Jump to content

PUP.Optional.Conduit.A malware removal problems


Hacilem
 Share

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Michael (administrator) on MICHAEL-PC on 16-09-2014 20:40:35

Running from D:\Farbar

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe

(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\SignaturApp\siqSEMr.exe

() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(OpenLimit SignCubes AG) C:\Program Files (x86)\SignaturApp\siqBootLoader.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

() C:\Users\Michael\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe

(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD13\PowerDVD13Agent.exe

(ROCCAT GmbH Co., Ltd.) C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Nicolas Kruse) C:\Program Files (x86)\Nettalk6\Nettalk.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe

(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(TrueCrypt Foundation) C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(AVM Berlin) C:\Program Files (x86)\FRITZ!\FriFax32.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) D:\Farbar\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-23] (Realtek Semiconductor)

HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-06-28] (Acronis)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [installerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)

HKLM-x32\...\Run: [shwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)

HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)

HKLM-x32\...\Run: [brStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)

HKLM-x32\...\Run: [intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-09-25] (Intel Corporation)

HKLM-x32\...\Run: [intel AppUp® center Systray] => C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe [917792 2012-09-25] (Intel Corporation)

HKLM-x32\...\Run: [sMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\oflagent.exe [51856 2014-08-19] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-07-30] (ROCCAT GmbH)

HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2014-03-26] (CyberLink Corp.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer

HKU\.DEFAULT\...\Run: [bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

HKU\.DEFAULT\...\Run: [bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

HKU\.DEFAULT\...\Run: [bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-21] (Google Inc.)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [AusweisApp] => C:\Program Files (x86)\AusweisApp\siqBootLoader.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [1987D95A86FCFAF5B82FFA7E9B4B7814763EFF83._service_run] => C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [OpenLimit Middleware Version 3] => C:\Program Files (x86)\SignaturApp\siqSEMr.exe [937496 2012-02-28] (OPENLiMiT SignCubes GmbH)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [41472 2012-04-03] ()

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [icq] => C:\Users\Michael\AppData\Roaming\ICQM\icq.exe [28698984 2013-07-25] (ICQ)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [Amazon Cloud Player] => C:\Users\Michael\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] => C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-20] (Raptr, Inc)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {606fb54e-f24d-11e0-b8d3-782bcbab51a4} - F:\setup.exe AUTORUN=1

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {6e92c139-e1d2-11e0-8665-782bcbab51a4} - F:\AutoRun.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {6e92c13d-e1d2-11e0-8665-782bcbab51a4} - F:\AutoRun.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {7559b2c5-dc3c-11e0-9e0b-782bcbab51a4} - G:\AutoRun.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {7559b2c9-dc3c-11e0-9e0b-782bcbab51a4} - I:\AutoRun.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {8109a5d8-dbdc-11e0-a69f-782bcbab51a4} - G:\AutoRun.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {8109a5df-dbdc-11e0-a69f-782bcbab51a4} - G:\AutoRun.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {ea656b8d-dd67-11e0-839b-782bcbab51a4} - F:\AutoRun.exe

HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {ea656b91-dd67-11e0-839b-782bcbab51a4} - G:\AutoRun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk

ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk

ShortcutTarget: Ryos Driver.lnk -> C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe (ROCCAT GmbH Co., Ltd.)

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk

ShortcutTarget: Nettalk.lnk -> C:\Program Files (x86)\Nettalk6\Nettalk.exe (Nicolas Kruse)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2C888E3C03C2CB01

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)

DPF: HKLM-x32 {503F5F92-794F-4273-824E-A3EDF65BFAA4} http://downloads.reiner-sct.de/owok/plugins/rsct_owok_ie-2004.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

 

FireFox:

========

FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default

FF NewTab: about:blank

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @reiner-sct.com/OWOK,version=2.0.0.4 -> C:\Program Files (x86)\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)

FF Plugin HKCU: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF Plugin HKCU: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo3dautoplugin.dll ()

FF Extension: LastPass - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default\Extensions\support@lastpass.com [2014-01-28]

FF Extension: 1ClickMovieDownloader V2.0 - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default\Extensions\clickmoviedownloader2@clickmoviedownloader.com.xpi [2013-04-11]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM-x32\...\Firefox\Extensions: [{4F3D26C8-9907-48ff-BC74-B8C572D317BF}] - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientExt_FFxx_Win

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-12-02]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-09-16]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-02]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF Extension: No Name - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [Not Found]

FF Extension: No Name - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [Not Found]

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR StartupUrls: Default -> "hxxp://home.sweetim.com/?barid={62CC5AD8-C94E-11E2-9872-782BCBAB51A4}&crg=3.1010000.10011&st=23&ptr=100", "hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN27369830502723617&UM=2", "hxxp://search.conduit.com/?ctid=CT3312806&SearchSource=48&CUI=UN41196317515417058&UM=1"

CHR DefaultSearchKeyword: Default -> 1C37A1ACF6723EC4439B5E2753810C2C69FED1F743F42A9C471B55D00B8B364C


CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (ProxFlow) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-11-22]

CHR Extension: (Gojee Food) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2011-11-06]

CHR Extension: (Angry Birds) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-07-21]

CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-08-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-29]

CHR Extension: (WOT) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-28]

CHR Extension: (Open eCard Legacy Activator) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphjcbgiggmkbkkbfdflbmaainacddnd [2013-09-08]

CHR Extension: (Gmail offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2011-11-06]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2011-07-21]

CHR Extension: (iCloud-Lesezeichen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-10-01]

CHR Extension: (HTTPS Everywhere) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-01-28]

CHR Extension: (MagicScroll eBook Reader) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2012-05-27]

CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2011-07-21]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-27]

CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2011-11-06]

CHR Extension: (Norton Identity Safe) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-02]

CHR Extension: (Unfriend Finder) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc [2013-02-28]

CHR Extension: (Cargo Bridge) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2011-11-03]

CHR Extension: (Little Alchemy) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2011-11-01]

CHR Extension: (Plants vs Zombies) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2011-11-29]

CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Psykopaint) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-03-22]

CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-18]

CHR HKCU\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Michael\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx []

CHR HKCU\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Michael\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [2013-11-02]

CHR HKLM-x32\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\Michael\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx [2013-11-02]

CHR HKLM-x32\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Michael\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [2013-11-02]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2014-07-14]

CHR StartMenuInternet: Google Chrome - C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)

R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2014-03-26] (CyberLink)

R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2014-03-26] (CyberLink)

S3 DAUpdaterSvc; D:\Origin\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-02-24] (BioWare)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)

R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2011-11-15] ()

S3 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-13] (Symantec Corporation)

S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [112128 2012-05-23] (SteelSeries Corporation) [File not signed]

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140915.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140915.032\ENG64.SYS [129752 2014-09-07] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140915.032\EX64.SYS [2137304 2014-09-07] (Symantec Corporation)

R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [32456 2014-03-26] (CyberLink Corp.)

R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-15 20:15 - 2014-09-16 20:40 - 00000000 ____D () C:\FRST

2014-09-15 20:12 - 2014-09-15 20:12 - 00000627 _____ () C:\Users\Michael\Desktop\JRT.txt

2014-09-15 19:53 - 2014-09-15 19:54 - 00000000 ____D () C:\AdwCleaner

2014-09-14 20:51 - 2014-09-14 20:51 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\Program Files\iTunes

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\Program Files\iPod

2014-09-14 14:35 - 2014-09-14 14:35 - 01218400 _____ () C:\Windows\Minidump\091414-150291-01.dmp

2014-09-12 16:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-12 16:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-12 16:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-12 16:01 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-12 16:01 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-12 16:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-12 16:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-12 16:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-12 16:01 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-12 16:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-12 16:01 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-12 16:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-12 16:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-12 16:01 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-12 16:01 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-12 16:01 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-12 16:01 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-12 16:01 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-12 16:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-12 16:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-12 16:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-12 16:01 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-12 16:01 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-12 16:01 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-12 16:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-12 16:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-12 16:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-12 16:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-12 16:01 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-12 16:01 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-12 16:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-12 16:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-12 16:01 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-12 16:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-12 16:01 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-12 16:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-12 16:01 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-12 16:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-12 16:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-12 16:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-12 16:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-12 16:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-12 16:01 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-12 16:01 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-12 16:01 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-12 16:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-12 16:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-12 16:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-12 16:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-12 16:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-12 16:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-12 16:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-12 16:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-12 16:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-12 16:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-12 16:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-11 03:09 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-11 03:09 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-11 00:10 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-11 00:10 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-11 00:10 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-11 00:10 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-11 00:09 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-11 00:09 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-11 00:09 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-11 00:09 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-11 00:09 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-11 00:09 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-11 00:09 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-07 15:14 - 2014-09-07 15:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\Blizzard

2014-09-07 13:55 - 2014-09-07 13:55 - 00000770 _____ () C:\Users\Public\Desktop\Hearthstone.lnk

2014-09-07 13:55 - 2014-09-07 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone

2014-09-03 22:44 - 2014-09-03 22:44 - 00000040 _____ () C:\Windows\system32\5

2014-09-02 16:49 - 2014-09-02 16:49 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-08-29 14:16 - 2014-08-29 14:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe

2014-08-29 13:02 - 2014-08-29 13:02 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-29 13:02 - 2014-08-29 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-08-29 10:38 - 2014-08-29 10:38 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00000860 _____ () C:\Users\Public\Desktop\Amnesia - The Dark Descent.lnk

2014-08-29 10:38 - 2014-08-29 10:38 - 00000000 ____D () C:\Program Files (x86)\OpenAL

2014-08-29 09:29 - 2014-08-29 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

2014-08-29 09:29 - 2014-08-29 09:32 - 00000000 ____D () C:\Users\Michael\AppData\Local\GOG.com

2014-08-28 16:32 - 2014-08-28 16:32 - 00182920 _____ () C:\Users\Michael\Downloads\uninstall_flash_player (1).exe

2014-08-28 14:51 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 14:51 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 14:51 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-26 22:26 - 2014-08-26 22:26 - 00000040 _____ () C:\Windows\system32\¾

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2019-02-05 18:40 - 2013-05-07 17:14 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BA53253-46F5-4DB0-8534-662A593964EE}

2014-09-16 20:40 - 2014-09-15 20:15 - 00000000 ____D () C:\FRST

2014-09-16 20:37 - 2012-04-04 10:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-16 20:35 - 2010-12-14 16:46 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype

2014-09-16 20:27 - 2014-06-26 18:23 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-09-16 20:27 - 2012-03-16 22:44 - 00000000 ____D () C:\Program Files (x86)\SignaturApp

2014-09-16 20:12 - 2011-08-02 21:46 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-16 20:07 - 2011-07-21 18:50 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000UA.job

2014-09-16 19:51 - 2014-01-18 17:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\Battle.net

2014-09-16 19:08 - 2011-07-18 23:36 - 01375925 _____ () C:\Windows\WindowsUpdate.log

2014-09-16 19:05 - 2013-04-24 18:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\FRITZ!

2014-09-16 18:36 - 2014-05-28 19:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-16 17:12 - 2011-08-02 21:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-16 17:04 - 2009-07-14 06:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-16 17:04 - 2009-07-14 06:45 - 00028128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-16 16:59 - 2014-06-26 18:23 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Raptr

2014-09-16 16:59 - 2012-08-25 13:22 - 00000000 ___RD () C:\Users\Michael\Dropbox

2014-09-16 16:59 - 2012-08-25 13:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox

2014-09-16 16:59 - 2012-03-16 22:44 - 00000000 ____D () C:\Users\Michael\.olsc

2014-09-16 16:56 - 2013-01-28 19:57 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-09-16 16:54 - 2013-11-01 20:22 - 00230518 _____ () C:\Windows\setupact.log

2014-09-16 16:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-16 16:52 - 2009-10-22 20:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Nettalk

2014-09-16 16:50 - 2013-09-09 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2014-09-16 16:50 - 2012-02-24 22:08 - 00000000 ____D () C:\ProgramData\DivX

2014-09-16 16:50 - 2012-02-20 21:00 - 00000000 ____D () C:\Program Files (x86)\DivX

2014-09-16 16:41 - 2013-01-28 19:57 - 00000000 ____D () C:\ProgramData\Origin

2014-09-15 20:12 - 2014-09-15 20:12 - 00000627 _____ () C:\Users\Michael\Desktop\JRT.txt

2014-09-15 19:56 - 2010-11-21 05:47 - 01635112 _____ () C:\Windows\PFRO.log

2014-09-15 19:54 - 2014-09-15 19:53 - 00000000 ____D () C:\AdwCleaner

2014-09-15 19:23 - 2011-07-24 13:18 - 00000000 ____D () C:\ProgramData\PCDr

2014-09-15 19:22 - 2013-05-22 14:30 - 00000000 ____D () C:\Program Files\My Dell

2014-09-15 19:13 - 2013-05-22 14:31 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-09-14 22:03 - 2013-09-18 22:31 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien

2014-09-14 20:51 - 2014-09-14 20:51 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\Program Files\iTunes

2014-09-14 20:51 - 2014-09-14 20:51 - 00000000 ____D () C:\Program Files\iPod

2014-09-14 20:51 - 2012-06-12 17:37 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-09-14 20:49 - 2009-03-07 20:55 - 00000000 ____D () C:\Users\Michael\Documents\Download

2014-09-14 19:29 - 2012-08-12 14:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TuneUpMedia

2014-09-14 15:08 - 2013-11-03 16:08 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor

2014-09-14 14:35 - 2014-09-14 14:35 - 01218400 _____ () C:\Windows\Minidump\091414-150291-01.dmp

2014-09-14 14:35 - 2013-12-02 19:21 - 00000000 ____D () C:\Windows\Minidump

2014-09-14 12:07 - 2011-07-21 18:50 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000Core.job

2014-09-13 20:13 - 2011-07-21 18:50 - 00002376 _____ () C:\Users\Michael\Desktop\Google Chrome.lnk

2014-09-13 19:02 - 2011-05-21 21:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps

2014-09-11 21:49 - 2011-02-11 12:22 - 01602780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-11 21:49 - 2010-11-21 08:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat

2014-09-11 21:49 - 2010-11-21 08:50 - 00150604 _____ () C:\Windows\system32\perfc007.dat

2014-09-11 21:49 - 2009-07-14 07:13 - 01602780 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-11 06:18 - 2011-07-21 15:38 - 00000000 ____D () C:\Users\Michael

2014-09-11 03:22 - 2013-07-20 15:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-11 03:11 - 2011-07-24 11:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-11 03:05 - 2014-05-06 21:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-10 19:40 - 2012-04-04 10:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-10 19:40 - 2012-04-04 10:24 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-10 19:40 - 2011-07-24 14:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 19:21 - 2011-07-22 09:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Paint.NET

2014-09-09 17:18 - 2014-01-23 19:45 - 00002041 _____ () C:\Users\Michael\Desktop\Entfernen des Avira PC Cleaners.lnk

2014-09-09 17:18 - 2014-01-23 19:45 - 00001985 _____ () C:\Users\Michael\Desktop\Avira PC Cleaner.lnk

2014-09-08 21:26 - 2013-03-23 19:29 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition

2014-09-07 17:00 - 2011-07-21 18:25 - 00000000 ____D () C:\ProgramData\CyberLink

2014-09-07 15:14 - 2014-09-07 15:14 - 00000000 ____D () C:\Users\Michael\AppData\Local\Blizzard

2014-09-07 13:55 - 2014-09-07 13:55 - 00000770 _____ () C:\Users\Public\Desktop\Hearthstone.lnk

2014-09-07 13:55 - 2014-09-07 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone

2014-09-05 04:10 - 2014-09-11 00:09 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-05 04:05 - 2014-09-11 00:09 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-03 22:44 - 2014-09-03 22:44 - 00000040 _____ () C:\Windows\system32\5

2014-09-02 16:49 - 2014-09-02 16:49 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-09-02 16:43 - 2013-12-02 22:17 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-09-02 16:43 - 2013-12-02 22:16 - 00002463 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-09-02 16:43 - 2013-12-02 22:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-09-02 16:43 - 2013-12-02 22:16 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-08-31 20:06 - 2012-02-24 22:17 - 00001632 _____ () C:\Users\Michael\Desktop\DivX Movies.lnk

2014-08-30 11:49 - 2009-07-14 06:45 - 00533104 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 14:16 - 2014-08-29 14:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe

2014-08-29 13:04 - 2013-01-03 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-29 13:04 - 2012-06-12 17:14 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-08-29 13:02 - 2014-08-29 13:02 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-29 13:02 - 2014-08-29 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-08-29 13:02 - 2011-07-18 23:42 - 00000000 ____D () C:\ProgramData\Skype

2014-08-29 10:38 - 2014-08-29 10:38 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2014-08-29 10:38 - 2014-08-29 10:38 - 00000860 _____ () C:\Users\Public\Desktop\Amnesia - The Dark Descent.lnk

2014-08-29 10:38 - 2014-08-29 10:38 - 00000000 ____D () C:\Program Files (x86)\OpenAL

2014-08-29 10:38 - 2014-08-29 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

2014-08-29 10:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-08-29 09:32 - 2014-08-29 09:29 - 00000000 ____D () C:\Users\Michael\AppData\Local\GOG.com

2014-08-29 09:31 - 2011-07-21 15:38 - 00140832 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-28 18:48 - 2011-10-16 14:20 - 00000000 ____D () C:\Users\Michael\AppData\Local\DVD Profiler

2014-08-28 16:32 - 2014-08-28 16:32 - 00182920 _____ () C:\Users\Michael\Downloads\uninstall_flash_player (1).exe

2014-08-28 10:25 - 2013-03-05 18:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-08-26 22:26 - 2014-08-26 22:26 - 00000040 _____ () C:\Windows\system32\¾

2014-08-26 11:24 - 2011-07-28 21:08 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-25 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-08-24 21:15 - 2009-10-22 23:45 - 00000000 ____D () C:\Users\Michael\Documents\IRC

2014-08-23 04:07 - 2014-08-28 14:51 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-28 14:51 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-28 14:51 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 22:42 - 2014-01-31 14:49 - 00000000 ____D () C:\Users\Michael\AppData\Local\Amazon Cloud Player

2014-08-22 13:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-19 20:05 - 2014-09-12 16:01 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-19 19:39 - 2014-09-12 16:01 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-19 01:01 - 2014-09-12 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-19 00:29 - 2014-09-12 16:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-19 00:29 - 2014-09-12 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-19 00:26 - 2014-09-12 16:01 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-19 00:20 - 2014-09-12 16:01 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-19 00:19 - 2014-09-12 16:01 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-19 00:15 - 2014-09-12 16:01 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-19 00:15 - 2014-09-12 16:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-19 00:14 - 2014-09-12 16:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-19 00:14 - 2014-09-12 16:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-19 00:08 - 2014-09-12 16:01 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-19 00:08 - 2014-09-12 16:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-19 00:08 - 2014-09-12 16:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-19 00:05 - 2014-09-12 16:01 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-19 00:03 - 2014-09-12 16:01 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-19 00:03 - 2014-09-12 16:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-19 00:03 - 2014-09-12 16:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-18 23:57 - 2014-09-12 16:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-18 23:56 - 2014-09-12 16:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-18 23:51 - 2014-09-12 16:01 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-18 23:46 - 2014-09-12 16:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-18 23:45 - 2014-09-12 16:01 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-18 23:45 - 2014-09-12 16:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-18 23:44 - 2014-09-12 16:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-18 23:44 - 2014-09-12 16:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-18 23:42 - 2014-09-12 16:01 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-18 23:40 - 2014-09-12 16:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-18 23:39 - 2014-09-12 16:01 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-18 23:39 - 2014-09-12 16:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-18 23:39 - 2014-09-12 16:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-18 23:38 - 2014-09-12 16:01 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-18 23:37 - 2014-09-12 16:01 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-18 23:36 - 2014-09-12 16:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-18 23:35 - 2014-09-12 16:01 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-18 23:27 - 2014-09-12 16:01 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-18 23:25 - 2014-09-12 16:01 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-18 23:25 - 2014-09-12 16:01 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-18 23:23 - 2014-09-12 16:01 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-18 23:23 - 2014-09-12 16:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-18 23:22 - 2014-09-12 16:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-18 23:19 - 2014-09-12 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-18 23:17 - 2014-09-12 16:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-18 23:17 - 2014-09-12 16:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-18 23:16 - 2014-09-12 16:01 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-18 23:15 - 2014-09-12 16:01 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-18 23:15 - 2014-09-12 16:01 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-18 23:09 - 2014-09-12 16:01 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-18 23:08 - 2014-09-12 16:01 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-18 23:07 - 2014-09-12 16:01 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-18 22:55 - 2014-09-12 16:01 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-18 22:46 - 2014-09-12 16:01 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-18 22:38 - 2014-09-12 16:01 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-18 22:38 - 2014-09-12 16:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-18 22:36 - 2014-09-12 16:01 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

 

Files to move or delete:

====================

C:\Users\Default\NTUSER (1).DAT

C:\Users\Michael\ntuser (1).dat

C:\Users\Michael\ntuser (2).dat

 

 

Some content of TEMP:

====================

C:\Users\Michael\AppData\Local\Temp\DivXSetup.exe

C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyxlcjp.dll

C:\Users\Michael\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Michael\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Michael\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Michael\AppData\Local\Temp\ose00000 (1).exe

C:\Users\Michael\AppData\Local\Temp\ose00000.exe

C:\Users\Michael\AppData\Local\Temp\Quarantine.exe

C:\Users\Michael\AppData\Local\Temp\raptrpatch.exe

C:\Users\Michael\AppData\Local\Temp\raptr_stub.exe

C:\Users\Michael\AppData\Local\Temp\ResetDevice.exe

C:\Users\Michael\AppData\Local\Temp\_is94.exe

C:\Users\Michael\AppData\Local\Temp\_is9C.exe

C:\Users\Michael\AppData\Local\Temp\_isA4.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-11 04:38

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014

Ran by Michael at 2014-09-16 20:41:20

Running from D:\Farbar

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)

Acronis Disk Director 11 Home (HKLM-x32\...\{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}) (Version: 11.0.2343 - Acronis)

Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (x32 Version: 7.1.0 - Adobe Systems) Hidden

Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden

Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)

Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)

Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)

AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden

AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden

AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden

Amnesia - The Dark Descent (HKLM-x32\...\GOGPACKAMNESIA_is1) (Version: 2.0.0.2 - GOG.com)

Amnesia (HKLM\...\{a48e983a-39ba-41bb-947f-9393b9081ca4}.sdb) (Version:  - )

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) Hidden

Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)

Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)

Auditorium (HKLM-x32\...\com.cipherprime.auditorium) (Version: 1.5.0 - UNKNOWN)

Auditorium (x32 Version: 1.5.0 - UNKNOWN) Hidden

AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)

Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)

Banished v1.0.0 64-bit (HKLM\...\{72C32B02-0B78-45F8-8528-2C93F62A7B47}) (Version: 1.0.0 - Shining Rock Software LLC)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)

BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broken Age (HKLM-x32\...\Steam App 232790) (Version:  - Double Fine Productions)

Brother HL-2030 (HKLM-x32\...\{791007C9-0862-4972-865A-B75D6939FAC5}) (Version: 1.00 - Brother)

Brother HL-3040CN (HKLM-x32\...\{8E280F2D-AE07-471A-B26B-03C0E0703658}) (Version: 1.00 - Brother)

Brother P-touch Address Book 1.1 (HKLM-x32\...\{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.2201 - Brother Industries, Ltd.)

Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0120 - Brother Industries, Ltd.)

Brother P-touch Editor Etikettenvorlagen - Paketversand [DEU] (HKLM-x32\...\{5EFFE155-E75B-4816-82BB-67C76A7E2C09}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Update Software (HKLM-x32\...\{42036760-2DA4-43C4-A48A-9F90A0F1FA0E}) (Version: 1.0.0060 - Brother Industries, Ltd.)

Brother QL-Series Software User's Guide (HKLM-x32\...\InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}) (Version: 1.00.0000 - Brother Industries, Ltd.)

Brother QL-Series Software User's Guide (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden

calibre (HKLM-x32\...\{A5425D07-D972-47DA-8133-4D33876D44A4}) (Version: 0.8.51 - Kovid Goyal)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)

Chaos on Deponia (HKLM-x32\...\Steam App 220740) (Version:  - Daedalic Entertainment)

Chipcardmaster 7.11 (HKLM-x32\...\Chipcardmaster_is1) (Version:  - Dr. Olaf Jacobsen)

Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{25456D58-2414-4CC4-AA1B-CF3A2BE00A79}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Red Alert™ 3 and Uprising (HKLM-x32\...\{3C315BF7-4B64-4024-8102-174A197437FA}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)

Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

CUEcards 2000 (HKLM-x32\...\CUEcards 2000) (Version:  - Marcus Humann Software-Technik)

cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)

cyberJack winlogin (HKLM-x32\...\{4A057CC4-5C3B-4A0B-8B85-34E420CD5781}) (Version: 1.0.4 - REINER SCT)

CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )

CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.2119_41281 - CyberLink Corp.)

CyberLink MediaEspresso (x32 Version: 6.5.2119_41281 - CyberLink Corp.) Hidden

CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.3919.58 - CyberLink Corp.)

CyberLink PowerDVD 13 (x32 Version: 13.0.3919.58 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)

Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)

Dell Stage (HKLM-x32\...\{56A0DD94-47D9-4AC8-B5A1-8A8CA77C4B89}) (Version: 1.5.201.0 - Fingertapps)

Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)

Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden

Deponia (HKLM-x32\...\Steam App 214340) (Version:  - Daedalic Entertainment)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

Dishonored (HKLM-x32\...\Steam App 205100) (Version:  - Arkane Studios)

DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)

Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)

dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version:  - )

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)

DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version:  - )

EA Installer (HKLM-x32\...\EA Installer.1020979854) (Version: 2.2.0.62 - Electronic Arts, Inc.)

EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)

EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden

eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)

Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version:  - Daedalic Entertainment)

Edna & Harvey: The Breakout (HKLM-x32\...\Steam App 255320) (Version:  - Daedalic Entertainment)

ElsterFormular (HKLM-x32\...\ElsterFormular 13.0.0.8086p) (Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen)

Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)

Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

FC Bayern München (HKLM-x32\...\{771B0A9D-9401-4062-87E8-25F5A5C1A8E0}) (Version: 1.0.11 - FC Bayern München)

File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)

Flixster (HKLM-x32\...\com.wb.DC2) (Version: 0.1.26 - Warner Bros. Entertainment Inc.)

Flixster (x32 Version: 0.1.26 - Warner Bros. Entertainment Inc.) Hidden

Foldit (HKLM-x32\...\Foldit) (Version:  - )

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.2.413 - Foxit Corporation)

Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)

Free Studio version 5.3.3 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Ltd.)

Free YouTube Download version 3.2.29.303 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.29.303 - DVDVideoSoft Ltd.)

Free YouTube to iPhone Converter version 2.12.0.128 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.0.128 - DVDVideoSoft Ltd.)

FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.2.0 - Electronic Arts)

Gobliiins Trilogy (HKLM-x32\...\Gobliiins Trilogy) (Version:  - DotEmu)

Godus (HKLM-x32\...\Steam App 232810) (Version:  - )

GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)

Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)

Goodbye Deponia (HKLM-x32\...\Steam App 241910) (Version:  - Daedalic Entertainment)

Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

ICQ 8.1 (build 6337) (HKCU\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)

ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)

Indiana Jones and the Fate of Atlantis (HKLM-x32\...\Steam App 6010) (Version:  - LucasArts)

Integrity Tool (HKLM-x32\...\{5B37CD1D-1F72-42DD-99B9-9D92FA8C3342}) (Version: 1.10.0 - OpenLimit SignCubes AG)

Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 39651) (Version: 3.8.1.39651.30 - Intel)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)

Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version:  - LastPass)

LEGO - The Hobbit (HKLM-x32\...\Steam App 285160) (Version:  - Traveller's Tales)

Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version:  - TT Games)

LEGO Harry Potter: Years 5-7 (HKLM-x32\...\Steam App 204120) (Version:  - Traveller's Tales )

LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)

LEGO® Harry Potter™: Die Jahre 1-4 (HKLM-x32\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games)

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4641.1003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden

Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden

Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla)

MP3 Diags (HKLM-x32\...\MP3Diags) (Version:  - )

MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden

MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden

MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden

MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)

Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)

ncid (HKLM-x32\...\ncid) (Version:  - )

Nettalk 6.7 (HKLM-x32\...\Nettalk_is1) (Version:  - Nicolas Kruse)

No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)

NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden

Omron Health Management Software (HKLM-x32\...\{5441F067-5AF8-4284-9A8C-FD98DF05C981}) (Version: 1.60.0003 - Omron Healthcare)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)

Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)

OWOK 2.0.0.4 NPAPI (HKLM-x32\...\OWOK-NPAPI-20) (Version: 2.0.0.4 - REINER Kartengeraete GmbH und Co. KG)

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

PAYBACK Toolbar 1.2 (HKLM-x32\...\PAYBACK Toolbar_is1) (Version: 1.2.0 - PAYBACK GmbH)

PC Connectivity Solution (HKLM-x32\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)

Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

PixelJunk™ Monsters Ultimate (HKLM-x32\...\Steam App 243780) (Version:  - )

Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)

Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)

Ports Of Call - classic - Windows (HKLM-x32\...\Ports Of Call - classic - Windows) (Version:  - )

Power of Politics Client - 1  (HKCU\...\dfc6b1aff233970a) (Version: 1.1.3.0 - Power of Politics)

Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)

PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.2.0 - Electronic Arts)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version:  - Roccat GmbH)

ROCCAT Ryos Keyboard Driver (HKLM-x32\...\{70F3EF93-44F4-446A-90B8-33DAB2799AF1}) (Version: 1.25.0000 - Roccat GmbH)

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (x32 Version: 1.8 - Roxio) Hidden

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

ScummVM 1.5.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)

SecCommerce SecSigner 3.6 (HKLM\...\SecCommerce SecSigner) (Version: 3.6 - SecCommerce Informationssysteme GmbH)

SignaturApp (HKLM-x32\...\{DE855081-5BC8-4F67-9272-83E690E216D0}) (Version: 3.2.0 - OpenLimit)

SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)

StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden

StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden

StarMoney Business 6.0 Deutsche Bank Edition (HKLM-x32\...\{40AA0683-3BA3-4E1F-99B7-F42CBC10A9CE}) (Version: 6.0 - Star Finanz GmbH)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)

SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)

Surf & E-Mail-Stick (HKLM-x32\...\Surf & E-Mail-Stick) (Version: 11.301.08.00.35 - Huawei Technologies Co.,Ltd)

System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)

Tales of Monkey Island - Launch of the Screaming Narwhal (HKLM-x32\...\Launch of the Screaming Narwhal) (Version: 1.0.0.15 - Daedalic Entertainment)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Night of the Rabbit (HKLM-x32\...\Steam App 230820) (Version:  - Daedalic Entertainment)

The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version:  - LucasArts)

The Settlers 7: Paths to a Kingdom - Gold Edition (HKLM-x32\...\Steam App 48210) (Version:  - Blue Byte)

The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)

The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)

The Whispered World (HKLM-x32\...\Steam App 18490) (Version:  - Daedalic Entertainment)

The Whispered World Special Edition (HKLM-x32\...\Steam App 268540) (Version:  - Daedalic Entertainment)

The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)

The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)

Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)

THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)

To the Moon Version 1.5 (HKLM-x32\...\{C99C132F-6019-4E46-A4E1-7CC5083A38A4}_is1) (Version: 1.5 - Lace Mamba Global)

Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)

Tomb Raider (VI): The Angel of Darkness (HKLM-x32\...\Steam App 225020) (Version:  - Core Design)

Tomb Raider I (HKLM-x32\...\Steam App 224960) (Version:  - Core Design)

Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version:  - Core Design)

Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)

Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version:  - Crystal Dynamics)

Tomb Raider: Chronicles (HKLM-x32\...\Steam App 225000) (Version:  - Core Design)

Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version:  - Crystal Dynamics)

Tomb Raider: The Last Revelation (HKLM-x32\...\Steam App 224980) (Version:  - Core Design)

Tomb Raider: Underworld (HKLM-x32\...\Steam App 8140) (Version:  - Crystal Dynamics Inc.)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)

TuneUp 2.4.8.5 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.8.5 - TuneUp Media, Inc.)

Two Worlds II (HKLM-x32\...\Steam App 7520) (Version:  - Reality Pump Studios)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden

WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)

WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)

WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version:  - )

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2690084202-4102338125-1244546073-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {03483DD8-9129-43DE-991B-726A3ECC67DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21] (Google Inc.)

Task: {08501E37-F0E3-412A-B36A-76FF334466FA} - System32\Tasks\{41279160-C6D1-43D3-BE7C-401B4A8F75A3} => F:\Launcher.exe

Task: {108B78E3-603C-413B-B4AF-C40DDA1534A2} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.2.0.19\SymErr.exe

Task: {1637F85E-AA9B-45A2-9917-E502B7F48697} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)

Task: {1910572C-8E32-4715-9E0F-2540B6817102} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-09-19] (CyberLink)

Task: {1E7D8AB8-6E5B-44AA-9629-AB58FB29D096} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-21] (Google Inc.)

Task: {2232DC5A-4057-4687-A8CD-443E5343678A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {235B4029-CED2-4E4B-942F-229BE19B32C0} - System32\Tasks\{E5C2CBC7-3546-43F3-BB68-4C82A753F6F4} => C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE

Task: {24BC8979-6143-4AAB-86E0-4FAE1DFCDCB0} - System32\Tasks\{88491D1A-B30A-4601-A509-25ADC74810E1} => F:\Launcher.exe

Task: {27C25D25-7122-4EBF-8484-940A21E573BD} - System32\Tasks\{365600F3-B384-4567-B4D6-B61437F4828E} => F:\Launcher.exe

Task: {2FD886AE-3814-4976-9F4E-DA2DDF3258B8} - System32\Tasks\{3B56868E-9954-4E01-A30F-C0508E18941B} => C:\Users\Michael\Documents\Battle_Chess_for_Windows\chess\CHESS.EXE

Task: {32F0AE91-D10C-42B3-9538-A26E34C15D69} - System32\Tasks\{C00CBD12-CFC1-4755-8510-446D5BEF3A1B} => F:\Launcher.exe

Task: {330FC628-77A6-4ABE-BC20-22C5899FFEFE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {5164B37A-B443-4066-A5AD-3EC54D17C2A5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-07] (PC-Doctor, Inc.)

Task: {5218C58A-7D53-4485-8B50-121427D650E2} - System32\Tasks\{E4315DEA-80FE-4AA4-AB89-B0FF256FF2DC} => C:\Users\Michael\Documents\Battle_Chess_for_Windows\chess\CHESS.EXE

Task: {75245B68-A1EB-456F-8EE9-4D956F9003DB} - System32\Tasks\{74FBBF26-F471-482F-BC24-EF84EEE59BE5} => C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE

Task: {7821CAF4-C253-4B4E-BA23-CBA4C4979AEF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {7E281D71-094B-418A-9BB5-58E341BAB48B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2690084202-4102338125-1244546073-1000

Task: {7FBD1269-20D9-4395-B0F2-3B6D664A3B1D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)

Task: {9CF7A70E-A02B-4216-80DB-045E7C908CE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02] (Google Inc.)

Task: {A27965AD-5A79-4FB7-BF77-A06DF11E0BBA} - System32\Tasks\{A80FD16A-243B-48BF-8B58-2D384A729691} => C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE

Task: {B0412736-91D1-411B-9B48-4EACD684FE8E} - System32\Tasks\{190898D5-9042-4776-A7BB-0A455FBED1AC} => C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE

Task: {B3E2A5C5-F237-477B-AC1A-D07D9907B8D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)

Task: {B9895211-56E9-493D-AC2F-145C3B8046C3} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-13] (filetypeadvisor.com                                         )

Task: {BB195730-BF43-455F-8595-234E2C9FFAF9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)

Task: {C8E6E8B2-A392-48C4-BE98-0142D0500DA6} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.2.0.19\SymErr.exe

Task: {CADAADAF-56F9-4530-B3E5-548BE6281E12} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)

Task: {D1E83D9F-4B24-49DE-917F-4D607E3503D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)

Task: {EFF8A66D-CFE0-4B73-B049-7511CD1AABDA} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {F2033B2F-C774-452E-A1E7-0D63F0810C46} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-13] (File Type Advisor)

Task: {F32EB39E-1B18-488C-A25D-FC8B69A89F78} - System32\Tasks\{00AB97CF-BBB8-43C6-AB26-862B2CDC20DF} => Chrome.exe http://ui.skype.com/ui/0/6.5.0.158/de/go/help.faq.installer?LastError=1618

Task: {F3D8BD03-3A8E-4877-B10E-B243DF48B3BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-02] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-24 18:51 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll

2013-04-24 18:51 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

2014-04-01 21:51 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2011-11-15 18:44 - 2011-11-15 18:44 - 02155848 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

2012-06-16 11:06 - 2012-04-03 17:14 - 00041472 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe

2014-01-31 14:49 - 2014-03-07 22:39 - 03168576 _____ () C:\Users\Michael\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2010-11-17 11:35 - 2010-11-17 11:35 - 01440240 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-07-23 22:41 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2011-11-03 17:03 - 2011-11-03 17:03 - 00036864 _____ () C:\Program Files (x86)\SignaturApp\siqSEMrx.ols

2014-01-29 18:41 - 2014-09-16 16:38 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll

2014-01-29 18:41 - 2014-09-16 16:38 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll

2014-01-29 18:41 - 2014-09-16 16:38 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll

2014-01-29 18:41 - 2014-09-16 16:38 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll

2014-01-29 18:41 - 2014-09-16 16:38 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll

2014-01-29 18:41 - 2014-09-16 16:38 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll

2014-01-29 18:41 - 2014-09-16 16:38 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll

2014-01-29 18:41 - 2014-09-16 16:38 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

2014-09-13 20:12 - 2014-09-04 05:01 - 01098056 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll

2014-09-13 20:12 - 2014-09-04 05:01 - 00174408 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll

2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2014-09-13 20:13 - 2014-09-04 05:01 - 08577864 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll

2014-09-13 20:13 - 2014-09-04 05:01 - 00331592 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll

2014-09-13 20:12 - 2014-09-04 05:01 - 01660232 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

2011-06-28 01:45 - 2011-09-22 23:20 - 11233136 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll

2013-02-11 21:23 - 2006-01-12 22:20 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.deu

2013-02-11 21:23 - 2006-01-12 22:13 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA

2013-02-12 21:47 - 2012-09-25 23:51 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2013-02-12 21:47 - 2012-09-25 23:51 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2013-10-23 17:08 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll

2014-01-10 14:32 - 2014-03-26 07:37 - 00866056 _____ () C:\Program Files (x86)\Cyberlink\PowerDVD13\common\UNO\UNO.dll

2014-01-10 14:32 - 2013-05-02 02:06 - 00081920 _____ () C:\Program Files (x86)\Cyberlink\PowerDVD13\Common\koan\_ctypes.pyd

2014-01-10 14:32 - 2013-05-02 02:06 - 00053248 _____ () C:\Program Files (x86)\Cyberlink\PowerDVD13\Common\Koan\_socket.pyd

2014-01-10 14:32 - 2013-05-02 02:06 - 00655360 _____ () C:\Program Files (x86)\Cyberlink\PowerDVD13\Common\Koan\_ssl.pyd

2014-01-10 14:32 - 2014-03-26 07:36 - 00043272 _____ () C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DHProcedure\DHProcedure.dll

2010-07-22 03:02 - 2010-07-22 03:02 - 00219632 _____ () C:\Program Files (x86)\Roxio\OEM\Common\SonicHDDemuxer.dll

2014-06-19 11:54 - 2014-06-19 11:54 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2014-09-16 16:59 - 2014-09-16 16:59 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyxlcjp.dll

2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll

2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd

2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd

2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd

2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd

2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd

2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll

2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd

2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd

2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd

2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll

2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd

2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll

2010-11-23 00:57 - 2010-11-23 00:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd

2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd

2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd

2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll

2014-08-20 03:34 - 2014-08-20 03:34 - 00031488 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL

2014-09-11 04:06 - 2014-09-11 04:06 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e39f250f44c042610b447ddce43d1aa2\IsdiInterop.ni.dll

2011-07-18 23:37 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2010-11-17 11:35 - 2010-11-17 11:35 - 00657904 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll

2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd

2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd

2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll

2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll

2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll

2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll

2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll

2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll

2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll

2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll

2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll

2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll

2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll

2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll

2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll

2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Michael\Desktop\HandBrake-0.9.9-1_x86_64-Win_GUI.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\dpLaunchSet.exe:BDU

AlternateDataStreams: C:\Users\Michael\Downloads\FreeYouTubeDownload.exe:BDU

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

 

==================== Faulty Device Manager Devices =============

 

Name: WPD-Dateisystem-Volumetreiber

Description: WPD-Dateisystem-Volumetreiber

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Microsoft

Service: WUDFRd

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name: WPD-Dateisystem-Volumetreiber

Description: WPD-Dateisystem-Volumetreiber

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Microsoft

Service: WUDFRd

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/16/2014 04:56:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/16/2014 04:36:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (09/15/2014 08:13:14 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

 

 

Microsoft Office Sessions:

=========================

Error: (09/16/2014 04:56:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (09/16/2014 04:36:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-2500 CPU @ 3.30GHz

Percentage of memory in use: 73%

Total physical RAM: 6126.46 MB

Available physical RAM: 1615.55 MB

Total Pagefile: 12251.09 MB

Available Pagefile: 6600.14 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:206.35 GB) (Free:3.63 GB) NTFS

Drive d: () (Fixed) (Total:1177.63 GB) (Free:419.79 GB) NTFS

Drive e: (Windows 8) (Fixed) (Total:372.61 GB) (Free:345.25 GB) NTFS

Drive g: (DEXTER SEASON 8 DISC 4) (CDROM) (Total:26.6 GB) (Free:0 GB) UDF

Drive h: (Elements) (Fixed) (Total:3725.99 GB) (Free:2846.02 GB) NTFS

Drive i: (Volume) (Fixed) (Total:1863.01 GB) (Free:920.75 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: C2E250FB)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=206.3 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=1177.6 GB) - (Type=05)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 18174FAE)

Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)

 

========================================================

Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0002DE0F)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 7.

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

51a612a8b27e2-Zoek.pngScan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 


Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;FFdefaults;CHRdefaults;

 

 


Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

 

Let me see those logs, also give an update on any remaining issues or cconcerns....

 

Kevin.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Michael at 2014-09-16 21:32:52 Run:1
Running from D:\Farbar
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {606fb54e-f24d-11e0-b8d3-782bcbab51a4} - F:\setup.exe AUTORUN=1
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {6e92c139-e1d2-11e0-8665-782bcbab51a4} - F:\AutoRun.exe
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {6e92c13d-e1d2-11e0-8665-782bcbab51a4} - F:\AutoRun.exe
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {7559b2c5-dc3c-11e0-9e0b-782bcbab51a4} - G:\AutoRun.exe
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {7559b2c9-dc3c-11e0-9e0b-782bcbab51a4} - I:\AutoRun.exe
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {8109a5d8-dbdc-11e0-a69f-782bcbab51a4} - G:\AutoRun.exe
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {8109a5df-dbdc-11e0-a69f-782bcbab51a4} - G:\AutoRun.exe
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {ea656b8d-dd67-11e0-839b-782bcbab51a4} - F:\AutoRun.exe
HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\...\MountPoints2: {ea656b91-dd67-11e0-839b-782bcbab51a4} - G:\AutoRun.exe
CHR StartupUrls: Default -> "hxxp://home.sweetim.com/?barid={62CC5AD8-C94E-11E2-9872-782BCBAB51A4}&crg=3.1010000.10011&st=23&ptr=100", "hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN27369830502723617&UM=2", "hxxp://search.conduit.com/?ctid=CT3312806&SearchSource=48&CUI=UN41196317515417058&UM=1"
C:\Users\Default\NTUSER (1).DAT
C:\Users\Michael\ntuser (1).dat
C:\Users\Michael\ntuser (2).dat
AlternateDataStreams: C:\Users\Michael\Desktop\HandBrake-0.9.9-1_x86_64-Win_GUI.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\dpLaunchSet.exe:BDU
AlternateDataStreams: C:\Users\Michael\Downloads\FreeYouTubeDownload.exe:BDU
Emptytemp:
End
 
*****************
 
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{606fb54e-f24d-11e0-b8d3-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{606fb54e-f24d-11e0-b8d3-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e92c139-e1d2-11e0-8665-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{6e92c139-e1d2-11e0-8665-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e92c13d-e1d2-11e0-8665-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{6e92c13d-e1d2-11e0-8665-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7559b2c5-dc3c-11e0-9e0b-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{7559b2c5-dc3c-11e0-9e0b-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7559b2c9-dc3c-11e0-9e0b-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{7559b2c9-dc3c-11e0-9e0b-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8109a5d8-dbdc-11e0-a69f-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{8109a5d8-dbdc-11e0-a69f-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8109a5df-dbdc-11e0-a69f-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{8109a5df-dbdc-11e0-a69f-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea656b8d-dd67-11e0-839b-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{ea656b8d-dd67-11e0-839b-782bcbab51a4}" => Key not found.
"HKU\S-1-5-21-2690084202-4102338125-1244546073-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea656b91-dd67-11e0-839b-782bcbab51a4}" => Key deleted successfully.
"HKCR\CLSID\{ea656b91-dd67-11e0-839b-782bcbab51a4}" => Key not found.
Chrome StartupUrls deleted successfully.
C:\Users\Default\NTUSER (1).DAT => Moved successfully.
C:\Users\Michael\ntuser (1).dat => Moved successfully.
C:\Users\Michael\ntuser (2).dat => Moved successfully.
C:\Users\Michael\Desktop\HandBrake-0.9.9-1_x86_64-Win_GUI.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\dpLaunchSet.exe => ":BDU" ADS removed successfully.
C:\Users\Michael\Downloads\FreeYouTubeDownload.exe => ":BDU" ADS removed successfully.
EmptyTemp: => Removed 34.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Suchlauf Datum: 16.09.2014
Suchlauf-Zeit: 21:56:30
Logdatei: 
Administrator: Ja
 
Version: 2.00.2.1012
Malware Datenbank: v2014.09.16.07
Rootkit Datenbank: v2014.09.15.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert
 
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael
 
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 361139
Verstrichene Zeit: 17 Min, 59 Sek
 
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
 
Prozesse: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registrierungsschlüssel: 0
(No malicious items detected)
 
Registrierungswerte: 0
(No malicious items detected)
 
Registrierungsdaten: 0
(No malicious items detected)
 
Ordner: 0
(No malicious items detected)
 
Dateien: 0
(No malicious items detected)
 
Physische Sektoren: 0
(No malicious items detected)
 
 
(end)

 

 

Will do ZOEK tomorrow, beditme now  

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 14-September-2014

Tool run by Michael on 17.09.2014 at 17:33:10,35.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: D:\Farbar\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

17.09.2014 17:38:35 Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\ICQM deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\Nokia deleted successfully

C:\PROGRA~2\Omron Healthcare deleted successfully

C:\Program Files\Bitdefender deleted successfully

C:\Program Files\office.tmp deleted successfully

C:\Program Files\SteelSeries deleted successfully

C:\PROGRA~3\eDocPrintPro deleted successfully

C:\PROGRA~3\ISDNWatch deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\PROGRA~3\SteelSeries deleted successfully

C:\PROGRA~3\WinZipEC deleted successfully

C:\Users\Michael\AppData\Roaming\AdobeUM deleted successfully

C:\Users\Michael\AppData\Roaming\Download Manager deleted successfully

C:\Users\Michael\AppData\Roaming\FileAdvisor deleted successfully

C:\Users\Michael\AppData\Roaming\Lionhead Studios deleted successfully

C:\Users\Michael\AppData\Roaming\Opera Software deleted successfully

C:\Users\Michael\AppData\Roaming\REINER SCT deleted successfully

C:\Users\Michael\AppData\Roaming\SteelSeries deleted successfully

C:\Users\Michael\AppData\Roaming\TP deleted successfully

C:\Users\Michael\AppData\Roaming\Windows Live Writer deleted successfully

C:\Users\Michael\AppData\Local\MediaShow deleted successfully

C:\Users\Michael\AppData\Local\Opera Software deleted successfully

C:\Users\Michael\AppData\Local\Windows Live Writer deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4F3D26C8-9907-48ff-BC74-B8C572D317BF} deleted successfully

 

==== Running Processes ======================

 

C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Windows\SysWOW64\cjpcsc.exe

C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe

C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe

C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\SignaturApp\siqSEMr.exe

C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\SignaturApp\siqBootLoader.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Users\Michael\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe

C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe

C:\Program Files (x86)\Nettalk6\Nettalk.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe

C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe

C:\Program Files (x86)\Cyberlink\PowerDVD13\PowerDVD13Agent.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\PROGRA~2\Raptr\raptr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\PROGRA~2\Raptr\raptr_im.exe

D:\Farbar\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

Deleted from C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default\prefs.js:

user_pref("browser.newtab.url", "about:blank");

 

Added to C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");


user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

 

Deleted from C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\w1f31wur.default\prefs.js:

user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CSeaMonkey%5Csearchplugins%5Cgoogle-de.src");

 

Added to C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\w1f31wur.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");


user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

 

Deleted from C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\m69ockec.default\prefs.js:

 

Added to C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\m69ockec.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");


user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

 

ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default

 

user.js not found

---- Lines {4F3D26C8-9907-48ff-BC74-B8C572D317BF} modified from prefs.js ----

 

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4F3D26C8-9907-48ff-BC74-B8C572D317BF}\":{\"descriptor\":\"C:\\\\

---- FireFox user.js and prefs.js backups ---- 

 

prefs__1750_.backup

 

ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\w1f31wur.default

 

user.js not found

---- FireFox user.js and prefs.js backups ---- 

 

prefs__1750_.backup

 

ProfilePath: C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\m69ockec.default

 

user.js not found

---- FireFox user.js and prefs.js backups ---- 

 

prefs__1750_.backup

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\Mozilla Firefox\defaults\preferences\.mkdir.done deleted

C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted

C:\PROGRA~2\Yahoo! deleted

C:\Users\Michael\AppData\Roaming\bdfvconp.ini deleted

C:\Users\Michael\AppData\Roaming\Yahoo! deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Michael\AppData\Local\bass.dll deleted

C:\Users\Michael\AppData\Local\basscd.dll deleted

C:\Users\Michael\AppData\Local\CDRip.dll deleted

C:\Users\Michael\AppData\Local\lame_enc.dll deleted

C:\Users\Michael\AppData\Local\no23xwrapper.dll deleted

C:\Users\Michael\AppData\Local\ogg.dll deleted

C:\Users\Michael\AppData\Local\vorbis.dll deleted

C:\Users\Michael\AppData\Local\vorbisenc.dll deleted

C:\Users\Michael\AppData\Local\vorbisfile.dll deleted

C:\Users\Michael\AppData\Local\CRE deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Users\Michael\Downloads\SoftonicDownloader_fuer_cube.exe deleted

C:\Users\Michael\AppData\LocalLow\PaybackToolbar32 deleted

C:\Users\Michael\AppData\LocalLow\boost_interprocess deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default\extensions\clickmoviedownloader2@clickmoviedownloader.com.xpi deleted

C:\Users\Michael\AppData\Local\No23 Recorder.exe deleted

 

==== System Specs ======================

 

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 6127 MB

CPU Info: Intel® Core i5-2500 CPU @ 3.30GHz

CPU Speed: 3290,4 MHz

Sound Card: Lautsprecher (SteelSeries Diabl | 

Lautsprecher (Realtek High Defi | 

Realtek Digital Output (Realtek | 

Display Adapters: AMD Radeon HD 6670 | AMD Radeon HD 6670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 2x; PnP-Monitor (Standard) | PnP-Monitor (Standard) | 

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Broadcom NetLink Gigabit Ethernet

CD / DVD Drives: 2x (F: | G: | ) F: TSSTcorpDVD+-RW TS-H653H | G: PIONEER BD-ROM  BDC-202

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C:  206,3GB | D:  1177,6GB | E:  372,6GB | H:  3726,0GB | I:  1863,0GB

Hard Disks - Free: C:  31,5GB | D:  425,8GB | E:  345,2GB | H:  2846,0GB | I:  920,8GB

Manufacturer *: Dell Inc.

BIOS Info: AT/AT COMPATIBLE | 02/15/11 | DELL   - 20100118

Time Zone: Mitteleuropäische Zeit

Motherboard *: Dell Inc. 0Y2MRG

Country: Deutschland 

Language: DEU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)

Anti-Spyware: Norton Internet Security disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Firewall: Norton Internet Security disabled

Default Browser: Google Chrome 37.0.2062.120

Internet Explorer Version: 11.0.9600.17280 

Mozilla Firefox version: 17.0.1 (x86 de)

Google Chrome version: 37.0.2062.120

Adobe Reader version: 11.0.8.4

Sun Java version: 1.7.0_67 (32-bit) 

Sun Java version: 1.6.0_24 (64-bit) 

Flash Player version: 15.0.0.152

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\Michael\AppData\Local\Temp ====

2014-09-17 15:22:12 D11FB7A5078631BE2E183DC56FCD5375 43008 ----a-w- C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwpuisr.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-09-12 14:01:16 E3D7B3F64C30994409BDF8E48048A854 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2014-09-12 14:01:16 297EF1AB73B8FCE76BCA1365C2E49AFC 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll

2014-09-12 14:01:15 CC8F34B345DA638D77BB48C035DA628D 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll

2014-09-12 14:01:15 84E96F4AF8A7748A3DE7C3EBBC6768E5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll

2014-09-12 14:01:15 6DD476318F524D2DCB73AFEB2EE27B4A 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-12 14:01:15 4F2EDC301EC63F803C0FDB6CC87EDA24 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2014-09-12 14:01:15 42F6F28D4885505F687CAF0459FF9F90 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2014-09-12 14:01:15 13C2C87C35E52AAB1B439FB2E26DF2DE 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2014-09-12 14:01:15 010DFAF3EF93994B805BAA1493D47973 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll

2014-09-12 14:01:14 D603AC77E17E5B9583E382F2EE0381A7 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2014-09-12 14:01:14 AA595171932ACC79DA9851067DCBDABF 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2014-09-12 14:01:14 8D4FCAB2643DFEF68040B70F1EDCCBC5 327872 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll

2014-09-12 14:01:14 7C3D593AB1E2F5E5687D97772EF99AC7 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2014-09-12 14:01:14 77F79126444896B5867E6761490735B8 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-12 14:01:14 2E2E40E5D92EEA979548E307C5781038 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll

2014-09-12 14:01:14 074646C5A979DE79133DE4A8530A9C5D 603136 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2014-09-12 14:01:13 88EBB8526981D03C5777AB0A4AEBA8B4 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-12 14:01:13 5074835337862817DB3726558D0908DE 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-12 14:01:13 1D8C086A39B9794D7131384586811B25 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2014-09-12 14:01:12 FD96C05DE700F5FD26273D6DDB6495A7 2185728 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2014-09-12 14:01:11 D58988722C72D265B51A54103DFC2C6F 1812992 ----a-w- C:\Windows\SysWOW64\wininet.dll

2014-09-12 14:01:11 77B7DDF91F3ED2CDB6CF60224EE13433 4232704 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2014-09-12 14:01:11 41010A88B70A2168F801DC19EBD4CB4F 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2014-09-12 14:01:10 7BF1CE9240CB9DD27C3E30733176EB8E 17455104 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2014-09-12 14:01:10 6A3A809CA7A8F40C89E6F1D301898A66 2014208 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2014-09-12 14:01:09 A3560FAFC1686D5EE9830B33B5C74B66 11769856 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2014-09-11 01:09:48 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 22:10:09 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 ----a-w- C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 22:10:02 79896A78039C9A63C56197843CFBAD0B 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 22:09:50 B094390B6B2D0456821384771020870B 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2014-09-10 22:09:50 1B85FA0D0A93C011B76678733F39DB6C 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2014-09-10 22:09:50 10826DA2FC073702AEAB93AF3D73B066 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-09-12 14:01:16 9EFF09364ABDC86770FA0B1BCC9CA3C3 596480 ----a-w- C:\Windows\Sysnative\ieui.dll

2014-09-12 14:01:16 1BE1D1942825BE2146941DA274D2B92F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2014-09-12 14:01:15 EF79F0B9E0F277F5797C475DF4248B97 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll

2014-09-12 14:01:15 EE6B22396FA99639A163B1B7E9736669 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll

2014-09-12 14:01:15 E76C23C71345ACBC65ED8F6E87AD01D1 195584 ----a-w- C:\Windows\Sysnative\msrating.dll

2014-09-12 14:01:15 C07D636B0237172345E68AE8B70A2984 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2014-09-12 14:01:15 C067D863FCD53B91A5BF78AE1CE88E54 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2014-09-12 14:01:15 A0600300428AB73664050659E738F11F 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll

2014-09-12 14:01:15 786ECD92C9D77F571134283E0FABAF1A 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll

2014-09-12 14:01:15 641068C626DE3AD348871D0D7931A3FA 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll

2014-09-12 14:01:15 4CF33E458BAEDA917CAE9F2E8338479C 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll

2014-09-12 14:01:15 305D5395A65D00C74A94AEA40E9909E9 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll

2014-09-12 14:01:15 2D95BDB699FA1D531B642EA18464FE05 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2014-09-12 14:01:15 0113777A28BEC88A50C2566F346E4B58 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll

2014-09-12 14:01:14 A1BB4CFB25F7CE1D4F67DD71111823AA 374968 ----a-w- C:\Windows\Sysnative\iedkcs32.dll

2014-09-12 14:01:14 68B0077C0D09D1B669A260F2921FD6B9 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll

2014-09-12 14:01:14 33BAC6F66DB5FE5F7E20D41B025F490E 707072 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2014-09-12 14:01:14 2AEFBA4339A34C8EF021B49D23D1F1DF 727040 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2014-09-12 14:01:13 920BD93A0B64657A20CA66C2EBB167EA 23591424 ----a-w- C:\Windows\Sysnative\mshtml.dll

2014-09-12 14:01:13 698C19E198F832E071778A1427E942C8 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe

2014-09-12 14:01:13 5A0C72B9D3CCA42D8AB74890C19443B2 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

2014-09-12 14:01:13 4C8838D7C13E9080AF4B548CA791896B 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll

2014-09-12 14:01:13 227303FC6E95547EA274F4337BBC7278 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll

2014-09-12 14:01:13 1439630B47D717960D59423958754394 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2014-09-12 14:01:12 75498A52C2AE248DEE5BDF5209768963 2793984 ----a-w- C:\Windows\Sysnative\iertutil.dll

2014-09-12 14:01:11 FECA80905D551074E1A9298BD98103B7 1447424 ----a-w- C:\Windows\Sysnative\urlmon.dll

2014-09-12 14:01:11 F6304AACC5744016770C8C797CAA2AF7 5833728 ----a-w- C:\Windows\Sysnative\jscript9.dll

2014-09-12 14:01:11 39EBB9708453036A74C30C9A294023FF 2310656 ----a-w- C:\Windows\Sysnative\wininet.dll

2014-09-12 14:01:10 97752927B6E2401011A96E0D6082E403 2104832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2014-09-12 14:01:09 BA56C68CCB912C4C08C97DD32C47AD31 13588480 ----a-w- C:\Windows\Sysnative\ieframe.dll

2014-09-11 01:09:48 3469B9FAE899139FEE7356E91693376A 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll

2014-09-10 22:10:09 EFF3FF9D9E5BFD2A05390D959A1C3AD0 1031168 ----a-w- C:\Windows\Sysnative\TSWorkspace.dll

2014-09-10 22:10:02 224C2EEBAAF39CD93DE5332DBE5E5A95 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll

2014-09-10 22:09:52 33EF550DCCC58C93F5B65FD75BAD9832 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll

2014-09-10 22:09:50 EE4B105F1DBE1E864AFC72E7F0315432 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2014-09-10 22:09:47 E2BCB58869598B392D6A78953F61A2D9 578048 ----a-w- C:\Windows\Sysnative\aepdu.dll

2014-09-10 22:09:46 88BC88D0BDFB6BBE5765D5ABB233C110 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll

2014-09-03 20:44:21 0BB3FA3147817807CF281ABDC776E690 40 ----a-w- C:\Windows\Sysnative\?5

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-09-14 18:51:03 -------- d-----w- C:\Program Files\iPod

2014-09-14 18:51:01 -------- d-----w- C:\Program Files\iTunes

======= C:\PROGRA~2 =====

2014-08-29 11:02:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype

2014-08-29 08:38:50 -------- d-----w- C:\PROGRA~2\OpenAL

======= C: =====

====== C:\Users\Michael\AppData\Roaming ======

2014-09-07 13:14:45 -------- d-----w- C:\Users\Michael\AppData\Local\Blizzard

2014-08-29 12:16:48 -------- d-----w- C:\Users\Michael\AppData\Local\Adobe

2014-08-29 07:29:24 -------- d-----w- C:\Users\Michael\AppData\Local\GOG.com

2014-08-23 19:11:31 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\CrashDumps

====== C:\Users\Michael ======

2014-09-14 18:51:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-14 18:51:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-07 11:55:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone

2014-08-29 11:02:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-08-29 07:29:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

 

====== C: exe-files ==

2014-09-12 14:01:16 ED689CF5DA7A0374D2A8E3A8550522F7 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2014-09-12 14:01:16 0D75A74E925F00D9F256F6A53733DAF8 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe

2014-09-12 14:01:11 9540F3F5489747E71101E8AC9850CC79 810168 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

=== C: other files ==

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender-Geldb”rse-Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

"Bitdefender-Geldb”rse"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"

"Bitdefender-Geldb”rse-Anwendungs-Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-21-2690084202-4102338125-1244546073-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"AusweisApp"="C:\Program Files (x86)\AusweisApp\siqBootLoader.exe"

"1987D95A86FCFAF5B82FFA7E9B4B7814763EFF83._service_run"="C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"

"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"

"OpenLimit Middleware Version 3"="C:\Program Files (x86)\SignaturApp\siqSEMr.exe"

"dradio-RecorderTimer"="C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe"

"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"

"updateMgr"="C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1"

"icq"="C:\Users\Michael\AppData\Roaming\ICQM\icq.exe -CU"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"Amazon Cloud Player"="C:\Users\Michael\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

"GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D"="C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"

"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender-Geldb”rse-Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

"Bitdefender-Geldb”rse"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"

"Bitdefender-Geldb”rse-Anwendungs-Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"ShwiconXP9106"="C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe"

"THX Audio Control Panel"="C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe /r"

"UpdReg"="C:\Windows\UpdReg.EXE"

"Dell DataSafe Online"="C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

"Desktop Disc Tool"="C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

"TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"

"BrStsWnd"="C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun"

"Acrobat Assistant 7.0"="C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

"Intel AppUp® center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"

"Intel AppUp® center Systray"="C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon"

"SMB60StarMoneyRunEntry"="C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\oflagent.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"RoccatKoneXTD"="C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE"

"PowerDVD13Agent"="C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax"="C:\Windows\system32\rundll32.exe C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax,DllRegisterServer"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

"AusweisApp"="C:\Program Files (x86)\AusweisApp\siqBootLoader.exe"

"1987D95A86FCFAF5B82FFA7E9B4B7814763EFF83._service_run"="C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"

"MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe"

"OpenLimit Middleware Version 3"="C:\Program Files (x86)\SignaturApp\siqSEMr.exe"

"dradio-RecorderTimer"="C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe"

"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"

"updateMgr"="C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1"

"icq"="C:\Users\Michael\AppData\Roaming\ICQM\icq.exe -CU"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"Amazon Cloud Player"="C:\Users\Michael\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

"GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D"="C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"

"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"RunDLLEntry_THXCfg"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64"

"RunDLLEntry_EptMon"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64"

"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"

"InstallerLauncher"="C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"

"DellStage"=""C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup"

 

==== Startup Registry Disabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AccuWeatherWidget]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AccuWeatherWidget"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Dell Stage\\Dell Stage\\AccuWeather\\accuweather.exe\" \"C:\\Program Files (x86)\\Dell Stage\\Dell Stage\\AccuWeather\\start.umj\" --startup"

 

 

==== Startup Folders ======================

 

2013-03-17 16:00:09 1061 ----a-w- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

2012-08-25 11:21:41 1057 ----a-w- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2014-03-09 18:53:10 1002 ----a-w- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk

2013-02-08 18:50:26 2453 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

2013-01-02 13:11:01 2141 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk

2014-01-28 15:42:50 2116 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

2014-01-28 15:42:49 2116 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

2013-10-25 14:17:18 2150 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ryos Driver.lnk

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10.09.2014 19:40]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02.08.2011 21:46]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02.08.2011 21:46]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000Core.job --a------ C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [21.07.2011 18:50]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000UA.job --a------ C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [21.07.2011 18:50]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe]

"C:\Windows\SysNative\tasks\FileAdvisorCheck" ["C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe"]

"C:\Windows\SysNative\tasks\FileAdvisorUpdate" ["C:\Program Files (x86)\File Type Advisor\fileadvisor.exe"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000Core" [C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2690084202-4102338125-1244546073-1000UA" [C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe"]

"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]

"C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]

"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{7BA53253-46F5-4DB0-8534-662A593964EE}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\{00AB97CF-BBB8-43C6-AB26-862B2CDC20DF}" ["c:\users\michael\appdata\local\google\chrome\application\chrome.exe"]

"C:\Windows\SysNative\tasks\{190898D5-9042-4776-A7BB-0A455FBED1AC}" [C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE]

"C:\Windows\SysNative\tasks\{365600F3-B384-4567-B4D6-B61437F4828E}" [F:\Launcher.exe]

"C:\Windows\SysNative\tasks\{3B56868E-9954-4E01-A30F-C0508E18941B}" [C:\Users\Michael\Documents\Battle_Chess_for_Windows\chess\CHESS.EXE]

"C:\Windows\SysNative\tasks\{41279160-C6D1-43D3-BE7C-401B4A8F75A3}" [F:\Launcher.exe]

"C:\Windows\SysNative\tasks\{74FBBF26-F471-482F-BC24-EF84EEE59BE5}" [C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE]

"C:\Windows\SysNative\tasks\{88491D1A-B30A-4601-A509-25ADC74810E1}" [F:\Launcher.exe]

"C:\Windows\SysNative\tasks\{A80FD16A-243B-48BF-8B58-2D384A729691}" [C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE]

"C:\Windows\SysNative\tasks\{C00CBD12-CFC1-4755-8510-446D5BEF3A1B}" [F:\Launcher.exe]

"C:\Windows\SysNative\tasks\{E4315DEA-80FE-4AA4-AB89-B0FF256FF2DC}" [C:\Users\Michael\Documents\Battle_Chess_for_Windows\chess\CHESS.EXE]

"C:\Windows\SysNative\tasks\{E5C2CBC7-3546-43F3-BB68-4C82A753F6F4}" [C:\Users\Michael\Desktop\DOT\dott.part1\DOTT.EXE]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security CBE\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.2.0.19\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security CBE\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.2.0.19\SymErr.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn" [17.09.2014 17:19]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 12:36]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default

- Undetermined - C:\Program Files (x86)\AusweisApp\mozilla\eCardClientPIn_FFxx_Win

- Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

- Undetermined - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

- LastPass - %ProfilePath%\extensions\support@lastpass.com

 

ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\SeaMonkey\Profiles\w1f31wur.default

- Undetermined - C:\Program Files\SeaMonkey\extensions\inspector@mozilla.org

- Undetermined - C:\Program Files\SeaMonkey\extensions\langpack-de@chatzilla.mozilla.org

- Undetermined - C:\Program Files\SeaMonkey\extensions\langpack-de@venkman.mozilla.org

- Undetermined - C:\Program Files\SeaMonkey\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

- Undetermined - C:\Program Files\SeaMonkey\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}

- Undetermined - C:\Program Files\SeaMonkey\extensions\modern@themes.mozilla.org

 

ProfilePath: C:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\m69ockec.default

- Undetermined - C:\Programme\BitDefender\BitDefender 2009\tbextension

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\t8ygri77.default

E636113CF769018C8AA688E72828A412 - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll - O3D Plugin

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

 

 

==== Chromium Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

hkoahcaobjbihehldfimhblmhgalcipm - C:\Users\Michael\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx[]

iikflkcanblccfahdhdonehdalibjnif - No path found[]

iokhogohoamdhejdbenjbjkhjmjlggab - C:\Users\Michael\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

obcjlnjgjjgghcedkcohaeboelbblehc - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx[]

 

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

hkoahcaobjbihehldfimhblmhgalcipm - C:\Users\Michael\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx[]

iokhogohoamdhejdbenjbjkhjmjlggab - C:\Users\Michael\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx[]

 

Google Voice Search Hotword (Beta) - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Photo Zoom for Facebook - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi

AdBlock - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

LastPass - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd

Norton Identity Safe - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif

Google Wallet - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

==== Chromium Fix ======================

 

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


"Search Page"="http://www.google.com"


"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


"Default"="www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://www.google.com"

"SearchAssistant"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]




"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Reset Google Chrome ======================

 

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Michael\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hkoahcaobjbihehldfimhblmhgalcipm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iokhogohoamdhejdbenjbjkhjmjlggab deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\obcjlnjgjjgghcedkcohaeboelbblehc deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\hkoahcaobjbihehldfimhblmhgalcipm deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\iokhogohoamdhejdbenjbjkhjmjlggab deleted successfully

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Run: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [intel AppUp® center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

O4 - HKLM\..\Run: [intel AppUp® center Systray] "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe" --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon

O4 - HKLM\..\Run: [sMB60StarMoneyRunEntry] "C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\app\oflagent.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RoccatKoneXTD] "C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE"

O4 - HKLM\..\Run: [PowerDVD13Agent] "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer

O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [AusweisApp] C:\Program Files (x86)\AusweisApp\siqBootLoader.exe

O4 - HKCU\..\Run: [1987D95A86FCFAF5B82FFA7E9B4B7814763EFF83._service_run] "C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [OpenLimit Middleware Version 3] C:\Program Files (x86)\SignaturApp\siqSEMr.exe

O4 - HKCU\..\Run: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe

O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

O4 - HKCU\..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1

O4 - HKCU\..\Run: [icq] C:\Users\Michael\AppData\Roaming\ICQM\icq.exe -CU

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Michael\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] "C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [bitdefender-Geldbörse-Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')

O4 - Startup: An OneNote senden.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Nettalk.lnk = C:\Program Files (x86)\Nettalk6\Nettalk.exe

O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?

O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe

O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe

O4 - Global Startup: Ryos Driver.lnk = C:\Program Files (x86)\ROCCAT\Ryos Keyboard\Ryos MK Monitor.exe

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: LastPass - file://C:\Users\Michael\AppData\LocalLow\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Users\Michael\AppData\LocalLow\LastPass\context.html?cmd=fillforms

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O9 - Extra button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - (no file)

O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Michael\AppData\Roaming\ICQM\icq.exe (HKCU)

O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Michael\AppData\Roaming\ICQM\icq.exe (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {503F5F92-794F-4273-824E-A3EDF65BFAA4} (OWOK) - http://downloads.reiner-sct.de/owok/plugins/rsct_owok_ie-2004.cab

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Acronis Nonstop Backup-Dienst (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: cyberJack PC/SC COM Service  (cjpcsc) - REINER SCT - C:\Windows\SysWOW64\cjpcsc.exe

O23 - Service: CyberLink PowerDVD 13 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe

O23 - Service: CyberLink PowerDVD 13 Media Server Service - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe

O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Origin\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe

O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

O23 - Service: Acronis OS Selector Activator (OS Selector) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: StarMoney Business 6.0 OnlineUpdate - Star Finanz-Software Entwicklung und Vertriebs GmbH - C:\Program Files (x86)\StarMoney Business 6.0 Deutsche Bank Edition\ouservice\StarMoneyOnlineUpdate.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Michael\AppData\Local\Chromium\User Data\Default\Cache emptied successfully

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=243 folders=73 54578835 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Michael\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Michael\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

 

==== EOF on 17.09.2014 at 18:07:12,24 ======================
Link to post
Share on other sites

Thaks for the update, 

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

 

Kevin....

Link to post
Share on other sites

ESET SCAN:

C:\Program Files (x86)\ICQ7.5\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 Win32/OpenCandy potentially unsafe application
C:\Program Files (x86)\ICQ7.5\upgrade\53e83dd5315bfb1f928441c9b4618b68 Win32/OpenCandy potentially unsafe application
C:\Program Files (x86)\ICQ7.6\install_dll\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application
C:\Users\Michael\AppData\Roaming\Xilisoft\Download YouTube Video\x-download-youtube-video2.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Users\Michael\Downloads\FoxitReader602.0413_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Michael\Downloads\FreeYouTubeDownload (1).exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Michael\Downloads\FreeYouTubeDownload (2).exe Win32/OpenCandy potentially unsafe application
C:\Users\Michael\Downloads\FreeYouTubeDownload (3).exe Win32/OpenCandy potentially unsafe application
C:\Users\Michael\Downloads\FreeYouTubeDownload (4).exe Win32/OpenCandy potentially unsafe application
C:\Users\Michael\Downloads\FreeYouTubeDownload.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Michael\Downloads\FreeYouTubeToiPhoneConverter.exe Win32/OpenCandy potentially unsafe application
C:\Users\Michael\Downloads\Setup_MoviesToDVD.exe Win32/Toolbar.Widgi potentially unwanted application
C:\zoek_backup\C_Users_Michael_Downloads_SoftonicDownloader_fuer_cube.exe.vir Win32/SoftonicDownloader.A potentially unwanted application
D:\Documents\Download\FreeYouTubeDownload.exe Win32/OpenCandy potentially unsafe application
D:\Documents\Downloads\AdwCleaner - CHIP-Installer.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
D:\Documents\Downloads\applianflv_upgrade_1472.exe Win32/InstallIQ potentially unwanted application
D:\Documents\Downloads\cbsidlm-cbsi134-Free_M4a_to_MP3_Converter-BP-187723.exe a variant of Win32/CNETInstaller.B potentially unwanted application
D:\Documents\Downloads\cdbxp_setup_4.3.7.2316.exe Win32/OpenCandy potentially unsafe application
D:\Documents\Downloads\FreeStudio.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Documents\Downloads\FreeYouTubeDownload.exe Win32/OpenCandy potentially unsafe application
D:\Documents\Downloads\freeyoutubedownload224.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Documents\Downloads\FreeYouTubeToMp3Converter55.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Documents\Downloads\m4a-to80-mp3-converter (1).exe Win32/Somoto.E potentially unwanted application
D:\Documents\Downloads\m4a-to80-mp3-converter.exe Win32/Somoto.E potentially unwanted application
D:\Documents\Downloads\Saartoto.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Documents\Downloads\TuneUpInst-2.4.8.5.exe Win32/OpenCandy potentially unsafe application
D:\Videos\FreeYouTubeDownload.exe Win32/OpenCandy potentially unsafe application
D:\Videos\Uefa_Cl_Borussia_Dortmund_-Fc_Bayern_Muenchen_Finale_2013_wrestling-universe_org.exe Win32/AdWare.1ClickDownload.AT application
 
 
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp 2.4.8.5    
 JavaFX 2.1.1    
 Java 7 Update 67  
 Java 6 Update 31  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 17.0.1 Firefox out of Date!  
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
For explenation on Firefox, I don't use it at all. Long ago since I've opened it last. 
Link to post
Share on other sites

Thanks for the logs and update....

 

If you dont use Firefox just uninstall it, no point in keeping anything you don`t need or use...

 

Also remove Java™ 6 Update 31 via programs and features

 

Next,

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Program Files (x86)\ICQ7.5\upgrade\2dcd1d63cb45e6613582211c3d5f4b23C:\Program Files (x86)\ICQ7.5\upgrade\53e83dd5315bfb1f928441c9b4618b68C:\Program Files (x86)\ICQ7.6\install_dll\OCSetupHlp.dllC:\Users\Michael\AppData\Roaming\Xilisoft\Download YouTube Video\x-download-youtube-video2.exeC:\Users\Michael\Downloads\FoxitReader602.0413_enu_Setup.exeC:\Users\Michael\Downloads\FreeYouTubeDownload (1).exeC:\Users\Michael\Downloads\FreeYouTubeDownload (2).exeC:\Users\Michael\Downloads\FreeYouTubeDownload (3).exeC:\Users\Michael\Downloads\FreeYouTubeDownload (4).exeC:\Users\Michael\Downloads\FreeYouTubeDownload.exeC:\Users\Michael\Downloads\FreeYouTubeToiPhoneConverter.exeC:\Users\Michael\Downloads\Setup_MoviesToDVD.exeD:\Documents\Download\FreeYouTubeDownload.exeD:\Documents\Downloads\AdwCleaner - CHIP-Installer.exeD:\Documents\Downloads\applianflv_upgrade_1472.exeD:\Documents\Downloads\cbsidlm-cbsi134-Free_M4a_to_MP3_Converter-BP-187723.exeD:\Documents\Downloads\cdbxp_setup_4.3.7.2316.exeD:\Documents\Downloads\FreeStudio.exeD:\Documents\Downloads\FreeYouTubeDownload.exeD:\Documents\Downloads\freeyoutubedownload224.exeD:\Documents\Downloads\FreeYouTubeToMp3Converter55.exeD:\Documents\Downloads\m4a-to80-mp3-converter (1).exeD:\Documents\Downloads\m4a-to80-mp3-converter.exeD:\Documents\Downloads\Saartoto.exeD:\Documents\Downloads\TuneUpInst-2.4.8.5.exeD:\Videos\FreeYouTubeDownload.exeD:\Videos\Uefa_Cl_Borussia_Dortmund_-Fc_Bayern_Muenchen_Finale_2013_wrestling-universe_org.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

If no remaining issues or concerns run the following to clean up....

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if w can close out,

 

Kevin.....

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.