (TeamViewer GmbH)
    R2 TVicPort; C:\Windows\system32\Drivers\TVicPort.sys [14544 2005-03-30] (EnTech Taiwan) [File not signed]
    S3 USB18PRG; C:\Windows\System32\Drivers\USB18PRG.sys [46152 2009-11-17] (mikroElektronika)
    R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-23] (Avast Software)
    R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
    S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
    R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
    R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
    S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
    R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
    S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
    R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2011-02-04] (Jungo)
    S3 XilinxFirmwareEmbeddedLpLoader; C:\Windows\System32\Drivers\xusb_emb.sys [17408 2011-02-04] (Xilinx, Inc.)
    S3 XilinxFirmwarePusb2Loader; C:\Windows\System32\Drivers\xusb_xp2.sys [17920 2011-02-04] (Xilinx, Inc.)
    R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2011-02-04] (Xilinx, Inc.) [File not signed]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
    S3 catchme; \??\C:\Users\kr\AppData\Local\Temp\catchme.sys [X]
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    S3 SMIGrabber3E; System32\Drivers\SmiUsbGrabber3E.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-27 21:35 - 2015-06-27 21:35 - 00020252 _____ C:\ComboFix.txt
    2015-06-27 21:12 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-06-27 21:12 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-06-27 21:12 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-06-27 21:12 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-06-27 21:12 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-06-27 21:12 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
    2015-06-27 21:12 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
    2015-06-27 21:12 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
    2015-06-27 21:02 - 2015-06-27 21:35 - 00000000 ____D C:\Qoobox
    2015-06-27 21:01 - 2015-06-27 21:33 - 00000000 ____D C:\Windows\erdnt
    2015-06-27 21:00 - 2015-06-27 21:00 - 05630589 ____R (Swearware) C:\Users\kr\Desktop\ComboFix.exe
    2015-06-27 20:42 - 2015-06-27 20:42 - 00001079 _____ C:\Users\kr\Desktop\JRT.txt
    2015-06-27 20:36 - 2015-06-27 20:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KR-TU-Windows-7-Professional-(32-bit).dat
    2015-06-27 20:36 - 2015-06-27 20:36 - 00000000 ____D C:\RegBackup
    2015-06-27 19:22 - 2015-06-27 19:24 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-27 19:21 - 2015-06-27 19:23 - 00001024 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-27 19:21 - 2015-06-27 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-27 19:21 - 2015-06-27 19:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-06-27 19:21 - 2015-06-27 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-06-27 19:21 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-06-27 19:21 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-06-27 19:21 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-06-27 19:11 - 2015-06-27 19:42 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-27 19:11 - 2015-06-27 19:11 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-06-27 19:06 - 2015-06-27 19:06 - 17679608 _____ C:\Users\kr\Desktop\RogueKiller.exe
    2015-06-26 20:45 - 2015-06-26 20:45 - 00010070 _____ C:\Windows\DPINST.LOG
    2015-06-25 20:35 - 2015-06-27 19:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-06-24 13:32 - 2015-06-24 13:32 - 00002254 _____ C:\EamClean.log
    2015-06-24 13:29 - 2015-06-24 13:29 - 00000000 ____D C:\ProgramData\Emsisoft
    2015-06-24 13:20 - 2015-06-24 13:20 - 00001013 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2015-06-24 13:20 - 2015-06-24 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    2015-06-24 13:19 - 2015-06-27 21:48 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2015-06-24 13:19 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
    2015-06-24 13:11 - 2015-06-24 13:11 - 00140424 _____ C:\Users\kr\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-06-24 13:01 - 2015-06-27 20:24 - 00000000 ____D C:\AdwCleaner
    2015-06-24 10:18 - 2015-06-27 22:04 - 00000000 ____D C:\FRST
    2015-06-24 07:46 - 2015-06-27 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-23 21:23 - 2015-06-23 21:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-06-23 21:23 - 2015-06-23 21:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-06-23 21:11 - 2015-06-23 21:12 - 00000217 _____ C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
    2015-06-23 15:00 - 2012-04-07 19:34 - 00010760 _____ (Sysinternals) C:\Windows\system32\Drivers\myfault.sys
    2015-06-22 11:00 - 2015-06-22 11:00 - 00000000 ____D C:\Users\kr\Downloads\New folder
    2015-06-21 15:55 - 2015-06-21 15:55 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-06-21 15:55 - 2015-06-21 15:55 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-06-21 15:55 - 2015-06-21 15:55 - 00000000 ____D C:\ProgramData\Mozilla
    2015-06-21 15:55 - 2015-06-21 15:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2015-06-20 18:18 - 2009-06-11 00:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150620-181829.backup
    2015-06-20 18:08 - 2015-06-20 18:08 - 00000000 ____D C:\Users\kr\Documents\ProcAlyzer Dumps
    2015-06-20 18:01 - 2015-06-20 18:01 - 00000000 ____D C:\Users\kr\AppData\Roaming\Wireshark
    2015-06-20 17:52 - 2015-06-20 17:53 - 00000000 ____D C:\Program Files\Wireshark
    2015-06-20 17:52 - 2015-06-20 17:52 - 00001694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2015-06-20 17:52 - 2015-06-20 17:52 - 00001682 _____ C:\Users\Public\Desktop\Wireshark.lnk
    2015-06-20 17:52 - 2015-06-20 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    2015-06-20 17:49 - 2015-06-21 08:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2015-06-20 17:49 - 2015-06-20 17:54 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2015-06-20 17:49 - 2015-06-20 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-06-20 17:49 - 2015-06-20 17:49 - 00002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-06-20 17:49 - 2015-06-20 17:49 - 00002083 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-06-20 17:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2015-06-19 07:07 - 2015-06-27 21:44 - 00001008 _____ C:\Windows\setupact.log
    2015-06-19 07:07 - 2015-06-19 07:07 - 00000000 _____ C:\Windows\setuperr.log
    2015-06-19 07:06 - 2015-06-27 21:44 - 00042648 _____ C:\Windows\PFRO.log
    2015-06-18 11:39 - 2015-06-18 11:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2015-06-18 09:48 - 2015-06-27 16:29 - 00000600 _____ C:\Users\kr\AppData\Local\PUTTY.RND
    2015-06-17 11:42 - 2015-06-17 11:42 - 00000218 _____ C:\Users\kr\.recently-used.xbel
    2015-06-16 18:44 - 2015-06-27 16:29 - 00000000 ____D C:\Users\kr\AppData\Roaming\FileZilla
    2015-06-16 18:43 - 2015-06-16 18:43 - 00001910 _____ C:\Users\kr\Desktop\FileZilla Client.lnk
    2015-06-16 18:43 - 2015-06-16 18:43 - 00000000 ____D C:\Users\kr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2015-06-16 18:43 - 2015-06-16 18:43 - 00000000 ____D C:\Program Files\FileZilla FTP Client
    2015-06-16 18:41 - 2015-06-16 18:40 - 06228864 _____ (Tim Kosse) C:\Users\kr\Downloads\FileZilla_3.11.0.2_win32-setup.exe
    2015-06-16 13:46 - 2015-06-16 13:46 - 00000000 ____D C:\Users\kr\AppData\Local\TeamViewer
    2015-06-16 13:44 - 2015-06-23 14:18 - 00000496 _____ C:\Windows\system32\TeamViewer10_Hooks.log
    2015-06-16 13:44 - 2015-06-23 14:17 - 00000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
    2015-06-16 13:44 - 2015-06-23 14:17 - 00000877 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
    2015-06-16 10:22 - 2015-06-16 10:22 - 00000000 ____D C:\Users\kr\Tracing
    2015-06-16 08:02 - 2015-06-23 21:13 - 00000000 ____D C:\Program Files\Google
    2015-06-16 08:02 - 2015-06-16 08:03 - 00000000 ____D C:\Users\kr\AppData\Local\Google
    2015-06-09 09:54 - 2015-06-23 18:35 - 00000000 ____D C:\Program Files\OpenVPN
    2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Windows\Prey
    2015-06-08 12:10 - 2015-06-08 12:10 - 00000000 ____D C:\Windows\Parse

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-27 22:01 - 2011-09-26 09:33 - 00000000 ____D C:\Users\kr\.smplayer
    2015-06-27 22:00 - 2009-07-14 07:34 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-27 22:00 - 2009-07-14 07:34 - 00022208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-27 21:50 - 2014-02-06 15:51 - 02085348 _____ C:\Windows\WindowsUpdate.log
    2015-06-27 21:48 - 2015-05-15 21:09 - 00000540 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
    2015-06-27 21:46 - 2013-08-16 11:03 - 00000000 ____D C:\ProgramData\VMware
    2015-06-27 21:45 - 2011-09-22 08:48 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
    2015-06-27 21:43 - 2011-12-06 10:33 - 00000000 ____D C:\Users\kr\AppData\Local\CrashDumps
    2015-06-27 21:35 - 2012-03-03 16:43 - 00000000 ____D C:\Users\kr\AppData\Local\Apps\2.0
    2015-06-27 21:35 - 2009-07-14 05:37 - 00000000 __RHD C:\Users\Default
    2015-06-27 21:35 - 2009-07-14 05:37 - 00000000 ___RD C:\Users\Public
    2015-06-27 21:31 - 2009-07-14 05:04 - 00000215 _____ C:\Windows\system.ini
    2015-06-27 21:24 - 2014-11-13 13:46 - 00000000 ____D C:\ProgramData\TEMP
    2015-06-27 20:34 - 2011-10-25 15:06 - 00000000 ____D C:\Users\kr\AppData\Roaming\Macromedia
    2015-06-27 18:54 - 2011-10-25 14:57 - 00000000 ____D C:\Users\kr\AppData\Roaming\Skype
    2015-06-27 10:39 - 2011-09-26 09:52 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
    2015-06-26 22:54 - 2012-11-27 10:36 - 00061440 ___SH C:\Users\kr\Thumbs.db
    2015-06-26 22:51 - 2014-01-12 12:29 - 00000097 _____ C:\Users\kr\.asadminpass
    2015-06-26 22:39 - 2011-09-21 16:39 - 00000000 ____D C:\Users\kr
    2015-06-26 20:36 - 2015-03-08 18:31 - 00000000 ____D C:\Windows\pss
    2015-06-25 20:19 - 2012-05-24 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera
    2015-06-25 16:31 - 2015-03-08 19:28 - 00007614 _____ C:\Users\kr\AppData\Local\Resmon.ResmonCfg
    2015-06-24 11:01 - 2011-11-29 17:59 - 00000000 ____D C:\Users\kr\Documents\MATLAB
    2015-06-23 15:05 - 2014-01-25 16:53 - 00000000 ____D C:\Users\kr\AppData\Roaming\TeamViewer
    2015-06-23 14:18 - 2014-01-25 16:47 - 00000000 ____D C:\Program Files\TeamViewer
    2015-06-22 17:10 - 2011-09-21 16:52 - 00000000 ____D C:\Users\kr\AppData\Roaming\hpqLog
    2015-06-21 22:42 - 2011-09-26 09:31 - 00000000 ____D C:\Users\kr\AppData\Roaming\vlc
    2015-06-21 15:55 - 2014-04-11 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-06-21 15:55 - 2012-03-23 19:49 - 00000000 ____D C:\Users\kr\AppData\Local\Mozilla
    2015-06-21 11:08 - 2013-02-28 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altera 12.1 Build 177
    2015-06-20 17:52 - 2013-04-09 09:31 - 00000000 ____D C:\Program Files\WinPcap
    2015-06-19 07:13 - 2013-10-22 11:30 - 00000000 ____D C:\Users\kr\AppData\Local\Adobe
    2015-06-19 07:06 - 2009-07-14 07:33 - 00523704 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-18 17:02 - 2010-11-21 00:01 - 00784668 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-17 11:43 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\.gconfd
    2015-06-17 11:42 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\AppData\Roaming\gedit
    2015-06-17 11:42 - 2011-09-26 13:05 - 00000000 ____D C:\Users\kr\.gconf
    2015-06-16 19:22 - 2011-09-22 08:33 - 00000000 ____D C:\Program Files\Pale Moon
    2015-06-16 10:21 - 2014-10-24 12:31 - 00000000 ___RD C:\Program Files\Skype
    2015-06-16 10:21 - 2011-10-25 14:56 - 00000000 ____D C:\ProgramData\Skype
    2015-06-08 12:05 - 2013-03-18 18:02 - 00000029 _____ C:\Windows\system32\TempWmicBatchFile.bat

    ==================== Files in the root of some directories =======

    2012-03-30 18:38 - 2007-11-20 10:26 - 0000060 ____R () C:\Program Files\BRINST.INI
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000039 _____ () C:\Users\kr\AppData\Roaming\Camdata.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamLayout.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamShapes.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0004510 _____ () C:\Users\kr\AppData\Roaming\CamStudio.cfg
    2015-06-23 21:11 - 2015-06-23 21:12 - 0000217 _____ () C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
    2011-09-28 08:43 - 2013-07-27 13:15 - 0007680 _____ () C:\Users\kr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-03-09 18:02 - 2014-03-09 18:02 - 0004096 ____H () C:\Users\kr\AppData\Local\keyfile3.drm
    2015-06-18 09:48 - 2015-06-27 16:29 - 0000600 _____ () C:\Users\kr\AppData\Local\PUTTY.RND
    2015-04-02 19:02 - 2015-04-02 19:02 - 0004998 _____ () C:\Users\kr\AppData\Local\recently-used.xbel
    2015-03-08 19:28 - 2015-06-25 16:31 - 0007614 _____ () C:\Users\kr\AppData\Local\Resmon.ResmonCfg

    Files to move or delete:
    ====================
    C:\Users\kr\comcat5sa.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-23 11:52

    ==================== End of log ============================
     
  12. Pilif

    Pilif TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
    Ran by kr at 2015-06-27 22:05:23
    Running from E:\Karl
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2225793313-3862077144-1271436542-500 - Administrator - Disabled)
    Guest (S-1-5-21-2225793313-3862077144-1271436542-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2225793313-3862077144-1271436542-1009 - Limited - Disabled)
    kr (S-1-5-21-2225793313-3862077144-1271436542-1000 - Administrator - Enabled) => C:\Users\kr

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
    AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM\...\uTorrent) (Version: 3.2.0 - )
    1.2 (HKLM\...\WiKiCapture_is1) (Version: - BBTradeSales)
    32 Bit HP CIO Components Installer (Version: 18.1.4 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
    ABBYY FineReader 10 Professional Edition (HKLM\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.338.70023 - ABBYY)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Arduino (HKLM\...\Arduino) (Version: 1.6.0 - Arduino LLC)
    Arena 13.50.00000 (HKLM\...\{BD78DE74-95DB-429D-A66F-6306BCEDA640}) (Version: 13.50.00000 - Rockwell Automation, Inc.)
    Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{8DB1C181-4D7F-2508-DD37-64A22F3BC817}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
    Avidemux 2.5 (32-bit) (HKLM\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
    BASCOM-AVR (HKLM\...\{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1) (Version: 1.11.9.8 - MCS Electronics)
    Battle for Wesnoth 1.12.0 (HKLM\...\Battle for Wesnoth 1.12.0) (Version: 1.12.0 - )
    Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.02.000.55 - Име на компания)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Brother Driver Deployment Wizard (HKLM\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
    CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
    Cheat Engine 6.2 (HKLM\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
    Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
    Classic Shell (HKLM\...\{101A3855-EB37-4760-9DCB-BA04A28E0F75}) (Version: 3.2.0 - IvoSoft)
    Clauer Manager TU Sofia 2011012621 (HKLM\...\Clauer Manager TU Sofia) (Version: 2011012621 - Clauer Manager TU Sofia)
    CMake 2.8, a cross-platform, open-source build system (HKLM\...\CMake 2.8.6) (Version: 2.8.6 - Kitware)
    CodeLite (HKLM\...\CodeLite_is1) (Version: - )
    Command & Conquer™ Red Alert™ 3 (HKLM\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
    Command-Center (HKLM\...\{ACB6A62E-758E-4CF2-AD13-E34D0927108E}) (Version: 6.0.0 - ERC)
    ContaCam (HKLM\...\ContaCam) (Version: 4.9.5 - Contaware.com)
    Debut Video Capture Software (HKLM\...\Debut) (Version: - NCH Software)
    Digilent Software (HKLM\...\Digilent Software) (Version: 1.0.198 - Digilent, Inc.)
    DiskInternals Linux Reader (HKLM\...\DiskInternals Linux Reader) (Version: 1.9.2.0 - DiskInternals Research)
    DJ Java Decompiler v.3.12.12.98 (HKLM\...\{38814B4D-E1BC-4ABE-BA9A-1D76CC678882}) (Version: 1.9 - Atanas Neshkov 2009)
    doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
    EAGLE 6.6.0 (HKLM\...\EAGLE 6.6.0) (Version: 6.6.0 - CadSoft Computer GmbH)
    Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.)
    Enscript-1.6.3 Sources (GnuWin32) (HKLM\...\Enscript-1.6.3-src_is1) (Version: 1.6.3 - GnuWin32)
    EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
    Evince 2.32.0 (HKLM\...\{923638DC-4B4D-4678-BA52-2905B6BAA431}) (Version: 2.32.0 - (Custom build))
    FileZilla Client 3.11.0.2 (HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
    Foxit Advanced PDF Editor 3 (HKLM\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
    Foxit Reader (HKLM\...\Foxit Reader) (Version: 4.3.0.1110 - Foxit Corporation)
    FreeCAD 0.14 - A free open source CAD system (HKLM\...\FreeCAD 0.14) (Version: 0.14.3700 - Juergen Riegel)
    gedit 2.30.1 (HKLM\...\gedit_is1) (Version: 2.30.1 - GNOME)
    GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
    GitHub (HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\5f7eb300e2ea4ebf) (Version: 2.13.1.2 - GitHub, Inc.)
    GOG.com Carmageddon 2 (HKLM\...\{753f4dd7-070a-4364-b384-36a077200785}.sdb) (Version: - )
    Hama Black Force Pad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
    Highlight (HKLM\...\Highlight Code Converter_is1) (Version: - André Simon)
    HP HotKey Support (HKLM\...\{76997589-A71A-4651-9956-F2F79972A54D}) (Version: 4.0.20.1 - Hewlett-Packard Company)
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
    IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
    InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)
    Intel(R) Display Audio Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
    ISO Creator 1.0 (HKLM\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java SE Development Kit 8 Update 31 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
    JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
    LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
    LibreOffice 3.6 (HKLM\...\{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}) (Version: 3.6.3.2 - The Document Foundation)
    Light 30.0 (x86 en-US) (HKLM\...\Light 30.0 (x86 en-US)) (Version: 30.0 - Light)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Mathematica Extras 9.0 (4055459) (HKLM\...\A-WIN-Extras 9.0.1 4055459_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
    MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office Proofing Tools 2013 – български (HKLM\...\{90150000-001F-0402-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10111.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
    Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
    mikroProg Suite For PIC (remove only) (HKLM\...\mikroProg Suite For PIC) (Version: - mikroElektronika)
    MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
    MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
    MoodleXMLBuilder (HKLM\...\{0C43647C-3398-4E00-B37B-F7C1649121CD}) (Version: 0.4.0 - Nash Community College)
    Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
    MProg 3.0a (HKLM\...\MProg 3.0a) (Version: - )
    Musik & Audio Restaurator Pro 5.0 (HKLM\...\Musik & Audio Restaurator Pro 5_is1) (Version: 5.0 - Softfeld)
    Nightly 14.0a1 (x86 en-US) (HKLM\...\Nightly 14.0a1 (x86 en-US)) (Version: 14.0a1 - Mozilla)
    Notepad++ (HKLM\...\Notepad++) (Version: 6.7 - Notepad++ Team)
    Oracle VM VirtualBox 4.1.2 (HKLM\...\{CEDA7B06-A6C0-4C0F-9B5A-9B7F68D110F9}) (Version: 4.1.2 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Pale Moon 25.5.0 (x86 en-US) (HKLM\...\Pale Moon 25.5.0 (x86 en-US)) (Version: 25.5.0 - Moonchild Productions)
    Papilio DesignLab version v1.0.6b (HKLM\...\{EA516BE9-B80D-47A2-880B-457C76A42B05}_is1) (Version: v1.0.6b - Gadget Factory)
    PDF24 Creator 5.0.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
    PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
    Prey Anti-Theft (Version: 1.3.9 - Prey, Inc.) Hidden
    PuTTY version 0.63 (HKLM\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
    Python 2.7 numpy-1.6.1 (HKLM\...\numpy-py2.7) (Version: - )
    Python 2.7 PIL-1.1.7 (HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\...\PIL-py2.7) (Version: - )
    Python 2.7 scipy-0.10.0 (HKLM\...\scipy-py2.7) (Version: - )
    Python 2.7.2 (HKLM\...\{2E295B5B-1AD4-4d36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
    Quake 2 HD 2.138 (HKLM\...\Quake 2 HD 2.138) (Version: - )
    QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    RealFlight G4 R/C Simulator (HKLM\...\RealFlightG4Pro) (Version: - )
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
    Realterm 2.0.0.70 (HKLM\...\Realterm) (Version: 2.0.0.70 - Broadcast Equipment)
    Red Alert 3 (HKLM\...\Red Alert 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
    RegRunner 3.2.2009.5 (HKLM\...\RegRunner2009_is1) (Version: - Bernd Dietzel)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
    RidNacs 2.0.3 (HKLM\...\RidNacs_is1) (Version: - Stephan Plath)
    ScanMaster-ELM 2.1.104.771 (HKLM\...\ScanMaster-ELM_is1) (Version: 2.1.104.771 - WGSoft.de)
    Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    SMPlayer 0.6.9 (HKLM\...\SMPlayer) (Version: 0.6.9 - RVM)
    SolidWorks 2013 SP03 (Version: 21.130.60 - SolidWorks) Hidden
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    STAR WARS™ Jedi Knight™ - Jedi Academy™ (HKLM\...\1428935726_is1) (Version: 2.0.0.4 - GOG.com)
    Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
    Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Subtitle Edit 3.3.15 (HKLM\...\SubtitleEdit_is1) (Version: 3.3.15.2 - Nikse)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.25.0 - Synaptics Incorporated)
    TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
    Tera Term 4.82 (HKLM\...\Tera Term_is1) (Version: - )
    Theme Resource Changer X86 v1.0 (HKLM\...\Theme Resource Changer X86 v1.0) (Version: - Bad *** Apps)
    UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
    VMware Player (HKLM\...\VMware_Player) (Version: 5.0.2 - VMware, Inc)
    VMware Player (Version: 5.0.2 - VMware, Inc.) Hidden
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    WinCDEmu (HKLM\...\WinCDEmu) (Version: 3.3 - Bazis)
    Windows Driver Package - Gadget Factory (www.gadgetfactory.net) (usbser) Ports (01/01/2014 5.1.2600.0) (HKLM\...\12A4597A02952BC2F77BDF80670A5FAF519E1C91) (Version: 01/01/2014 5.1.2600.0 - Gadget Factory (www.gadgetfactory.net))
    Windows Driver Package - Gadget Factory CDM Driver Package - Bus/D2XX Driver (01/01/2015 2.10.00) (HKLM\...\047D0E090E4F3AD2A17DDA8AB7111887CFD607E7) (Version: 01/01/2015 2.10.00 - Gadget Factory)
    Windows Driver Package - Gadget Factory CDM Driver Package (01/01/2015 2.10.00) (HKLM\...\C6584C86AD8E8485EE09AF5CC256A12974884CE9) (Version: 01/01/2015 2.10.00 - Gadget Factory)
    Windows Driver Package - mikroElektronika (USB18PRG) ClassName (07/10/2010 6.1.7600) (HKLM\...\CD96D3050368767200B0ECC33803F2FED72C4D70) (Version: 07/10/2010 6.1.7600 - mikroElektronika)
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    Wireshark 1.12.6 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.6 - The Wireshark developer community, http://www.wireshark.org)
    Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (HKLM\...\M-WIN-L 9.0.1 4055652_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
    wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
    XCOM: Enemy Within (HKLM\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )
    Xilinx Design Tools (C:\Xilinx\14.2\ISE_DS) (HKLM\...\Xilinx Design Tools) (Version: - Xilinx, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\webex\1226\atucfobj.dll (Cisco WebEx LLC)
    CustomCLSID: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000_Classes\CLSID\{DB6F5E05-1887-F2B0-0F79-A4299B05FF47}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2225793313-3862077144-1271436542-1000_Classes\CLSID\{EC58DFB0-3710-9902-B615-C72409B9CC59}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    15-05-2015 11:49:28 Scheduled Checkpoint
    26-05-2015 11:15:41 Scheduled Checkpoint
    04-06-2015 14:54:48 Scheduled Checkpoint
    09-06-2015 09:54:37 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
    16-06-2015 12:13:08 Scheduled Checkpoint
    21-06-2015 10:48:42 Removed Evernote v. 5.8.1
    25-06-2015 21:07:44 Malwarebytes Anti-Rootkit Restore Point
    26-06-2015 20:42:46 Removed Nokia Connectivity Cable Driver
    26-06-2015 20:44:42 Removed PC Connectivity Solution

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 05:04 - 2015-06-27 21:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1D1A6C3E-7848-4101-8B9C-64FC78479B70} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.)
    Task: {24B4C0EA-0E35-440F-8827-48A97A8E9DCE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {3EAFF550-BA1C-4787-8B5F-EDFCF9AD495B} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win32\MATLABStartupAccelerator.exe
    Task: {6C76CABC-3E0F-4EBA-A225-5E8EE5169DE0} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
    Task: {70D6E3DB-6975-49D2-A25A-77BACD17B79B} - System32\Tasks\{8C25CF63-2915-47AC-BD0C-7C28739A1DC8} => pcalua.exe -a "C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" -c /X86
    Task: {B454721B-CB35-434A-B1F3-95A80A912564} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {B4F91CC5-3322-42B4-89BF-D2014928C67F} - System32\Tasks\{306E8E77-1AE2-4273-A6E8-E71BF28B3A57} => pcalua.exe -a "E:\C\Easycap Drivers SMI GRABBER DEVICE\Easycap Drivers SMI GRABBER DEVICE\Drivers\Setup.exe" -d "E:\C\Easycap Drivers SMI GRABBER DEVICE\Easycap Drivers SMI GRABBER DEVICE\Drivers"
    Task: {BEA805CC-9ECE-4EEC-A29D-66DC4A0AFE1C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {CDDEE405-A830-49D7-97A1-7377B13B18AA} - System32\Tasks\{A3ED46DD-17AE-4D2A-B74C-C5C2C406AD6E} => pcalua.exe -a G:\sp53628_Audio.exe -d G:\
    Task: {D026B107-A52D-4CF1-9F40-B7E594B6A670} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
    Task: {D0331E50-77E8-4FA3-A6F5-6F566668FE20} - System32\Tasks\{0625B781-359D-491E-872E-FEBAB7CA62C9} => pcalua.exe -a E:\C\grabber_saa7113_usb-smi2022_drv_v1.0.22b\Grabber_SAA7113_USB-SMI2022_DRV_V1.0.22B\SetupPkt\Setup.exe -d E:\C\grabber_saa7113_usb-smi2022_drv_v1.0.22b\Grabber_SAA7113_USB-SMI2022_DRV_V1.0.22B\SetupPkt
    Task: {EB0AC1F2-3B20-4FF5-A0A9-EFB6F2326272} - System32\Tasks\{AF4ABDC6-482F-4ECD-B05D-DC6B63305C73} => pcalua.exe -a V:\Redist\DirectX\dxsetup.exe -d V:\Redist\DirectX
    Task: {F63503AA-CCF3-4BAF-B8C2-3BA86F619776} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {FA782B40-7718-4F91-867F-E8FD3BCDA4D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {FDE5A5DE-53D2-46EE-87AC-49CFB9493CB8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-06-02 18:20 - 2015-06-02 18:20 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
    2015-04-23 10:38 - 2015-04-23 10:38 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-23 10:38 - 2015-04-23 10:38 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-06-27 16:03 - 2015-06-27 16:03 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062700\algo.dll
    2015-06-27 21:49 - 2015-06-27 21:49 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062701\algo.dll
    2013-05-17 10:17 - 2012-08-21 16:06 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
    2013-05-17 10:18 - 2012-08-21 16:06 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2009-02-18 20:25 - 2009-02-18 20:25 - 00081920 _____ () C:\Windows\system32\ClauerStoreProvider.dll
    2011-03-26 08:28 - 2011-03-26 08:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
    2015-04-23 10:38 - 2015-04-23 10:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-06-20 17:49 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-06-20 17:49 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2015-06-20 17:49 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2009-02-18 20:25 - 2009-02-18 20:25 - 00864256 _____ () C:\Windows\system32\CLAUER-LIBEAY32.dll
    2015-06-20 17:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2015-06-20 17:49 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-02-26 02:28 - 2013-02-26 02:28 - 01260624 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
    2012-03-15 17:50 - 2012-03-15 17:50 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a9cb06a8468a5457719abba04b925a85\IsdiInterop.ni.dll
    2011-09-21 17:32 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2014-06-20 13:43 - 2014-06-20 07:13 - 03368448 _____ () C:\Program Files\Light\mozjs.dll
    2015-06-23 21:23 - 2015-06-23 21:23 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
    2010-02-22 18:45 - 2010-02-22 18:45 - 03268096 _____ () C:\Program Files\SMPlayer\smplayer.exe
    2005-01-13 22:19 - 2005-01-13 22:19 - 00015960 _____ () C:\Program Files\SMPlayer\mingwm10.dll
    2009-09-13 03:55 - 2009-09-13 03:55 - 00748032 _____ () C:\Program Files\SMPlayer\QxtCore.dll
    2009-10-07 04:29 - 2009-10-07 04:29 - 02741760 _____ () C:\Program Files\SMPlayer\QtCore4.dll
    2009-04-22 04:04 - 2009-04-22 04:04 - 11485696 _____ () C:\Program Files\SMPlayer\QtGui4.dll
    2009-04-22 03:46 - 2009-04-22 03:46 - 01398784 _____ () C:\Program Files\SMPlayer\QtNetwork4.dll
    2009-04-22 03:44 - 2009-04-22 03:44 - 00510464 _____ () C:\Program Files\SMPlayer\QtXml4.dll
    2009-04-22 05:53 - 2009-04-22 05:53 - 00160256 _____ () C:\Program Files\SMPlayer\imageformats\qjpeg4.dll
    2010-01-19 12:20 - 2010-01-19 12:20 - 16230912 _____ () C:\Program Files\SMPlayer\mplayer\mplayer.exe
     
  13. Pilif

    Pilif TS Rookie Topic Starter

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7866 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 141.44.1.9 - 141.44.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: RasAuto => 3
    MSCONFIG\Services: RpcLocator => 3
    MSCONFIG\Services: SolidWorks Licensing Service => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Fast Starta.lnk => C:\Windows\pss\SolidWorks 2013 Fast Starta.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^kr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{CC944947-6EC5-476E-8B00-0D5368D15830}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{8A40EE69-788C-4CDF-89D9-DAD72E85A1DE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [TCP Query User{68AB4D42-D26C-4E52-B4EE-429499FDCEA2}E:\vbox\lan_party\half-life\hl.exe] => (Allow) E:\vbox\lan_party\half-life\hl.exe
    FirewallRules: [UDP Query User{D7FB644C-6DEE-4122-85AC-83BE2631AD93}E:\vbox\lan_party\half-life\hl.exe] => (Allow) E:\vbox\lan_party\half-life\hl.exe
    FirewallRules: [TCP Query User{D20854DB-F262-4C1B-886E-6050A75ACD66}E:\vbox\lan_party\starcraft\starcraft\starcraft.exe] => (Allow) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [UDP Query User{9FD17366-30EC-42D4-93CA-15A450619293}E:\vbox\lan_party\starcraft\starcraft\starcraft.exe] => (Allow) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [{B9BB0597-A587-4395-BADA-84AF9224D846}] => (Block) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [{5951ABD3-50F3-4560-9D16-67A116FD23FA}] => (Block) E:\vbox\lan_party\starcraft\starcraft\starcraft.exe
    FirewallRules: [TCP Query User{368EC994-0E80-417F-818C-D6EF2E3A3864}E:\vbox\lan_party\warcraft iii\war3.exe] => (Allow) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [UDP Query User{3EDBF19D-AE78-40B7-8511-C60D1802860D}E:\vbox\lan_party\warcraft iii\war3.exe] => (Allow) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [{7ADEE422-87E7-4F35-8E0F-BD936B79D1EB}] => (Block) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [{813C097C-1EDE-4CCF-B8C1-07FBACCEC387}] => (Block) E:\vbox\lan_party\warcraft iii\war3.exe
    FirewallRules: [TCP Query User{4D1E985D-0719-4C08-B0DB-9E4B29654520}E:\vbox\lan_party\quake iii arena\quake3.exe] => (Allow) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [UDP Query User{1B6ABCF2-3293-4C8A-8ECB-66F30680EB81}E:\vbox\lan_party\quake iii arena\quake3.exe] => (Allow) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [{A01FDAA6-9328-4D20-8451-69AC9CAD7FF9}] => (Block) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [{17B06487-AE65-4AD3-8FE4-7E17E96EA667}] => (Block) E:\vbox\lan_party\quake iii arena\quake3.exe
    FirewallRules: [TCP Query User{69B60D61-9713-43A7-8BFB-92502276B672}C:\program files\java\jdk1.7.0_02\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\bin\java.exe
    FirewallRules: [UDP Query User{EAC3F0F7-48C0-4BD0-BC6B-1BE20E74E868}C:\program files\java\jdk1.7.0_02\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\bin\java.exe
    FirewallRules: [TCP Query User{4ADC2686-C047-426C-9534-28C76EE45EB3}C:\program files\java\jdk1.7.0_02\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\jre\bin\java.exe
    FirewallRules: [UDP Query User{154E4AEE-54DB-40CF-BFE9-482DE6CBCF68}C:\program files\java\jdk1.7.0_02\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_02\jre\bin\java.exe
    FirewallRules: [TCP Query User{6403B561-41D3-45A0-B316-E399A228E16E}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
    FirewallRules: [UDP Query User{D4C66D5D-E459-49B4-9E5C-A04442B6AFB2}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
    FirewallRules: [TCP Query User{3693D8E1-2EAF-4AA5-95AA-BD7F3F2B2D72}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\java.exe
    FirewallRules: [UDP Query User{2522D213-A20B-4E99-A7F4-21245624CCB2}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\java.exe
    FirewallRules: [TCP Query User{475C9434-AC89-4C0E-85A9-283D1D0CF646}C:\program files\java\jdk1.6.0_21\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\bin\java.exe
    FirewallRules: [UDP Query User{FEEC500C-3E66-40C7-A012-58C5361E2CBE}C:\program files\java\jdk1.6.0_21\bin\java.exe] => (Allow) C:\program files\java\jdk1.6.0_21\bin\java.exe
    FirewallRules: [{6FFC6696-65F7-4892-9C45-B75E588DAACA}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
    FirewallRules: [{553C50CD-F925-40BB-9BC0-989FC025AD46}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{F738635C-51E6-43DB-8959-82970BE2C424}F:\easysetupassistant\wr941n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [UDP Query User{944E8ED3-4077-4AEE-AA0A-90AD4BEB881D}F:\easysetupassistant\wr941n\easysetupassistant.exe] => (Allow) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [{500EC65B-500E-4F1B-9BF0-170DCF4767E4}] => (Block) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [{4B158215-CC56-402B-81FB-0B68DDEED6D7}] => (Block) F:\easysetupassistant\wr941n\easysetupassistant.exe
    FirewallRules: [TCP Query User{088897BD-BA7F-4F03-AFD8-D4977975CA1B}C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{42F7962E-397C-4BD7-8CB7-F71AD510E55B}C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\xcom enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [TCP Query User{5CAA7932-C378-43AB-9A53-CD4B73F67064}C:\program files\matlab\r2010b\bin\win32\matlab.exe] => (Block) C:\program files\matlab\r2010b\bin\win32\matlab.exe
    FirewallRules: [UDP Query User{749FCBBE-F21C-4BBE-97EA-9EF6C7A189F8}C:\program files\matlab\r2010b\bin\win32\matlab.exe] => (Block) C:\program files\matlab\r2010b\bin\win32\matlab.exe
    FirewallRules: [TCP Query User{F7923A9A-E4C4-46D1-9D8A-E281492A2C01}D:\lan_p\team fortress 2\hl2.exe] => (Allow) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [UDP Query User{E0E2CE8A-B525-4D37-8C0A-C3D6B4889130}D:\lan_p\team fortress 2\hl2.exe] => (Allow) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [{4F2DB2F3-7216-4AA3-AA28-E0533488EFA2}] => (Block) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [{61235A03-EE09-444E-AFAE-EC0421DF7B3F}] => (Block) D:\lan_p\team fortress 2\hl2.exe
    FirewallRules: [TCP Query User{46DF9C8D-9533-40C3-BF48-783E89BE207E}C:\program files\metro last light\metrollbenchmark.exe] => (Allow) C:\program files\metro last light\metrollbenchmark.exe
    FirewallRules: [UDP Query User{2B1F9908-29A0-49D5-83A8-A73E5888CD56}C:\program files\metro last light\metrollbenchmark.exe] => (Allow) C:\program files\metro last light\metrollbenchmark.exe
    FirewallRules: [{680C7257-C172-40DE-A48C-3EF9743E997E}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{80B6665E-8268-4D22-B275-3AD14152F88E}] => (Block) %ProgramFiles%\NCH Software\Debut\debut.exe
    FirewallRules: [{7A96DC58-0D0B-4928-A1DD-E6C1798D15DA}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [{FFADA5F9-5145-4DC7-8676-B2ADF0790317}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [TCP Query User{EF6042AE-351F-4C8A-A13C-EB3D279B69D9}C:\program files\saints row iv\saintsrowiv.exe] => (Block) C:\program files\saints row iv\saintsrowiv.exe
    FirewallRules: [UDP Query User{5F777DF3-FFA0-4598-AFA9-809D44A61A6D}C:\program files\saints row iv\saintsrowiv.exe] => (Block) C:\program files\saints row iv\saintsrowiv.exe
    FirewallRules: [TCP Query User{0A68E713-C43B-4560-A760-8687D57D90E2}C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe
    FirewallRules: [UDP Query User{C7FA33E7-1C5B-42C5-A204-0B0E6403D624}C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe
    FirewallRules: [TCP Query User{4EE2B0D6-F4AF-4FF8-8330-2C31D7D1F27C}F:\easysetupassistant\easysetupassistant.exe] => (Allow) F:\easysetupassistant\easysetupassistant.exe
    FirewallRules: [UDP Query User{7DEB9645-F4D9-43A3-9C63-EDB7C02E202E}F:\easysetupassistant\easysetupassistant.exe] => (Allow) F:\easysetupassistant\easysetupassistant.exe
    FirewallRules: [{3DE902B5-063D-4A9F-9A82-D9B52D44622F}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    FirewallRules: [{0E8DAAE2-B236-4495-94FB-E38B7B40AC74}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    FirewallRules: [TCP Query User{075DCC92-AD6F-41A5-ADA6-6E3D43619F5D}C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe
    FirewallRules: [UDP Query User{8D1B751B-1F27-4D99-B740-1D4BF4A5271F}C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\xcom enemy within\xew\binaries\win32\xcomew.exe
    FirewallRules: [TCP Query User{6F3AA9F4-A340-4ED6-A19B-01B38963FF1C}E:\games\half-life\hl.exe] => (Block) E:\games\half-life\hl.exe
    FirewallRules: [UDP Query User{189C87F1-BF59-48C5-A56E-EC8066BE48EA}E:\games\half-life\hl.exe] => (Block) E:\games\half-life\hl.exe
    FirewallRules: [TCP Query User{BB54B515-160B-4039-BE6B-D6EE69D04A02}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{DB69601C-9550-4058-9C13-86C34E590C15}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [{744FC9A9-A2A3-4D8C-A502-68F2085E232F}] => (Block) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [{E6C32388-CC12-4FC1-A0C8-6B4FA80C5CBA}] => (Block) C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe
    FirewallRules: [TCP Query User{0AC53948-C8F6-4733-B6DE-E1087F66906C}C:\glassfish3\jdk7\bin\java.exe] => (Allow) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [UDP Query User{0830C44D-5FEC-46EC-A13C-8B33F610C4C3}C:\glassfish3\jdk7\bin\java.exe] => (Allow) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [{0DEAB858-AB42-4970-96E0-546675ABEF81}] => (Block) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [{EFDBC488-DF9C-427A-9170-44B77D605ADF}] => (Block) C:\glassfish3\jdk7\bin\java.exe
    FirewallRules: [TCP Query User{0B8AC7C3-F179-4BCB-88D1-76ABD1759D5E}C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe] => (Block) C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe
    FirewallRules: [UDP Query User{92B085B2-2B60-4CB4-AF58-5B86BDA4C2DE}C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe] => (Block) C:\users\public\documents\mikroelektronika\mikroc pro for pic\tools\udp terminal\udpterminal.exe
    FirewallRules: [TCP Query User{5E2FAABE-15B5-4394-824D-AB28876EC2B0}F:\files\setup\groma quick start.exe] => (Block) F:\files\setup\groma quick start.exe
    FirewallRules: [UDP Query User{D03BD055-86CF-45DD-90C8-005F700983E3}F:\files\setup\groma quick start.exe] => (Block) F:\files\setup\groma quick start.exe
    FirewallRules: [TCP Query User{C6EFE531-2330-427B-80BB-5504C6EECBE9}F:\groma quick start.exe] => (Block) F:\groma quick start.exe
    FirewallRules: [UDP Query User{A6DD1C89-7D60-4FBC-B040-BD3DFBA652AE}F:\groma quick start.exe] => (Block) F:\groma quick start.exe
    FirewallRules: [{87AF8E3A-C804-41F8-9548-6BC99F45149B}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\Mathematica.exe
    FirewallRules: [{2891FA93-EEBF-4445-9109-7F2C83DDE485}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\Mathematica.exe
    FirewallRules: [{1CC6F8AA-BD4C-4ADC-B260-4CAE1F3104B0}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\MathKernel.exe
    FirewallRules: [{DF53D796-9A38-4E9E-AAC1-44C82D9852C4}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\MathKernel.exe
    FirewallRules: [{0AB6A9ED-C5A3-4618-B0C6-38A85074544E}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\math.exe
    FirewallRules: [{DDF6BB33-E631-4B46-9BBD-5F558C4C0AAD}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\9.0\math.exe
    FirewallRules: [{054C7C57-3E14-497C-ACBA-B4CEC2E1675F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{C9EB0444-1836-4734-88BA-FBBC89E80C29}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{F6F67933-24C7-426D-B6A1-C576B220B5F0}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{FA67C1FD-FB6C-47F5-A734-DBB2D9823CB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{5534FB9F-50F2-4318-9646-66DCF9DFE3C9}C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe] => (Block) C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe
    FirewallRules: [UDP Query User{4D5AFE30-6902-4EDE-9F92-C05C6468184F}C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe] => (Block) C:\gog games\carmageddon 2 carpocalypse now\carma2_hw.exe
    FirewallRules: [TCP Query User{1F3E8D41-6F31-44D4-A0BC-8C357400D126}C:\Program Files\BEL\Realterm\realterm.exe] => (Allow) C:\Program Files\BEL\Realterm\realterm.exe
    FirewallRules: [UDP Query User{9EDE6F37-7642-4864-A7C9-3F76FAB1734B}C:\Program Files\BEL\Realterm\realterm.exe] => (Allow) C:\Program Files\BEL\Realterm\realterm.exe
    FirewallRules: [TCP Query User{B7C09E15-A68A-4771-8978-B19037D6A5DD}C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe
    FirewallRules: [UDP Query User{02216E95-2C96-4C32-A28D-2FEEE0A70862}C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe] => (Block) C:\xilinx\13.1\ise_ds\ise\bin\nt\_fpga_editor.exe
    FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [TCP Query User{A966AB96-68E7-42A4-99AA-5F70390DEE97}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
    FirewallRules: [UDP Query User{B91BBF22-5A14-404C-8B55-7543195CD99C}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
    FirewallRules: [TCP Query User{EFC238CF-3FBA-4A5F-A718-BBB3DF2ACF0E}C:\program files\quicktime\quicktimeplayer.exe] => (Allow) C:\program files\quicktime\quicktimeplayer.exe
    FirewallRules: [UDP Query User{545981A7-833F-4EA1-9A15-7CAD71900180}C:\program files\quicktime\quicktimeplayer.exe] => (Allow) C:\program files\quicktime\quicktimeplayer.exe
    FirewallRules: [TCP Query User{F6C55A97-0503-483D-AD70-814BD080F212}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe
    FirewallRules: [UDP Query User{35CC7AF4-5B4C-4621-8CEC-35EDD45C1CBA}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe
    FirewallRules: [TCP Query User{19C7F04E-5ACB-4472-B491-49B7F4DF9757}C:\program files\smplayer\mplayer\mplayer.exe] => (Allow) C:\program files\smplayer\mplayer\mplayer.exe
    FirewallRules: [UDP Query User{5F3063ED-9519-4DF8-8468-5716C826AB6E}C:\program files\smplayer\mplayer\mplayer.exe] => (Allow) C:\program files\smplayer\mplayer\mplayer.exe
    FirewallRules: [{1F11F57D-0D17-4F76-8B28-ED652AB262B7}] => (Allow) C:\Program Files\ContaCam\ContaCam.exe
    FirewallRules: [{1412DF5C-73F5-457D-AC22-F2C341D26C0E}] => (Allow) C:\Program Files\ContaCam\ContaCam.exe
    FirewallRules: [{E7150A22-C4EC-4896-99B2-27ECD07AAD09}] => (Allow) C:\Program Files\ContaCam\microapache\mapache.exe
    FirewallRules: [{7A8A369C-C03D-43B3-98CE-139C9FE8B64B}] => (Allow) C:\Program Files\ContaCam\microapache\mapache.exe
    FirewallRules: [TCP Query User{558034E8-27D4-49AF-B725-17C5B42004E3}F:\tl-r860\easysetupassistant.exe] => (Allow) F:\tl-r860\easysetupassistant.exe
    FirewallRules: [UDP Query User{CF0BDB72-4915-4981-B77B-5606EC160779}F:\tl-r860\easysetupassistant.exe] => (Allow) F:\tl-r860\easysetupassistant.exe
    FirewallRules: [{A39DC162-67FF-4B9D-A13A-BB2D39D56984}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B0BF9408-97D4-408C-9662-BABBF5603762}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A6FD7FAC-0015-48BB-A6DA-7F6433CFE70F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    FirewallRules: [{27001305-36E5-44B7-946D-D95E9BBD61FD}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    FirewallRules: [{52D4A3C9-9CDC-4EFB-968D-62C08F98DA42}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
    FirewallRules: [{1E663F96-5D27-4A13-83A4-C1B2146906F9}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
    FirewallRules: [{0083A5B9-9025-4689-B76B-EA57FCB3D34B}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
    FirewallRules: [{8D587246-6561-4696-9669-3DFF25D76709}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
    FirewallRules: [TCP Query User{AE475361-B007-43A9-A765-6131EEDA807F}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
    FirewallRules: [UDP Query User{5F6AEBA5-BC8A-4ADE-86C9-CC1EE6A71B7E}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
    FirewallRules: [TCP Query User{80879904-DBB2-44ED-A15A-AAB75403CAB2}C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [UDP Query User{7346D6E5-342E-42FD-BA30-C3A7BC90C8D8}C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\xew\binaries\win32\xcomew.exe
    FirewallRules: [TCP Query User{E75048A9-72DF-4148-9934-C41256D9F047}C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [UDP Query User{A602E1F8-089F-4891-8E71-831F28256420}C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe] => (Block) C:\program files\2k games\xcom - enemy unknown\binaries\win32\xcomgame.exe
    FirewallRules: [TCP Query User{C71C5BEB-E531-4F35-ACA2-9859AC788C5B}E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe] => (Allow) E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe
    FirewallRules: [UDP Query User{A94079E1-0A47-4FCD-B7F0-16FAAE256356}E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe] => (Allow) E:\hector\magnitometers\processing-2.2.1\java\bin\java.exe
    FirewallRules: [TCP Query User{1F31CDFB-707C-4E70-9C1A-EDCCAF29CE9A}C:\designlab-1.0.4\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.4\java\bin\javaw.exe
    FirewallRules: [UDP Query User{02352100-C952-4810-8B02-88BFDC092000}C:\designlab-1.0.4\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.4\java\bin\javaw.exe
    FirewallRules: [TCP Query User{3FDE83BD-F3D2-432C-ACF0-682D9314E8A9}C:\designlab-1.0.5\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [UDP Query User{BE587B04-72B4-4A52-83A6-52606C9B750B}C:\designlab-1.0.5\java\bin\javaw.exe] => (Allow) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [{04249AEC-FAF7-408D-8A1C-39BA3A73984E}] => (Block) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [{1A5ED67B-EDFD-4544-B7F5-6BCD3620D06D}] => (Block) C:\designlab-1.0.5\java\bin\javaw.exe
    FirewallRules: [{ACA73E4F-143E-4CC1-8390-0B49B7502D68}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{F72ED59C-5A89-4D94-AB18-C9C0E40B6BC8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [TCP Query User{EB4D76F3-0E27-4C45-8282-FA08A662A8CE}C:\program files\quake 2 hd\berserker.exe] => (Block) C:\program files\quake 2 hd\berserker.exe
    FirewallRules: [UDP Query User{8E226D23-A220-4639-B275-C8336C2E1AAD}C:\program files\quake 2 hd\berserker.exe] => (Block) C:\program files\quake 2 hd\berserker.exe
    FirewallRules: [TCP Query User{89C0AC4E-7FAA-48A6-AB92-190125798380}C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe] => (Block) C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe
    FirewallRules: [UDP Query User{623D1369-5717-4BA7-8398-383A20AE3BDD}C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe] => (Block) C:\gog games\star wars jedi knight - jedi academy\gamedata\jamp.exe
    FirewallRules: [TCP Query User{5FF116FD-E991-40D7-B462-137D69CC517E}C:\designlab-1.0.6\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6\java\bin\javaw.exe
    FirewallRules: [UDP Query User{3ED22BB1-E936-415D-BD80-D822E874B8B8}C:\designlab-1.0.6\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6\java\bin\javaw.exe
    FirewallRules: [TCP Query User{FE252C76-1E14-4007-8511-68984EA0AD8D}C:\designlab-1.0.6b\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6b\java\bin\javaw.exe
    FirewallRules: [UDP Query User{BBB3D860-6D6B-450C-8DB2-AD8A650AD63F}C:\designlab-1.0.6b\java\bin\javaw.exe] => (Block) C:\designlab-1.0.6b\java\bin\javaw.exe
    FirewallRules: [{FE45794D-FB7C-4D4C-8498-78BEBA732B84}] => (Allow) C:\Windows\Parse\versions\1.3.9\bin\node.exe
    FirewallRules: [{97DF9104-F115-43E6-9F81-0EC1E6DC8440}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{44E84B16-B462-4E2C-887D-0846CDCC4381}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{A3C97326-5510-4090-9B8A-E9C338D31F41}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{B4C7FEA7-306D-44D1-9D9F-60CB2BEEAED5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{2BA6FC6E-D0AB-46F7-BA03-CEB152EEF930}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{5DCD9577-2043-484E-B3F5-C4C9C942534D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    ======================
     
  14. Pilif

    Pilif TS Rookie Topic Starter

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Generic Bluetooth Adapter
    Description: Generic Bluetooth Adapter
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: GenericAdapter
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet1
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: VMware Virtual Ethernet Adapter for VMnet8
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: VMware, Inc.
    Service: VMnetAdapter
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/27/2015 09:43:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 30.0.0.5283, time stamp: 0x53a3be85
    Faulting module name: mozalloc.dll, version: 30.0.0.5283, time stamp: 0x53a3b30d
    Exception code: 0x80000003
    Fault offset: 0x00001db5
    Faulting process id: 0x734
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (06/27/2015 09:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 30.0.0.5283, time stamp: 0x53a3be85
    Faulting module name: mozalloc.dll, version: 30.0.0.5283, time stamp: 0x53a3b30d
    Exception code: 0x80000003
    Fault offset: 0x00001db5
    Faulting process id: 0x12a0
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (06/27/2015 07:07:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 30.0.0.5283, time stamp: 0x53a3be85
    Faulting module name: mozalloc.dll, version: 30.0.0.5283, time stamp: 0x53a3b30d
    Exception code: 0x80000003
    Fault offset: 0x00001db5
    Faulting process id: 0x163c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (06/27/2015 06:55:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 30.0.0.5283, time stamp: 0x53a3be85
    Faulting module name: mozalloc.dll, version: 30.0.0.5283, time stamp: 0x53a3b30d
    Exception code: 0x80000003
    Fault offset: 0x00001db5
    Faulting process id: 0x237c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (06/27/2015 06:55:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 38.0.5.5623, time stamp: 0x5563c49a
    Faulting module name: mozalloc.dll, version: 38.0.5.5623, time stamp: 0x5563b229
    Exception code: 0x80000003
    Fault offset: 0x00001aa1
    Faulting process id: 0x1b60
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (06/27/2015 05:58:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8378

    Error: (06/27/2015 05:58:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8378

    Error: (06/27/2015 05:58:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/27/2015 05:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7379

    Error: (06/27/2015 05:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7379


    System errors:
    =============
    Error: (06/27/2015 09:46:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MBAMService service failed to start due to the following error:
    %%1053

    Error: (06/27/2015 09:46:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

    Error: (06/27/2015 09:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MP Tool Filters Driver service failed to start due to the following error:
    %%1058

    Error: (06/27/2015 09:31:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/27/2015 09:23:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/27/2015 09:15:21 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
    Description: The BrSplService service has reported an invalid current state 0.

    Error: (06/27/2015 09:14:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/27/2015 09:10:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (06/27/2015 09:04:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MP Tool Filters Driver service failed to start due to the following error:
    %%1058

    Error: (06/27/2015 09:03:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\athihvs.dll


    Microsoft Office:
    =========================
    Error: (06/27/2015 09:43:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe30.0.0.528353a3be85mozalloc.dll30.0.0.528353a3b30d8000000300001db573401d0b1088c304f94C:\Program Files\Light\plugin-container.exeC:\Program Files\Light\mozalloc.dll685b08e4-1cfc-11e5-b2ec-6431508f4295

    Error: (06/27/2015 09:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe30.0.0.528353a3be85mozalloc.dll30.0.0.528353a3b30d8000000300001db512a001d0b100c19af4f6C:\Program Files\Light\plugin-container.exeC:\Program Files\Light\mozalloc.dll81199f8a-1cf6-11e5-8b6d-6431508f4295

    Error: (06/27/2015 07:07:17 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe30.0.0.528353a3be85mozalloc.dll30.0.0.528353a3b30d8000000300001db5163c01d0b0f2d3fffbb0C:\Program Files\Light\plugin-container.exeC:\Program Files\Light\mozalloc.dll94cb2e1d-1ce6-11e5-8110-6431508f4295

    Error: (06/27/2015 06:55:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe30.0.0.528353a3be85mozalloc.dll30.0.0.528353a3b30d8000000300001db5237c01d0b04013a503beC:\Program Files\Light\plugin-container.exeC:\Program Files\Light\mozalloc.dllfc92799c-1ce4-11e5-9548-6431508f4295

    Error: (06/27/2015 06:55:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa11b6001d0b0b8f8f7318dC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllf1ff8fe4-1ce4-11e5-9548-6431508f4295

    Error: (06/27/2015 05:58:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 8378

    Error: (06/27/2015 05:58:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 8378

    Error: (06/27/2015 05:58:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/27/2015 05:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7379

    Error: (06/27/2015 05:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7379


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
    Percentage of memory in use: 58%
    Total physical RAM: 3014.37 MB
    Available physical RAM: 1258.31 MB
    Total Pagefile: 6027.02 MB
    Available Pagefile: 3460.99 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1891.33 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:195.31 GB) (Free:18.96 GB) NTFS
    Drive e: () (Fixed) (Total:292.97 GB) (Free:17.3 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 596.2 GB) (Disk ID: 5524C46F)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=107.8 GB) - (Type=83)
    Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

    ==================== End of log ======
     
  15. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  16. Pilif

    Pilif TS Rookie Topic Starter

    Thank you. here is the log

    Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
    Ran by kr at 2015-06-28 08:15:29 Run:1
    Running from E:\Karl
    Loaded Profiles: kr (Available Profiles: kr)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    S3 CoordinatorServiceHost; "C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe" [X]
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
    S3 catchme; \??\C:\Users\kr\AppData\Local\Temp\catchme.sys [X]
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    S3 SMIGrabber3E; System32\Drivers\SmiUsbGrabber3E.sys [X]
    2012-03-30 18:38 - 2007-11-20 10:26 - 0000060 ____R () C:\Program Files\BRINST.INI
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000039 _____ () C:\Users\kr\AppData\Roaming\Camdata.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamLayout.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0000408 _____ () C:\Users\kr\AppData\Roaming\CamShapes.ini
    2013-02-20 14:54 - 2013-02-20 14:54 - 0004510 _____ () C:\Users\kr\AppData\Roaming\CamStudio.cfg
    2015-06-23 21:11 - 2015-06-23 21:12 - 0000217 _____ () C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
    2011-09-28 08:43 - 2013-07-27 13:15 - 0007680 _____ () C:\Users\kr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-03-09 18:02 - 2014-03-09 18:02 - 0004096 ____H () C:\Users\kr\AppData\Local\keyfile3.drm
    2015-06-18 09:48 - 2015-06-27 16:29 - 0000600 _____ () C:\Users\kr\AppData\Local\PUTTY.RND
    2015-04-02 19:02 - 2015-04-02 19:02 - 0004998 _____ () C:\Users\kr\AppData\Local\recently-used.xbel
    2015-03-08 19:28 - 2015-06-25 16:31 - 0007614 _____ () C:\Users\kr\AppData\Local\Resmon.ResmonCfg
    C:\Users\kr\comcat5sa.dll

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    "HKU\S-1-5-21-2225793313-3862077144-1271436542-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
    CoordinatorServiceHost => Service removed successfully.
    rpcapd => Service removed successfully.
    BT => Service removed successfully.
    BTCOM => Service removed successfully.
    catchme => Service removed successfully.
    ewusbmbb => Service removed successfully.
    huawei_enumerator => Service removed successfully.
    hwdatacard => Service removed successfully.
    IvtComBusSrv => Service removed successfully.
    pccsmcfd => Service removed successfully.
    SMIGrabber3E => Service removed successfully.
    C:\Program Files\BRINST.INI => moved successfully.
    C:\Users\kr\AppData\Roaming\Camdata.ini => moved successfully.
    C:\Users\kr\AppData\Roaming\CamLayout.ini => moved successfully.
    C:\Users\kr\AppData\Roaming\CamShapes.ini => moved successfully.
    C:\Users\kr\AppData\Roaming\CamStudio.cfg => moved successfully.
    C:\Users\kr\AppData\Local\Citavi Picker Internet Explorer Protocol.txt => moved successfully.
    C:\Users\kr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
    C:\Users\kr\AppData\Local\keyfile3.drm => moved successfully.
    C:\Users\kr\AppData\Local\PUTTY.RND => moved successfully.
    C:\Users\kr\AppData\Local\recently-used.xbel => moved successfully.
    C:\Users\kr\AppData\Local\Resmon.ResmonCfg => moved successfully.
    C:\Users\kr\comcat5sa.dll => moved successfully.

    ==== End of Fixlog 08:15:30 ====
     
  17. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  18. Pilif

    Pilif TS Rookie Topic Starter

    Hello,

    here are the logs. Sophos free Virus ... long takes too long to scan and I will try this night again.

    Flash and Java are out of date because I downgraded them to test if they cause something. That was before I wrote in the Forum to ask for help. So I will update them.
    The PC is much better now. It is slow sometimes but I haven had a black screen.

    Results of screen317's Security Check version 1.004
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Emsisoft Anti-Malware
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    CCleaner
    Java 8 Update 31
    Java SE Development Kit 8 Update 31
    DJ Java Decompiler v.3.12.12.98
    Java version 32-bit out of Date!
    Adobe Flash Player 16.0.0.305 Flash Player out of Date!
    Mozilla Firefox (38.0.5)
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    Emsisoft Anti-Malware a2service.exe
    Emsisoft Anti-Malware a2guard.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    ======================================================
    Farbar Service Scanner Version: 17-01-2015
    Ran by kr (administrator) on 29-06-2015 at 10:58:35
    Running from "E:\Karl"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     
    Last edited: Jun 30, 2015
  19. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Let me know about Sophos.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Still with me?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...