Permanente Werbefenster und links sind doppelt unterstrichen was tun?

rbratz · 23.08.2014, 12:02

Hallo zusammen,

ich denke das Problem ist bekannt aber ich wuerde gern eine Analyse haben und eventl eine Vorgensweise wie ich das Problem loesen kann.

Seit einiger Zeit oeffnen sich permanent Werbefenster wenn ich einen link anklicke. Diese wollen haeufig das ich Java update (java update setup.exe). Zudem habe ich auch noch sehr laesstige Werbefenster in allen Bereichen des browsers. Ich benutze firefox aber arbeite auch mit chrome. Es sieht so aus als wenn alle browser betroffen sind. Im weitern habe ich diese links die doppelt unterstrichen sind. Ich denke ihr kennt das Problem.

Meine Frage:
Kann man da was machen oder soll man den Rechner am besten komplett neu bespielen.
Ich nutze den Rechner fuer die Arbeit und habe schon einige Sachen drauf die mir wichtig sind.

Danke fuer eure hilfe und den hoffentlichen umsetzbaren Rat.

Gruss aus down under,

Robert

M-K-D-B · 23.08.2014, 12:27

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Neu Aufsetzen ist wohl in deinem Fall übertrieben...

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

rbratz · 25.08.2014, 00:09

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by rbratz (administrator) on PAS-E6420-D on 25-08-2014 08:59:45
Running from C:\Users\rbratz\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fcappdb.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
() C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\SupraSavingsService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_FATIBVA.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-16] (Dell Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-30] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-05] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [Google Update] => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [EPSON Stylus CX5000 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVA.EXE [143360 2006-10-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {0045224c-969d-11e1-aa7c-90004ef0d0af} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {00e09687-e7cd-11e1-b13b-90004ef0d0af} - E:\Setup.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {5b6da3cd-736f-11e2-8279-90004ef0d0af} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {6f9a5156-2cb0-11e1-b336-90004ef0d0af} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c154-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c163-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1a9-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1c3-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1fc-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c359-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {9015b3ad-86f9-11e2-a003-001e101f2500} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {9753809b-5468-11e2-ba54-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {a6c3345a-51ea-11e2-9b57-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {b561dea8-51e9-11e2-9bbf-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {f8e3eac1-9c12-11e1-84b3-5c260a5996ba} - "E:\WD SmartWare.exe" autoplay=true
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk
ShortcutTarget: MultiSkypeLauncher.lnk -> C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
URLSearchHook: HKCU - (No Name) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - DefaultScope {92892FC0-CAE5-455C-96D7-5D805F4DA9C0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=120642&babsrc=SP_ss&mntrId=BAFA68A3C4C9506D
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKCU - {50F78362-6D36-40E1-969A-3B7AC87FB5CB} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306926&CUI=UN37640247543883548&UM=2
SearchScopes: HKCU - {92892FC0-CAE5-455C-96D7-5D805F4DA9C0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\PROGRA~2\WINZIP~2\wzwmcie.dll No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Delta Search
FF Homepage: https://mail.google.com/mail/u/0/#inbox
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @ei.CieoNetUtilities_0e.com/Plugin -> C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\NP0eEISB.dll No File
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll (Fortinet Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: No Name - C:\Program Files (x86)\WinZip Courier\FFExt [2011-11-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\extensions\quick_start@gmail.com

Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR NewTab: "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CieoNet Utilities Installer Plugin Stub) - C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\NP0eEISB.dll No File
CHR Plugin: (WinZip Courier) - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\rbratz\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Quick start) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-05-15]
CHR Extension: (Gmail) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\rbratz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-29]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-03-29]
CHR HKCU\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [98322 2014-04-16] (Fortinet Inc.) [File not signed]
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-04] (Wave Systems Corp.) [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\SupraSavingsService64.exe [172544 2014-06-26] () [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-14] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-16] (Dell Inc.) [File not signed]
S2 pricemeterliveUpdate; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe /svc [X]
S3 pricemeterliveUpdatem; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [56032 2014-04-16] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [50912 2014-04-16] (Fortinet Inc)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [16096 2014-04-16] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2013-09-18] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37600 2014-04-16] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [12512 2014-04-16] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [133856 2014-04-16] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [47328 2014-04-16] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [56544 2014-04-16] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28384 2014-04-16] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
S3 mdareDriver_43; C:\Users\rbratz\AppData\Local\Temp\FCPreScan\mdare64_43.sys [90848 2014-01-30] (Fortinet Inc.)
S3 mdareDriver_47; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_47.sys [91872 2014-05-22] (Fortinet Inc.)
R3 mdareDriver_48; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_48.sys [91872 2014-07-04] (Fortinet Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-13] (NetFilterSDK.com)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 08:59 - 2014-08-25 09:00 - 00038126 _____ () C:\Users\rbratz\Downloads\FRST.txt
2014-08-25 08:57 - 2014-08-25 08:59 - 00000000 ____D () C:\FRST
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\rbratz\Downloads\FRST64.exe
2014-08-25 08:55 - 2014-08-25 08:55 - 01095168 _____ (Farbar) C:\Users\rbratz\Downloads\FRST.exe
2014-08-22 11:58 - 2014-08-22 11:58 - 00052224 _____ () C:\Users\rbratz\Downloads\SearchResults(2).xls
2014-08-21 21:32 - 2014-08-21 21:48 - 00012504 _____ () C:\Users\rbratz\Desktop\turnover.xlsx
2014-08-21 08:31 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 08:31 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 08:31 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 08:31 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 08:31 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 08:31 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 08:31 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 08:30 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 08:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 08:30 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 08:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 16:08 - 2014-08-19 17:07 - 00048195 _____ () C:\Users\rbratz\Desktop\zahlen.xlsx
2014-08-19 10:15 - 2014-08-22 17:58 - 00125010 _____ () C:\Users\rbratz\Desktop\pre order overview.xlsx
2014-08-18 15:31 - 2014-08-18 15:31 - 00009599 _____ () C:\Users\rbratz\Desktop\POP EU.xlsx
2014-08-15 11:56 - 2014-08-15 11:56 - 00165376 _____ () C:\Users\rbratz\Desktop\Copy of  SYD Stock On Hand Thursday 14 August 2014 20_00_44_RB.xls
2014-08-14 10:00 - 2014-08-14 10:07 - 00000000 ____D () C:\def8b9787b111ada1366d9301a4c82
2014-08-14 09:54 - 2014-07-01 08:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 09:54 - 2014-07-01 08:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 09:54 - 2014-06-06 16:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 09:54 - 2014-06-06 16:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 09:54 - 2014-03-10 07:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 09:54 - 2014-03-10 07:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 09:54 - 2014-03-10 07:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 09:54 - 2014-03-10 07:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 09:37 - 2014-08-14 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 09:00 - 2014-07-09 08:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 09:00 - 2014-07-09 08:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 08:56 - 2014-07-16 13:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:56 - 2014-07-16 12:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:56 - 2014-06-03 19:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 08:56 - 2014-06-03 19:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 08:56 - 2014-06-03 19:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 08:55 - 2014-07-16 13:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 08:55 - 2014-07-16 12:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 08:55 - 2014-07-16 12:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 08:55 - 2014-07-14 12:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 08:55 - 2014-07-14 11:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 08:55 - 2014-06-25 12:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 08:55 - 2014-06-25 11:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 08:55 - 2014-06-16 12:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:52 - 2014-08-07 12:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 08:52 - 2014-08-07 12:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 15:26 - 2014-08-12 15:29 - 90288664 _____ () C:\Users\rbratz\Downloads\gimp-2.8.10-setup.exe
2014-08-12 12:12 - 2014-08-12 12:12 - 02948254 _____ () C:\Users\rbratz\Downloads\wetransfer-64cfcc.zip.part
2014-08-12 10:16 - 2014-08-12 10:16 - 00004822 _____ () C:\Users\rbratz\Downloads\Mapped Dealers List.xlsx
2014-08-11 17:16 - 2014-08-18 09:44 - 00082064 _____ () C:\Users\rbratz\Desktop\ROBERT2014.TAX
2014-08-11 17:16 - 2014-08-18 09:42 - 00082048 _____ () C:\Users\rbratz\Desktop\ROBERT2014.BAK
2014-08-11 16:27 - 2014-08-11 16:35 - 00000416 _____ () C:\Users\rbratz\Documents\ROBERT2014.TAX
2014-08-11 16:27 - 2014-08-11 16:27 - 00000256 _____ () C:\Users\rbratz\Documents\ROBERT2014.BAK
2014-08-11 15:52 - 2014-08-11 15:52 - 00000000 ____D () C:\Users\rbratz\AppData\Local\etax2014
2014-08-11 15:51 - 2014-08-11 15:51 - 00001887 _____ () C:\Users\rbratz\Desktop\e-tax 2014.lnk
2014-08-11 15:51 - 2014-08-11 15:51 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-08-11 15:50 - 2014-08-11 15:51 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-08-11 15:45 - 2014-08-11 15:48 - 30756864 _____ () C:\Users\rbratz\Downloads\etax2014_1.msi
2014-08-06 11:09 - 2014-08-06 11:10 - 00013045 _____ () C:\Users\rbratz\Downloads\_DetailTranSummary (Bratz,Robert)(2).html
2014-08-04 09:31 - 2014-08-04 09:34 - 02462356 _____ () C:\Users\rbratz\Downloads\2015_launch_banners.zip
2014-07-30 14:25 - 2014-07-30 14:25 - 00064464 _____ () C:\Users\rbratz\Downloads\Item list_RB.xlsx
2014-07-30 14:03 - 2014-07-30 14:03 - 00047368 _____ () C:\Users\rbratz\Downloads\Item list.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 09:00 - 2014-08-25 08:59 - 00038126 _____ () C:\Users\rbratz\Downloads\FRST.txt
2014-08-25 08:59 - 2014-08-25 08:57 - 00000000 ____D () C:\FRST
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\rbratz\Downloads\FRST64.exe
2014-08-25 08:55 - 2014-08-25 08:55 - 01095168 _____ (Farbar) C:\Users\rbratz\Downloads\FRST.exe
2014-08-25 08:51 - 2012-11-21 20:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 08:50 - 2014-05-15 03:45 - 00000966 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-08-25 08:45 - 2011-07-16 03:39 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Skype
2014-08-25 08:44 - 2014-06-27 08:12 - 00000000 ____D () C:\Program Files\SupraSavings
2014-08-25 08:32 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 08:32 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 08:30 - 2011-07-16 03:41 - 00000000 ____D () C:\Users\rbratz\Documents\Outlook Files
2014-08-25 08:28 - 2014-05-15 03:45 - 00000962 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-08-25 08:28 - 2012-11-21 20:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 08:28 - 2011-07-27 21:52 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\.oit
2014-08-25 08:28 - 2011-05-24 23:22 - 01557421 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 08:22 - 2013-10-20 18:18 - 00050188 _____ () C:\Windows\setupact.log
2014-08-25 08:22 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 22:15 - 2011-12-21 20:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA.job
2014-08-23 21:59 - 2014-04-11 13:44 - 00000000 ____D () C:\Windows\rescache
2014-08-23 20:33 - 2011-07-26 21:26 - 00000000 ____D () C:\Users\rbratz\Desktop\BEST
2014-08-23 20:01 - 2013-10-20 18:18 - 03075144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 17:58 - 2014-08-19 10:15 - 00125010 _____ () C:\Users\rbratz\Desktop\pre order overview.xlsx
2014-08-22 12:15 - 2011-12-21 20:43 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core.job
2014-08-22 11:58 - 2014-08-22 11:58 - 00052224 _____ () C:\Users\rbratz\Downloads\SearchResults(2).xls
2014-08-22 11:21 - 2013-05-17 01:55 - 00000000 ____D () C:\Users\rbratz\Desktop\Auatralia
2014-08-21 21:48 - 2014-08-21 21:32 - 00012504 _____ () C:\Users\rbratz\Desktop\turnover.xlsx
2014-08-20 20:55 - 2014-04-03 14:22 - 00000000 ____D () C:\Users\rbratz\Desktop\Transition period Navi
2014-08-20 13:06 - 2013-03-29 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 17:07 - 2014-08-19 16:08 - 00048195 _____ () C:\Users\rbratz\Desktop\zahlen.xlsx
2014-08-18 15:31 - 2014-08-18 15:31 - 00009599 _____ () C:\Users\rbratz\Desktop\POP EU.xlsx
2014-08-18 09:44 - 2014-08-11 17:16 - 00082064 _____ () C:\Users\rbratz\Desktop\ROBERT2014.TAX
2014-08-18 09:42 - 2014-08-11 17:16 - 00082048 _____ () C:\Users\rbratz\Desktop\ROBERT2014.BAK
2014-08-15 11:56 - 2014-08-15 11:56 - 00165376 _____ () C:\Users\rbratz\Desktop\Copy of  SYD Stock On Hand Thursday 14 August 2014 20_00_44_RB.xls
2014-08-14 22:58 - 2012-06-13 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 13:01 - 2013-10-20 18:18 - 00630040 _____ () C:\Windows\PFRO.log
2014-08-14 10:07 - 2014-08-14 10:00 - 00000000 ____D () C:\def8b9787b111ada1366d9301a4c82
2014-08-14 10:07 - 2013-09-19 08:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:07 - 2011-07-09 04:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 10:00 - 2011-07-09 04:59 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 09:53 - 2014-05-06 12:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 09:37 - 2014-08-14 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-12 15:29 - 2014-08-12 15:26 - 90288664 _____ () C:\Users\rbratz\Downloads\gimp-2.8.10-setup.exe
2014-08-12 13:56 - 2011-09-30 22:24 - 00000000 ____D () C:\Users\rbratz\Desktop\privat
2014-08-12 12:12 - 2014-08-12 12:12 - 02948254 _____ () C:\Users\rbratz\Downloads\wetransfer-64cfcc.zip.part
2014-08-12 10:16 - 2014-08-12 10:16 - 00004822 _____ () C:\Users\rbratz\Downloads\Mapped Dealers List.xlsx
2014-08-11 16:35 - 2014-08-11 16:27 - 00000416 _____ () C:\Users\rbratz\Documents\ROBERT2014.TAX
2014-08-11 16:27 - 2014-08-11 16:27 - 00000256 _____ () C:\Users\rbratz\Documents\ROBERT2014.BAK
2014-08-11 15:52 - 2014-08-11 15:52 - 00000000 ____D () C:\Users\rbratz\AppData\Local\etax2014
2014-08-11 15:51 - 2014-08-11 15:51 - 00001887 _____ () C:\Users\rbratz\Desktop\e-tax 2014.lnk
2014-08-11 15:51 - 2014-08-11 15:51 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-08-11 15:51 - 2014-08-11 15:50 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-08-11 15:48 - 2014-08-11 15:45 - 30756864 _____ () C:\Users\rbratz\Downloads\etax2014_1.msi
2014-08-07 12:06 - 2014-08-14 08:52 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 12:01 - 2014-08-14 08:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 11:10 - 2014-08-06 11:09 - 00013045 _____ () C:\Users\rbratz\Downloads\_DetailTranSummary (Bratz,Robert)(2).html
2014-08-05 09:20 - 2010-11-21 13:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 09:34 - 2014-08-04 09:31 - 02462356 _____ () C:\Users\rbratz\Downloads\2015_launch_banners.zip
2014-07-30 15:36 - 2009-07-14 15:13 - 00816122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 14:25 - 2014-07-30 14:25 - 00064464 _____ () C:\Users\rbratz\Downloads\Item list_RB.xlsx
2014-07-30 14:03 - 2014-07-30 14:03 - 00047368 _____ () C:\Users\rbratz\Downloads\Item list.xlsx
2014-07-27 16:51 - 2009-07-14 15:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\pureadmin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\pureadmin\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\pureadmin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\pureadmin\AppData\Local\Temp\MSNDE55.exe
C:\Users\rbratz\AppData\Local\Temp\-vauecmt.dll
C:\Users\rbratz\AppData\Local\Temp\0_Offer_1.exe
C:\Users\rbratz\AppData\Local\Temp\1nfbw9um.dll
C:\Users\rbratz\AppData\Local\Temp\1_Offer_6.exe
C:\Users\rbratz\AppData\Local\Temp\1_Offer_8.exe
C:\Users\rbratz\AppData\Local\Temp\1_Offer_9.exe
C:\Users\rbratz\AppData\Local\Temp\3dynbvvj.dll
C:\Users\rbratz\AppData\Local\Temp\3q7t2sut.dll
C:\Users\rbratz\AppData\Local\Temp\arcparlupd.exe
C:\Users\rbratz\AppData\Local\Temp\BackupSetup.exe
C:\Users\rbratz\AppData\Local\Temp\dchlwbuq.dll
C:\Users\rbratz\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\rbratz\AppData\Local\Temp\fasle.dll
C:\Users\rbratz\AppData\Local\Temp\FortiClientVirusCleaner.exe
C:\Users\rbratz\AppData\Local\Temp\gh3bg-lo.dll
C:\Users\rbratz\AppData\Local\Temp\gu2cbl5z.dll
C:\Users\rbratz\AppData\Local\Temp\GUR1CD2.exe
C:\Users\rbratz\AppData\Local\Temp\i4jdel0.exe
C:\Users\rbratz\AppData\Local\Temp\jkr7zrhe.dll
C:\Users\rbratz\AppData\Local\Temp\jnecc7tk.dll
C:\Users\rbratz\AppData\Local\Temp\libav.dll
C:\Users\rbratz\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\rbratz\AppData\Local\Temp\mdare.dll
C:\Users\rbratz\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\rbratz\AppData\Local\Temp\oi_{05CEF480-B928-4558-8BAF-FF18A9224D67}.exe
C:\Users\rbratz\AppData\Local\Temp\oxhiy6fr.dll
C:\Users\rbratz\AppData\Local\Temp\rev6mp49.dll
C:\Users\rbratz\AppData\Local\Temp\SimilarBundleGenericDl.exe
C:\Users\rbratz\AppData\Local\Temp\SpOrder.dll
C:\Users\rbratz\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\rbratz\AppData\Local\Temp\SPStub.exe
C:\Users\rbratz\AppData\Local\Temp\tbGame.dll
C:\Users\rbratz\AppData\Local\Temp\tbo9u6eu.dll
C:\Users\rbratz\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\rbratz\AppData\Local\Temp\utt1F3A.tmp.exe
C:\Users\rbratz\AppData\Local\Temp\vyora7kx.dll
C:\Users\rbratz\AppData\Local\Temp\webxvid-setup-on.exe
C:\Users\rbratz\AppData\Local\Temp\xvidupdate.exe
C:\Users\rbratz\AppData\Local\Temp\z89fnrwh.dll
C:\Users\rbratz\AppData\Local\Temp\_pzwjlq9.dll
C:\Users\Robert_privat\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 20:23

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by rbratz at 2014-08-25 09:01:22
Running from C:\Users\rbratz\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: FortiClient AntiVirus (Enabled - Out of date) {385618A6-2256-708E-3FB9-7E98B93F91F9}
AS: FortiClient AntiVirus (Enabled - Out of date) {8337F942-046C-7F00-0509-45EAC2B8DB44}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix online plug-in (DV) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Citrix online plug-in (PNA) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (SSON) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: 6.3.3.3 - Conduit Ltd.) <==== ATTENTION
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.116 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
Design-Lib.Com - Batch PSD to JPG 1.5 (HKLM-x32\...\Design-Lib.Com - Batch PSD to JPG 1.5) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
EPSON BX305 Series Printer Uninstall (HKLM\...\EPSON BX305 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
e-tax 2011 (HKLM-x32\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.8.758 - Australian Taxation Office)
FortiClient (HKLM\...\{863EB7F6-0FD9-4BA5-B95A-FC48218AEF5C}) (Version: 5.0.9.0347 - Fortinet Inc)
FTP Commander (HKLM-x32\...\FTP Commander) (Version:  - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICP 9.0 (HKLM\...\ICP install2_is1) (Version:  - )
ImageConverter Plus 8.0 (HKLM-x32\...\ImageConverter Plus_is1) (Version: 8.0.105 (build: 110201) - fCoder Group, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel(R) Network Connections 15.7.176.1 (Version: 15.7.176.1 - Dell) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2347 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Light Image Resizer 4.4.1.4 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.4 - ObviousIdea)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiSkypeLauncher (remove only) (HKLM-x32\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version:  - neftojpg.com)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. )
WPM18.8.0.304 (HKLM-x32\...\WPM) (Version: 18.8.0.304 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

23-08-2014 05:24:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04A67888-AA83-4F0B-871E-9A82E741E939} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: {04F8FCFA-DFF8-4FC4-8BE4-EBF34B45D18D} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: {066E90D8-7E3F-41E7-A65E-EAF95B31AB35} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: {1020FB7C-3CE8-4DF1-99A1-BA20780A419C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21] (Google Inc.)
Task: {23CAD1AE-01A3-4DD4-A888-D2E9CF2D7782} - System32\Tasks\PriceMeterUpdater => C:\Users\rbratz\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {29F30AE4-640D-4775-A67A-41AB0612FC24} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: {B8B40398-DBE6-4F92-9BF4-A0879649CA7E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2186728067-1712137595-3068445564-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B9A46014-6119-49C7-8382-C047220387FC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D336B5BE-863D-4DC1-9EBB-194A4EBF6705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21] (Google Inc.)
Task: {E39CDA05-00FE-4786-807B-15E84D7E1554} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2186728067-1712137595-3068445564-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E719FD0C-C8AA-4D64-AE97-D7BE9738EF0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: {FBA4770E-94B6-41FB-AD77-ABDC2142FA11} - System32\Tasks\pricemeterdownloader => C:\Users\rbratz\AppData\Local\PriceMeter\pricemeterd.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core.job => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA.job => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\rbratz\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-05-24 23:24 - 2003-04-19 12:06 - 00008192 ____N () c:\Windows\SysWOW64\srvany.exe
2014-06-26 03:58 - 2014-06-26 03:58 - 00172544 _____ () C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\SupraSavingsService64.exe
2014-06-13 05:05 - 2014-06-13 05:05 - 00110080 _____ () C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\nfapi.dll
2014-06-13 05:05 - 2014-06-13 05:05 - 00456192 _____ () C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\ProtocolFilters.dll
2011-05-25 00:59 - 2011-03-29 03:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-02-08 16:41 - 2011-02-08 16:41 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-11-27 11:19 - 2013-11-27 11:19 - 00389138 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2011-07-27 21:49 - 2008-11-17 23:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll
2011-07-27 21:49 - 2009-07-08 23:23 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll
2011-07-27 21:49 - 2009-12-05 02:21 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll
2011-07-27 21:49 - 2009-11-20 22:20 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll
2011-07-27 21:49 - 2008-08-26 02:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll
2011-07-27 21:50 - 2007-03-30 19:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll
2011-07-27 21:49 - 2009-11-27 02:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll
2011-07-27 21:50 - 2009-12-08 19:51 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll
2011-07-27 21:49 - 2009-09-09 23:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll
2011-07-27 21:49 - 2007-03-30 18:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll
2011-07-27 21:49 - 2009-12-07 20:07 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll
2011-07-27 21:49 - 2009-11-28 02:50 - 00135168 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll
2011-07-27 21:49 - 2009-10-17 00:04 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll
2011-07-27 21:49 - 2009-08-06 19:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll
2011-07-27 21:49 - 2009-12-19 01:12 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll
2011-07-27 21:49 - 2008-12-13 01:52 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll
2011-07-27 21:49 - 2007-09-01 02:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll
2011-07-27 21:49 - 2008-12-13 02:00 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll
2011-07-27 21:49 - 2009-11-28 02:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll
2011-07-27 21:49 - 2009-12-05 02:21 - 04567040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll
2011-07-27 21:49 - 2007-03-30 19:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll
2011-07-27 21:49 - 2009-12-19 04:10 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll
2011-07-27 21:49 - 2009-11-12 02:21 - 00450560 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll
2011-07-27 21:49 - 2009-11-12 02:20 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll
2011-07-27 21:49 - 2009-06-26 18:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll
2011-07-27 21:50 - 2009-11-20 20:30 - 01032192 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll
2011-07-27 21:49 - 2009-12-05 02:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll
2011-07-27 21:49 - 2009-11-10 03:35 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll
2011-07-27 21:49 - 2008-08-26 01:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll
2011-07-27 21:49 - 2009-07-14 22:25 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll
2011-07-27 21:49 - 2009-10-23 02:50 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll
2011-07-27 21:49 - 2009-12-07 22:55 - 00253952 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll
2011-07-27 21:49 - 2007-03-30 18:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll
2011-07-27 21:49 - 2008-04-24 19:46 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll
2014-08-25 08:28 - 2014-08-25 08:28 - 00098816 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32api.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00110080 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\pywintypes27.dll
2014-08-25 08:28 - 2014-08-25 08:28 - 00364544 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\pythoncom27.dll
2014-08-25 08:28 - 2014-08-25 08:28 - 00045568 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\_socket.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 01160704 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\_ssl.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00320512 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32com.shell.shell.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00713216 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\_hashlib.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 01175040 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._core_.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00805888 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._gdi_.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00811008 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._windows_.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 01062400 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._controls_.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00735232 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._misc_.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00128512 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\_elementtree.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00127488 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\pyexpat.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00557056 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\pysqlite2._sqlite.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00007168 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\hashobjs_ext.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00087552 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\_ctypes.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00119808 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32file.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00108544 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32security.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00018432 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32event.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00038912 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32inet.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00070656 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._html2.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00167936 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32gui.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00011264 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32crypt.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00027136 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\_multiprocessing.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00686080 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\unicodedata.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00122368 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._wizard.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00010240 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\select.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00024064 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32pipe.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00025600 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32pdh.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00525640 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\windows._lib_cacheinvalidation.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00035840 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32process.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00017408 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32profile.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00022528 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\win32ts.pyd
2014-08-25 08:28 - 2014-08-25 08:28 - 00078336 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI45322\wx._animate.pyd
2014-08-14 09:37 - 2014-08-14 09:37 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-06-12 06:07 - 2013-06-12 06:07 - 16033160 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: FortiFW
Description: FortiFW
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: FortiFW
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 08:33:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/25/2014 08:33:20 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/25/2014 08:23:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2014 08:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2014 03:03:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/23/2014 02:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 00:14:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/22/2014 07:46:47 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/22/2014 07:37:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 07:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bcmwltry.exe, version: 5.100.235.13, time stamp: 0x4d2e744a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007ff0045ad38
Faulting process id: 0x570
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3


System errors:
=============
Error: (08/25/2014 08:25:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PriceMeterLiveUpdate Service (pricemeterliveUpdate) service failed to start due to the following error: 
%%2

Error: (08/25/2014 08:22:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0

Error: (08/23/2014 11:09:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (08/23/2014 08:02:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PriceMeterLiveUpdate Service (pricemeterliveUpdate) service failed to start due to the following error: 
%%2

Error: (08/23/2014 08:00:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0

Error: (08/23/2014 03:25:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (08/23/2014 02:56:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PriceMeterLiveUpdate Service (pricemeterliveUpdate) service failed to start due to the following error: 
%%2

Error: (08/23/2014 02:53:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0

Error: (08/22/2014 05:59:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (08/22/2014 05:58:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (08/25/2014 08:33:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/25/2014 08:33:20 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/25/2014 08:23:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2014 08:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2014 03:03:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/23/2014 02:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 00:14:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/22/2014 07:46:47 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/22/2014 07:37:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 07:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bcmwltry.exe5.100.235.134d2e744aunknown0.0.0.000000000c0000005000007ff0045ad3857001cfbd22cdd12aabC:\Program Files\Dell\DW WLAN Card\bcmwltry.exeunknown2fc78cfd-2916-11e4-9e17-90004ef0d0af


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 73%
Total physical RAM: 3976.9 MB
Available physical RAM: 1044.42 MB
Total Pagefile: 7951.98 MB
Available Pagefile: 4507.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:23.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 84B5407A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

HI Matthias, ich hoffe das hilft bei der Suche. Lass mich wisen wenn du mehr benoetigst.

M-K-D-B · 25.08.2014, 08:52

Zukünftig:

Zitat:

Running from C:\Users\rbratz\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

rbratz · 26.08.2014, 01:53

Code:

ATTFilter

# AdwCleaner v3.308 - Report created 26/08/2014 at 09:09:23
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : rbratz - PAS-E6420-D
# Running from : C:\Users\rbratz\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : netfilter64
[#] Service Deleted : pricemeterliveUpdate
[#] Service Deleted : pricemeterliveUpdatem
Service Deleted : SupraSavingsService64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\IePluginService
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PriceMeterLiveUpdate
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\PriceMeterLiveUpdate
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Program Files (x86)\smart pc cleaner
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Users\rbratz\AppData\Local\Conduit
Folder Deleted : C:\Users\rbratz\AppData\Local\globalUpdate
Folder Deleted : C:\Users\rbratz\AppData\Local\Mobogenie
Folder Deleted : C:\Users\rbratz\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\rbratz\AppData\Local\PriceMeterLiveUpdate
Folder Deleted : C:\Users\rbratz\AppData\Local\TBHostSupport
Folder Deleted : C:\Users\rbratz\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\rbratz\AppData\Local\Temp\Spigot
Folder Deleted : C:\Users\rbratz\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\rbratz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\rbratz\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\rbratz\AppData\LocalLow\Delta
Folder Deleted : C:\Users\rbratz\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\rbratz\AppData\Roaming\Babylon
Folder Deleted : C:\Users\rbratz\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\rbratz\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\rbratz\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\rbratz\AppData\Roaming\PriceMeterUpdater
Folder Deleted : C:\Users\rbratz\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\rbratz\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\rbratz\AppData\Roaming\SupTab
Folder Deleted : C:\Users\rbratz\Documents\Mobogenie
Folder Deleted : C:\Users\rbratz\Documents\Optimizer Pro
Folder Deleted : C:\Users\rbratz\Documents\smart pc cleaner
Folder Deleted : C:\Users\Robert_privat\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Robert_privat\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Robert_privat\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Robert_privat\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Windows\System32\SecureAssist64.dll
File Deleted : C:\Users\rbratz\daemonprocess.txt
File Deleted : C:\Users\rbratz\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\crpeqp8w.default\bprotector_extensions.sqlite
File Deleted : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\crpeqp8w.default\searchplugins\Babylon.xml
File Deleted : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\Conduit.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qone8.xml
File Deleted : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\crpeqp8w.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\crpeqp8w.default\user.js
File Deleted : C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
File Deleted : C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : BackgroundContainer Startup Task
Task Deleted : pricemeterdownloader
Task Deleted : PriceMeterLiveUpdateUpdateTaskMachineCore
Task Deleted : PriceMeterLiveUpdateUpdateTaskMachineUA
Task Deleted : PriceMeterUpdater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\rbratz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\rbratz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Key Deleted : HKCU\Software\9578888b53dbd14
Key Deleted : HKLM\SOFTWARE\9578888b53dbd14
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306926
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3AC848A-5294-4E1C-BDCF-03BD4C9F79CF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\PriceMeterLiveUpdate
Key Deleted : HKCU\Software\PriceMeterUpdater
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\DealPlyLive
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
Key Deleted : HKLM\SOFTWARE\qone8Software
Key Deleted : HKLM\SOFTWARE\suprasavings
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\pureadmin\AppData\Roaming\Mozilla\Firefox\Profiles\yut01lse.default\prefs.js ]


[ File : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\prefs.js ]

Line Deleted : user_pref("CT3306926_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386493164561,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306926");
Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Gameoff-games Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306926&CUI=UN29000216426165631&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("extensions.crossrider.bic", "145fbd62b24b0d569ca327bee5eff1a7");
Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.machineId", "K7O8IV/O8OWHWIJJ6K8KMWPMEPQ9LHEUUKMHUINV4CUSNETGMM+G5AVZDQDZBT4NLLS6DTKYGKCNINEVA/JWPA");

[ File : C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\crpeqp8w.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("extensions.507dae0fa4ce5.scode", "if(window.self.location.protocol=='hxxp:' && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src=[...]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "12");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "3C70EFA624E90AA0C29D21CC9135B43E");
Line Deleted : user_pref("extensions.delta.id", "bafa11ae00000000000068a3c4c9506d");
Line Deleted : user_pref("extensions.delta.instlDay", "15810");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.16.1611:53:57");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1611:53:57");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://de.search.yahoo.com/?type=994519&fr=spigot-yhp-ff");

-\\ Google Chrome v

[ File : C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN16035642584541656&ctid=CT3306926&UM=2&sspv=TB_CNI3
Deleted [Search Provider] : hxxp://www.qone8.com/web/?type=ds&ts=1400089458&from=ild&uid=HitachiXHTS723225A7A364_E3824562GB952NGB952NX&q={searchTerms}
Deleted [Extension] : olakgnkoldmagdblaalodobkmeokmgjj
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [28036 octets] - [26/08/2014 08:49:53]
AdwCleaner[S0].txt - [26227 octets] - [26/08/2014 09:09:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26288 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 8/26/2014
Scan Time: 9:25:48 AM
Logfile: anti_malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.25.05
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: rbratz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434028
Time Elapsed: 53 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by rbratz on Tue 08/26/2014 at 10:37:47.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2186728067-1712137595-3068445564-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{50F78362-6D36-40E1-969A-3B7AC87FB5CB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{04A6E20F-572C-4B2A-BCEF-53D0DCE2331F}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{1A429FDD-6B2F-48E7-B58D-DA8C9A1D9D28}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{23B167E8-2ABB-4670-A316-0FC793E8DEE2}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{2D5F2645-1C8F-4E56-85BE-87B9FF352E6B}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{374F2E09-53D3-43D1-A7C2-346E890BCCC8}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{3C38E632-DD94-4CBA-A13D-6948EF8FF493}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{4B8BB256-011E-4DB0-B8AD-AC299B547267}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{76EE336A-B825-47B9-A1B4-4F8DF0AF9617}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{841699B0-8E1C-45E2-8DD6-B645FBE7358A}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{89CC73D2-44FC-4B9E-9062-CCEA6B9EF971}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{8BC75410-C1DC-4B28-B24E-E040356AA187}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{96539E91-EB58-4AD3-875C-2D739B3A8DB0}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{9A12AF61-95AE-4A29-AC74-1AC9B55D3AA9}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{9C1FC5CF-14C0-4759-8F1D-833C78932067}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{9F124AE7-EA9E-4281-B730-E067A75898BE}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{9F5A4616-9D3F-4DBA-A6B6-ABAA2466250E}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{A57D31EE-18D5-44E1-A9C8-2CFA0D31A0FB}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{A6E0809E-0C0E-467B-BDEC-ACD3456DCE56}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{B5A494FF-595E-46F8-A743-3808A4C15137}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{CBE89DE9-C2E4-4088-8C96-A76F1E7E50F0}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{DAA2D195-F22D-4397-94CC-706BD3151A68}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{E983E57C-027B-4BC7-B19F-130D417548E1}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{EFA685E2-FF10-4C71-BF60-31D9E0262AE7}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{F24A7E49-1E91-4FE1-903D-BF7D0869C160}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{FE2B377D-FA02-424E-B4F3-C87130007F05}
Successfully deleted: [Empty Folder] C:\Users\rbratz\appdata\local\{FF9175BD-CA5A-40AD-99D7-85788AFF3D3A}



~~~ FireFox

Emptied folder: C:\Users\rbratz\AppData\Roaming\mozilla\firefox\profiles\778oqeqv.default-1376129905533\minidumps [279 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/26/2014 at 10:45:47.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by rbratz (administrator) on PAS-E6420-D on 26-08-2014 10:50:05
Running from C:\Users\rbratz\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fcappdb.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_FATIBVA.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-16] (Dell Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-30] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-05] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [Google Update] => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [EPSON Stylus CX5000 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVA.EXE [143360 2006-10-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {0045224c-969d-11e1-aa7c-90004ef0d0af} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {00e09687-e7cd-11e1-b13b-90004ef0d0af} - E:\Setup.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {5b6da3cd-736f-11e2-8279-90004ef0d0af} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {6f9a5156-2cb0-11e1-b336-90004ef0d0af} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c154-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c163-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1a9-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1c3-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1fc-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c359-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {9015b3ad-86f9-11e2-a003-001e101f2500} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {9753809b-5468-11e2-ba54-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {a6c3345a-51ea-11e2-9b57-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {b561dea8-51e9-11e2-9bbf-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {f8e3eac1-9c12-11e1-84b3-5c260a5996ba} - "E:\WD SmartWare.exe" autoplay=true
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk
ShortcutTarget: MultiSkypeLauncher.lnk -> C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
SearchScopes: HKCU - {92892FC0-CAE5-455C-96D7-5D805F4DA9C0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\PROGRA~2\WINZIP~2\wzwmcie.dll No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533
FF Homepage: https://mail.google.com/mail/u/0/#inbox
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @ei.CieoNetUtilities_0e.com/Plugin -> C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\NP0eEISB.dll No File
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll (Fortinet Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\yahoo_ff.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: No Name - C:\Program Files (x86)\WinZip Courier\FFExt [2011-11-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR NewTab: "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CieoNet Utilities Installer Plugin Stub) - C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\NP0eEISB.dll No File
CHR Plugin: (WinZip Courier) - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\rbratz\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\rbratz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-29]
CHR HKCU\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [98322 2014-04-16] (Fortinet Inc.) [File not signed]
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-04] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-14] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-16] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U0 bgxoja; C:\Windows\System32\drivers\gdpnleb.sys [79064 2014-08-26] (Malwarebytes Corporation)
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [56032 2014-04-16] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [50912 2014-04-16] (Fortinet Inc)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [16096 2014-04-16] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2013-09-18] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37600 2014-04-16] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [12512 2014-04-16] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [133856 2014-04-16] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [47328 2014-04-16] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [56544 2014-04-16] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28384 2014-04-16] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation)
S3 mdareDriver_43; C:\Users\rbratz\AppData\Local\Temp\FCPreScan\mdare64_43.sys [90848 2014-01-30] (Fortinet Inc.)
S3 mdareDriver_47; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_47.sys [91872 2014-05-22] (Fortinet Inc.)
R3 mdareDriver_48; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_48.sys [91872 2014-07-04] (Fortinet Inc.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 10:45 - 2014-08-26 10:45 - 00004217 _____ () C:\Users\rbratz\Desktop\JRT.txt
2014-08-26 10:37 - 2014-08-26 10:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 10:36 - 2014-08-26 10:36 - 01016261 _____ (Thisisu) C:\Users\rbratz\Desktop\JRT.exe
2014-08-26 10:30 - 2014-08-26 10:30 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\gdpnleb.sys
2014-08-26 10:30 - 2014-08-26 10:30 - 00001066 _____ () C:\Users\rbratz\Desktop\anti_malware.txt
2014-08-26 09:28 - 2014-08-26 09:28 - 00000165 ____H () C:\Users\rbratz\Desktop\~$pre order overview.xlsx
2014-08-26 09:23 - 2014-08-26 09:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 09:22 - 2014-08-26 09:22 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-26 09:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 09:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-26 09:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-26 09:20 - 2014-08-26 09:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rbratz\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-26 08:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-26 08:49 - 2014-08-26 09:10 - 00000000 ____D () C:\AdwCleaner
2014-08-26 08:28 - 2014-08-26 08:29 - 01364531 _____ () C:\Users\rbratz\Desktop\adwcleaner_3.308.exe
2014-08-25 09:01 - 2014-08-25 09:02 - 00056829 _____ () C:\Users\rbratz\Desktop\Addition.txt
2014-08-25 08:59 - 2014-08-26 10:51 - 00034357 _____ () C:\Users\rbratz\Desktop\FRST.txt
2014-08-25 08:57 - 2014-08-26 10:50 - 00000000 ____D () C:\FRST
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\rbratz\Desktop\FRST64.exe
2014-08-25 08:55 - 2014-08-25 08:55 - 01095168 _____ (Farbar) C:\Users\rbratz\Desktop\FRST.exe
2014-08-22 11:58 - 2014-08-22 11:58 - 00052224 _____ () C:\Users\rbratz\Downloads\SearchResults(2).xls
2014-08-21 21:32 - 2014-08-21 21:48 - 00012504 _____ () C:\Users\rbratz\Desktop\turnover.xlsx
2014-08-21 08:31 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 08:31 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 08:31 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 08:31 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 08:31 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 08:31 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 08:31 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 08:30 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 08:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 08:30 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 08:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 16:08 - 2014-08-19 17:07 - 00048195 _____ () C:\Users\rbratz\Desktop\zahlen.xlsx
2014-08-19 10:15 - 2014-08-26 09:32 - 00123951 _____ () C:\Users\rbratz\Desktop\pre order overview.xlsx
2014-08-18 15:31 - 2014-08-18 15:31 - 00009599 _____ () C:\Users\rbratz\Desktop\POP EU.xlsx
2014-08-15 11:56 - 2014-08-15 11:56 - 00165376 _____ () C:\Users\rbratz\Desktop\Copy of  SYD Stock On Hand Thursday 14 August 2014 20_00_44_RB.xls
2014-08-14 10:00 - 2014-08-14 10:07 - 00000000 ____D () C:\def8b9787b111ada1366d9301a4c82
2014-08-14 09:54 - 2014-07-01 08:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 09:54 - 2014-07-01 08:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 09:54 - 2014-06-06 16:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 09:54 - 2014-06-06 16:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 09:54 - 2014-03-10 07:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 09:54 - 2014-03-10 07:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 09:54 - 2014-03-10 07:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 09:54 - 2014-03-10 07:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 09:37 - 2014-08-14 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 09:00 - 2014-07-09 08:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 09:00 - 2014-07-09 08:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 08:56 - 2014-07-16 13:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:56 - 2014-07-16 12:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:56 - 2014-06-03 19:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 08:56 - 2014-06-03 19:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 08:56 - 2014-06-03 19:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 08:55 - 2014-07-16 13:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 08:55 - 2014-07-16 12:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 08:55 - 2014-07-16 12:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 08:55 - 2014-07-14 12:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 08:55 - 2014-07-14 11:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 08:55 - 2014-06-25 12:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 08:55 - 2014-06-25 11:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 08:55 - 2014-06-16 12:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:52 - 2014-08-07 12:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 08:52 - 2014-08-07 12:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 15:26 - 2014-08-12 15:29 - 90288664 _____ () C:\Users\rbratz\Downloads\gimp-2.8.10-setup.exe
2014-08-12 12:12 - 2014-08-12 12:12 - 02948254 _____ () C:\Users\rbratz\Downloads\wetransfer-64cfcc.zip.part
2014-08-12 10:16 - 2014-08-12 10:16 - 00004822 _____ () C:\Users\rbratz\Downloads\Mapped Dealers List.xlsx
2014-08-11 17:16 - 2014-08-18 09:44 - 00082064 _____ () C:\Users\rbratz\Desktop\ROBERT2014.TAX
2014-08-11 17:16 - 2014-08-18 09:42 - 00082048 _____ () C:\Users\rbratz\Desktop\ROBERT2014.BAK
2014-08-11 16:27 - 2014-08-11 16:35 - 00000416 _____ () C:\Users\rbratz\Documents\ROBERT2014.TAX
2014-08-11 16:27 - 2014-08-11 16:27 - 00000256 _____ () C:\Users\rbratz\Documents\ROBERT2014.BAK
2014-08-11 15:52 - 2014-08-11 15:52 - 00000000 ____D () C:\Users\rbratz\AppData\Local\etax2014
2014-08-11 15:51 - 2014-08-11 15:51 - 00001887 _____ () C:\Users\rbratz\Desktop\e-tax 2014.lnk
2014-08-11 15:51 - 2014-08-11 15:51 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-08-11 15:50 - 2014-08-11 15:51 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-08-11 15:45 - 2014-08-11 15:48 - 30756864 _____ () C:\Users\rbratz\Downloads\etax2014_1.msi
2014-08-06 11:09 - 2014-08-06 11:10 - 00013045 _____ () C:\Users\rbratz\Downloads\_DetailTranSummary (Bratz,Robert)(2).html
2014-08-04 09:31 - 2014-08-04 09:34 - 02462356 _____ () C:\Users\rbratz\Downloads\2015_launch_banners.zip
2014-07-30 14:25 - 2014-07-30 14:25 - 00064464 _____ () C:\Users\rbratz\Downloads\Item list_RB.xlsx
2014-07-30 14:03 - 2014-07-30 14:03 - 00047368 _____ () C:\Users\rbratz\Downloads\Item list.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 10:51 - 2014-08-25 08:59 - 00034357 _____ () C:\Users\rbratz\Desktop\FRST.txt
2014-08-26 10:51 - 2012-11-21 20:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 10:50 - 2014-08-25 08:57 - 00000000 ____D () C:\FRST
2014-08-26 10:45 - 2014-08-26 10:45 - 00004217 _____ () C:\Users\rbratz\Desktop\JRT.txt
2014-08-26 10:37 - 2014-08-26 10:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 10:36 - 2014-08-26 10:36 - 01016261 _____ (Thisisu) C:\Users\rbratz\Desktop\JRT.exe
2014-08-26 10:30 - 2014-08-26 10:30 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\gdpnleb.sys
2014-08-26 10:30 - 2014-08-26 10:30 - 00001066 _____ () C:\Users\rbratz\Desktop\anti_malware.txt
2014-08-26 10:30 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
2014-08-26 10:29 - 2014-05-15 03:44 - 00000000 ____D () C:\temp
2014-08-26 10:26 - 2011-07-16 03:39 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Skype
2014-08-26 10:15 - 2011-12-21 20:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA.job
2014-08-26 09:32 - 2014-08-19 10:15 - 00123951 _____ () C:\Users\rbratz\Desktop\pre order overview.xlsx
2014-08-26 09:28 - 2014-08-26 09:28 - 00000165 ____H () C:\Users\rbratz\Desktop\~$pre order overview.xlsx
2014-08-26 09:25 - 2014-08-26 09:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 09:22 - 2014-08-26 09:22 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-26 09:21 - 2014-08-26 09:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rbratz\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-26 09:20 - 2011-07-16 03:41 - 00000000 ____D () C:\Users\rbratz\Documents\Outlook Files
2014-08-26 09:20 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 09:20 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 09:16 - 2011-05-24 23:22 - 01598961 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 09:13 - 2011-07-27 21:52 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\.oit
2014-08-26 09:12 - 2013-10-20 18:18 - 03075144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 09:12 - 2012-11-21 20:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 09:12 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 09:11 - 2013-10-20 18:18 - 00630346 _____ () C:\Windows\PFRO.log
2014-08-26 09:11 - 2013-10-20 18:18 - 00050580 _____ () C:\Windows\setupact.log
2014-08-26 09:10 - 2014-08-26 08:49 - 00000000 ____D () C:\AdwCleaner
2014-08-26 09:10 - 2011-07-14 06:52 - 00000000 ____D () C:\Users\rbratz
2014-08-26 08:29 - 2014-08-26 08:28 - 01364531 _____ () C:\Users\rbratz\Desktop\adwcleaner_3.308.exe
2014-08-25 14:03 - 2013-05-17 01:55 - 00000000 ____D () C:\Users\rbratz\Desktop\Auatralia
2014-08-25 12:15 - 2011-12-21 20:43 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core.job
2014-08-25 09:02 - 2014-08-25 09:01 - 00056829 _____ () C:\Users\rbratz\Desktop\Addition.txt
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\rbratz\Desktop\FRST64.exe
2014-08-25 08:55 - 2014-08-25 08:55 - 01095168 _____ (Farbar) C:\Users\rbratz\Desktop\FRST.exe
2014-08-23 21:59 - 2014-04-11 13:44 - 00000000 ____D () C:\Windows\rescache
2014-08-23 20:33 - 2011-07-26 21:26 - 00000000 ____D () C:\Users\rbratz\Desktop\BEST
2014-08-22 11:58 - 2014-08-22 11:58 - 00052224 _____ () C:\Users\rbratz\Downloads\SearchResults(2).xls
2014-08-21 21:48 - 2014-08-21 21:32 - 00012504 _____ () C:\Users\rbratz\Desktop\turnover.xlsx
2014-08-20 20:55 - 2014-04-03 14:22 - 00000000 ____D () C:\Users\rbratz\Desktop\Transition period Navi
2014-08-20 13:06 - 2013-03-29 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 17:07 - 2014-08-19 16:08 - 00048195 _____ () C:\Users\rbratz\Desktop\zahlen.xlsx
2014-08-18 15:31 - 2014-08-18 15:31 - 00009599 _____ () C:\Users\rbratz\Desktop\POP EU.xlsx
2014-08-18 09:44 - 2014-08-11 17:16 - 00082064 _____ () C:\Users\rbratz\Desktop\ROBERT2014.TAX
2014-08-18 09:42 - 2014-08-11 17:16 - 00082048 _____ () C:\Users\rbratz\Desktop\ROBERT2014.BAK
2014-08-15 11:56 - 2014-08-15 11:56 - 00165376 _____ () C:\Users\rbratz\Desktop\Copy of  SYD Stock On Hand Thursday 14 August 2014 20_00_44_RB.xls
2014-08-14 22:58 - 2012-06-13 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 10:07 - 2014-08-14 10:00 - 00000000 ____D () C:\def8b9787b111ada1366d9301a4c82
2014-08-14 10:07 - 2013-09-19 08:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:07 - 2011-07-09 04:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 10:00 - 2011-07-09 04:59 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 09:53 - 2014-05-06 12:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 09:37 - 2014-08-14 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-12 15:29 - 2014-08-12 15:26 - 90288664 _____ () C:\Users\rbratz\Downloads\gimp-2.8.10-setup.exe
2014-08-12 13:56 - 2011-09-30 22:24 - 00000000 ____D () C:\Users\rbratz\Desktop\privat
2014-08-12 12:12 - 2014-08-12 12:12 - 02948254 _____ () C:\Users\rbratz\Downloads\wetransfer-64cfcc.zip.part
2014-08-12 10:16 - 2014-08-12 10:16 - 00004822 _____ () C:\Users\rbratz\Downloads\Mapped Dealers List.xlsx
2014-08-11 16:35 - 2014-08-11 16:27 - 00000416 _____ () C:\Users\rbratz\Documents\ROBERT2014.TAX
2014-08-11 16:27 - 2014-08-11 16:27 - 00000256 _____ () C:\Users\rbratz\Documents\ROBERT2014.BAK
2014-08-11 15:52 - 2014-08-11 15:52 - 00000000 ____D () C:\Users\rbratz\AppData\Local\etax2014
2014-08-11 15:51 - 2014-08-11 15:51 - 00001887 _____ () C:\Users\rbratz\Desktop\e-tax 2014.lnk
2014-08-11 15:51 - 2014-08-11 15:51 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-08-11 15:51 - 2014-08-11 15:50 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-08-11 15:48 - 2014-08-11 15:45 - 30756864 _____ () C:\Users\rbratz\Downloads\etax2014_1.msi
2014-08-07 12:06 - 2014-08-14 08:52 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 12:01 - 2014-08-14 08:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 11:10 - 2014-08-06 11:09 - 00013045 _____ () C:\Users\rbratz\Downloads\_DetailTranSummary (Bratz,Robert)(2).html
2014-08-05 09:20 - 2010-11-21 13:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 09:34 - 2014-08-04 09:31 - 02462356 _____ () C:\Users\rbratz\Downloads\2015_launch_banners.zip
2014-07-30 15:36 - 2009-07-14 15:13 - 00816122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-30 14:25 - 2014-07-30 14:25 - 00064464 _____ () C:\Users\rbratz\Downloads\Item list_RB.xlsx
2014-07-30 14:03 - 2014-07-30 14:03 - 00047368 _____ () C:\Users\rbratz\Downloads\Item list.xlsx
2014-07-27 16:51 - 2009-07-14 15:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\pureadmin\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\pureadmin\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\pureadmin\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\pureadmin\AppData\Local\Temp\MSNDE55.exe
C:\Users\rbratz\AppData\Local\Temp\-vauecmt.dll
C:\Users\rbratz\AppData\Local\Temp\1nfbw9um.dll
C:\Users\rbratz\AppData\Local\Temp\1_Offer_6.exe
C:\Users\rbratz\AppData\Local\Temp\1_Offer_8.exe
C:\Users\rbratz\AppData\Local\Temp\3dynbvvj.dll
C:\Users\rbratz\AppData\Local\Temp\3q7t2sut.dll
C:\Users\rbratz\AppData\Local\Temp\arcparlupd.exe
C:\Users\rbratz\AppData\Local\Temp\BackupSetup.exe
C:\Users\rbratz\AppData\Local\Temp\dchlwbuq.dll
C:\Users\rbratz\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\rbratz\AppData\Local\Temp\fasle.dll
C:\Users\rbratz\AppData\Local\Temp\FortiClientVirusCleaner.exe
C:\Users\rbratz\AppData\Local\Temp\gh3bg-lo.dll
C:\Users\rbratz\AppData\Local\Temp\gu2cbl5z.dll
C:\Users\rbratz\AppData\Local\Temp\GUR1CD2.exe
C:\Users\rbratz\AppData\Local\Temp\i4jdel0.exe
C:\Users\rbratz\AppData\Local\Temp\jkr7zrhe.dll
C:\Users\rbratz\AppData\Local\Temp\jnecc7tk.dll
C:\Users\rbratz\AppData\Local\Temp\libav.dll
C:\Users\rbratz\AppData\Local\Temp\mdare.dll
C:\Users\rbratz\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\rbratz\AppData\Local\Temp\oi_{05CEF480-B928-4558-8BAF-FF18A9224D67}.exe
C:\Users\rbratz\AppData\Local\Temp\oxhiy6fr.dll
C:\Users\rbratz\AppData\Local\Temp\Quarantine.exe
C:\Users\rbratz\AppData\Local\Temp\rev6mp49.dll
C:\Users\rbratz\AppData\Local\Temp\SimilarBundleGenericDl.exe
C:\Users\rbratz\AppData\Local\Temp\SpOrder.dll
C:\Users\rbratz\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\rbratz\AppData\Local\Temp\tbo9u6eu.dll
C:\Users\rbratz\AppData\Local\Temp\vyora7kx.dll
C:\Users\rbratz\AppData\Local\Temp\webxvid-setup-on.exe
C:\Users\rbratz\AppData\Local\Temp\xvidupdate.exe
C:\Users\rbratz\AppData\Local\Temp\z89fnrwh.dll
C:\Users\rbratz\AppData\Local\Temp\_pzwjlq9.dll
C:\Users\Robert_privat\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 20:23

==================== End Of Log ============================

--- --- ---

--- --- ---

rbratz · 26.08.2014, 01:55

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by rbratz at 2014-08-26 10:51:31
Running from C:\Users\rbratz\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: FortiClient AntiVirus (Enabled - Out of date) {385618A6-2256-708E-3FB9-7E98B93F91F9}
AS: FortiClient AntiVirus (Enabled - Out of date) {8337F942-046C-7F00-0509-45EAC2B8DB44}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix online plug-in (DV) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Citrix online plug-in (PNA) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (SSON) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.116 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
Design-Lib.Com - Batch PSD to JPG 1.5 (HKLM-x32\...\Design-Lib.Com - Batch PSD to JPG 1.5) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
EPSON BX305 Series Printer Uninstall (HKLM\...\EPSON BX305 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
e-tax 2011 (HKLM-x32\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.8.758 - Australian Taxation Office)
FortiClient (HKLM\...\{863EB7F6-0FD9-4BA5-B95A-FC48218AEF5C}) (Version: 5.0.9.0347 - Fortinet Inc)
FTP Commander (HKLM-x32\...\FTP Commander) (Version:  - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICP 9.0 (HKLM\...\ICP install2_is1) (Version:  - )
ImageConverter Plus 8.0 (HKLM-x32\...\ImageConverter Plus_is1) (Version: 8.0.105 (build: 110201) - fCoder Group, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel(R) Network Connections 15.7.176.1 (Version: 15.7.176.1 - Dell) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2347 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Light Image Resizer 4.4.1.4 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.4 - ObviousIdea)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiSkypeLauncher (remove only) (HKLM-x32\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version:  - neftojpg.com)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04A67888-AA83-4F0B-871E-9A82E741E939} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: {1020FB7C-3CE8-4DF1-99A1-BA20780A419C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21] (Google Inc.)
Task: {B8B40398-DBE6-4F92-9BF4-A0879649CA7E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2186728067-1712137595-3068445564-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B9A46014-6119-49C7-8382-C047220387FC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D336B5BE-863D-4DC1-9EBB-194A4EBF6705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21] (Google Inc.)
Task: {E39CDA05-00FE-4786-807B-15E84D7E1554} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2186728067-1712137595-3068445564-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E719FD0C-C8AA-4D64-AE97-D7BE9738EF0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core.job => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA.job => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-24 23:24 - 2003-04-19 12:06 - 00008192 ____N () c:\Windows\SysWOW64\srvany.exe
2011-05-25 00:59 - 2011-03-29 03:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-02-08 16:41 - 2011-02-08 16:41 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-11-27 11:19 - 2013-11-27 11:19 - 00389138 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2011-07-27 21:49 - 2008-11-17 23:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll
2011-07-27 21:49 - 2009-07-08 23:23 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll
2011-07-27 21:49 - 2009-12-05 02:21 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll
2011-07-27 21:49 - 2009-11-20 22:20 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll
2011-07-27 21:49 - 2008-08-26 02:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll
2011-07-27 21:50 - 2007-03-30 19:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll
2011-07-27 21:49 - 2009-11-27 02:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll
2011-07-27 21:50 - 2009-12-08 19:51 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll
2011-07-27 21:49 - 2009-09-09 23:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll
2011-07-27 21:49 - 2007-03-30 18:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll
2011-07-27 21:49 - 2009-12-07 20:07 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll
2011-07-27 21:49 - 2009-11-28 02:50 - 00135168 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll
2011-07-27 21:49 - 2009-10-17 00:04 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll
2011-07-27 21:49 - 2009-08-06 19:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll
2011-07-27 21:49 - 2009-12-19 01:12 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll
2011-07-27 21:49 - 2008-12-13 01:52 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll
2011-07-27 21:49 - 2007-09-01 02:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll
2011-07-27 21:49 - 2008-12-13 02:00 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll
2011-07-27 21:49 - 2009-11-28 02:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll
2011-07-27 21:49 - 2009-12-05 02:21 - 04567040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll
2011-07-27 21:49 - 2007-03-30 19:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll
2011-07-27 21:49 - 2009-12-19 04:10 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll
2011-07-27 21:49 - 2009-11-12 02:21 - 00450560 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll
2011-07-27 21:49 - 2009-11-12 02:20 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll
2011-07-27 21:49 - 2009-06-26 18:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll
2011-07-27 21:50 - 2009-11-20 20:30 - 01032192 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll
2011-07-27 21:49 - 2009-12-05 02:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll
2011-07-27 21:49 - 2009-11-10 03:35 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll
2011-07-27 21:49 - 2008-08-26 01:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll
2011-07-27 21:49 - 2009-07-14 22:25 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll
2011-07-27 21:49 - 2009-10-23 02:50 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll
2011-07-27 21:49 - 2009-12-07 22:55 - 00253952 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll
2011-07-27 21:49 - 2007-03-30 18:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll
2011-07-27 21:49 - 2008-04-24 19:46 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll
2014-08-26 09:13 - 2014-08-26 09:13 - 00098816 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32api.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00110080 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\pywintypes27.dll
2014-08-26 09:13 - 2014-08-26 09:13 - 00364544 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\pythoncom27.dll
2014-08-26 09:13 - 2014-08-26 09:13 - 00045568 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\_socket.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 01160704 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\_ssl.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00320512 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32com.shell.shell.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00713216 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\_hashlib.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 01175040 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._core_.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00805888 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._gdi_.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00811008 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._windows_.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 01062400 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._controls_.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00735232 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._misc_.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00128512 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\_elementtree.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00127488 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\pyexpat.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00557056 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\pysqlite2._sqlite.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00007168 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\hashobjs_ext.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00087552 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\_ctypes.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00119808 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32file.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00108544 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32security.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00018432 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32event.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00038912 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32inet.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00070656 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._html2.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00167936 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32gui.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00011264 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32crypt.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00027136 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\_multiprocessing.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00686080 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\unicodedata.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00122368 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._wizard.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00010240 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\select.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00024064 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32pipe.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00025600 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32pdh.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00525640 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\windows._lib_cacheinvalidation.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00035840 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32process.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00017408 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32profile.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00022528 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\win32ts.pyd
2014-08-26 09:13 - 2014-08-26 09:13 - 00078336 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI48242\wx._animate.pyd
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-08-14 09:37 - 2014-08-14 09:37 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-12 06:07 - 2013-06-12 06:07 - 16033160 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: FortiFW
Description: FortiFW
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: FortiFW
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 3976.9 MB
Available physical RAM: 1289.63 MB
Total Pagefile: 7951.98 MB
Available Pagefile: 4971.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:23.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 84B5407A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

So ich denke alle steps sind ausgefuehrt.

M-K-D-B · 26.08.2014, 11:37

Gut gemacht.

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
SearchScopes: HKCU - {92892FC0-CAE5-455C-96D7-5D805F4DA9C0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HKCU\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]
C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx
AlternateDataStreams: C:\ProgramData\Temp:373E1720
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die beiden neuen Logdateien von FRST.

rbratz · 27.08.2014, 08:13

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by rbratz at 2014-08-27 08:56:10 Run:1
Running from C:\Users\rbratz\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - {92892FC0-CAE5-455C-96D7-5D805F4DA9C0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HKCU\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [pckaochijkjekcndgjamcfccjimechdg] - C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx [2013-12-05]
C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx
AlternateDataStreams: C:\ProgramData\Temp:373E1720
EmptyTemp:
end
*****************

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92892FC0-CAE5-455C-96D7-5D805F4DA9C0}" => Key deleted successfully.
"HKCR\CLSID\{92892FC0-CAE5-455C-96D7-5D805F4DA9C0}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\pckaochijkjekcndgjamcfccjimechdg" => Key deleted successfully.
C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pckaochijkjekcndgjamcfccjimechdg" => Key deleted successfully.
"C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx" => File/Directory not found.
"C:\Users\rbratz\AppData\Local\CRE\pckaochijkjekcndgjamcfccjimechdg.crx" => File/Directory not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
EmptyTemp: => Removed 18.9 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Der Rest folgt - scan dauert doch sehr lange.

M-K-D-B · 27.08.2014, 08:17

Servus,

ok.

rbratz · 28.08.2014, 00:26

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8acf4accf771f45801a178d3675ad3e
# engine=19856
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-27 01:22:02
# local_time=2014-08-27 11:22:02 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 160735972 0 0
# scanned=18345
# found=24
# cleaned=0
# scan_time=1192
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3306926\UninstallerUI.exe.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306926\UninstallerUI.exe.vir"
sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=0ED4BD4CCB9C96786DC1203CFC8A9FB72E58EEBB ft=1 fh=0d404ec1fdb2f145 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\Chrome\CT3306926\CHUninstaller.exe.vir"
sh=7A7A53735F25060338ACEA8F04A4A2A21C7D628F ft=1 fh=a9bbc2b895dbcf94 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\Chrome\CT3306926\UninstallerUI.exe.vir"
sh=DC9E9A7A427B5B74F6A6060FF122CFBAB65315E0 ft=1 fh=f94d4868571c4065 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\NativeMessaging\CT3306926\1_0_0_4\TBMessagingHost.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\NativeMessaging\CT3306926\1_0_0_6\TBMessagingHost.exe.vir"
sh=B1C5D9DC9A6493C66CD50B3767157CCFC4B4985E ft=1 fh=da713123607f778d vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\TBHostSupport\TBHostSupport.dll.vir"
sh=DC9E9A7A427B5B74F6A6060FF122CFBAB65315E0 ft=1 fh=f94d4868571c4065 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Temp\NativeMessaging\CT3306926\nativeMessaging\TBMessagingHost.exe.vir"
sh=44155A2CBE3B1CF590357FCFF41C29B01C037DB5 ft=1 fh=12a89d1ad9aa0136 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Temp\Spigot\SearchProtectionStub.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=C470D4646BADC27EABAD3128F38186DC0B245DE1 ft=1 fh=026c24fe8dd2cc30 vn="Variante von Win32/Toolbar.Besttoolbars.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Roaming\OpenCandy\03883962541543B49B5FF34CE76B4630\BreakingNews_silent_134.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir"
sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d8acf4accf771f45801a178d3675ad3e
# engine=19859
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-27 09:38:28
# local_time=2014-08-28 07:38:28 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 160808958 0 0
# scanned=254506
# found=29
# cleaned=0
# scan_time=63940
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3306926\UninstallerUI.exe.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306926\UninstallerUI.exe.vir"
sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=0ED4BD4CCB9C96786DC1203CFC8A9FB72E58EEBB ft=1 fh=0d404ec1fdb2f145 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\Chrome\CT3306926\CHUninstaller.exe.vir"
sh=7A7A53735F25060338ACEA8F04A4A2A21C7D628F ft=1 fh=a9bbc2b895dbcf94 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit\Chrome\CT3306926\UninstallerUI.exe.vir"
sh=DC9E9A7A427B5B74F6A6060FF122CFBAB65315E0 ft=1 fh=f94d4868571c4065 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\NativeMessaging\CT3306926\1_0_0_4\TBMessagingHost.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\NativeMessaging\CT3306926\1_0_0_6\TBMessagingHost.exe.vir"
sh=B1C5D9DC9A6493C66CD50B3767157CCFC4B4985E ft=1 fh=da713123607f778d vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\TBHostSupport\TBHostSupport.dll.vir"
sh=DC9E9A7A427B5B74F6A6060FF122CFBAB65315E0 ft=1 fh=f94d4868571c4065 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Temp\NativeMessaging\CT3306926\nativeMessaging\TBMessagingHost.exe.vir"
sh=44155A2CBE3B1CF590357FCFF41C29B01C037DB5 ft=1 fh=12a89d1ad9aa0136 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Temp\Spigot\SearchProtectionStub.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=C470D4646BADC27EABAD3128F38186DC0B245DE1 ft=1 fh=026c24fe8dd2cc30 vn="Variante von Win32/Toolbar.Besttoolbars.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Roaming\OpenCandy\03883962541543B49B5FF34CE76B4630\BreakingNews_silent_134.exe.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir"
sh=BEF49F698BB05F075CAD2314D1E6707CF5582727 ft=1 fh=a14839057f424abd vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\tbVuz1.dll.vir"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=ED3AE0C892B53C95BD9BDE74AEE8396D41B3AF87 ft=1 fh=be30934dd2f4fafd vn="Variante von Win64/Adware.Adpeak.F Anwendung" ac=I fn="C:\Program Files (x86)\7B2309EA-E015-4F90-83B6-EB71CABA5A4E\SupraSavingsService64.exe"
sh=4AB4D2867A5E53345CA9C81548E6FA24876491E7 ft=1 fh=a38478bbd6c41b05 vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEIPlug.dll"
sh=614FACD953519F454A3C12BDAF65146726A470FA ft=1 fh=bd26cb370b0b4c3c vn="Variante von Win32/Toolbar.MyWebSearch.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll"

ich bin mir nicht sicher ob die infiziert daten auch geloescht wurden. Ich denke du siehst da aber mehr als ich.

Code:

ATTFilter

en daten auch Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
FortiClient AntiVirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 26  
 Java version out of Date! 
  Adobe Flash Player 11.7.700.224 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by rbratz (administrator) on PAS-E6420-D on 28-08-2014 09:23:08
Running from C:\Users\rbratz\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fcappdb.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe
(Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\fmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-16] (Dell Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-04] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-30] (CyberLink Corp.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-05] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [Google Update] => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-21] (Google Inc.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20917408 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\Run: [EPSON Stylus CX5000 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVA.EXE [143360 2006-10-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {0045224c-969d-11e1-aa7c-90004ef0d0af} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {00e09687-e7cd-11e1-b13b-90004ef0d0af} - E:\Setup.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {5b6da3cd-736f-11e2-8279-90004ef0d0af} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {6f9a5156-2cb0-11e1-b336-90004ef0d0af} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c154-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c163-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1a9-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1c3-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c1fc-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {7862c359-7693-11e2-a2ad-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {9015b3ad-86f9-11e2-a003-001e101f2500} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {9753809b-5468-11e2-ba54-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {a6c3345a-51ea-11e2-9b57-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {b561dea8-51e9-11e2-9bbf-90004ef0d0af} - E:\AutoRun.exe
HKU\S-1-5-21-2186728067-1712137595-3068445564-1001\...\MountPoints2: {f8e3eac1-9c12-11e1-84b3-5c260a5996ba} - "E:\WD SmartWare.exe" autoplay=true
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk
ShortcutTarget: MultiSkypeLauncher.lnk -> C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\PROGRA~2\WINZIP~2\wzwmcie.dll No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533
FF Homepage: https://mail.google.com/mail/u/0/#inbox
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @ei.CieoNetUtilities_0e.com/Plugin -> C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\NP0eEISB.dll No File
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll (Fortinet Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\yahoo_ff.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: No Name - C:\Program Files (x86)\WinZip Courier\FFExt [2011-11-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\rbratz\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CieoNet Utilities Installer Plugin Stub) - C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\NP0eEISB.dll No File
CHR Plugin: (WinZip Courier) - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\rbratz\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google Search) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Google Wallet) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\rbratz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\rbratz\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [98322 2014-04-16] (Fortinet Inc.) [File not signed]
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-04] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-14] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-16] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [56032 2014-04-16] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [50912 2014-04-16] (Fortinet Inc)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [16096 2014-04-16] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [25312 2013-09-18] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37600 2014-04-16] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [12512 2014-04-16] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [133856 2014-04-16] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [47328 2014-04-16] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [56544 2014-04-16] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28384 2014-04-16] (Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2011-03-21] (Fortinet Inc.)
S3 mdareDriver_47; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_47.sys [91872 2014-05-22] (Fortinet Inc.)
R3 mdareDriver_48; C:\Program Files (x86)\Fortinet\FortiClient\mdare64_48.sys [91872 2014-07-04] (Fortinet Inc.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2011-03-21] (Fortinet Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 mdareDriver_43; \??\C:\Users\rbratz\AppData\Local\Temp\FCPreScan\mdare64_43.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 09:22 - 2014-08-28 09:22 - 00000896 _____ () C:\Users\rbratz\Desktop\checkup.txt
2014-08-28 09:17 - 2014-08-28 09:17 - 00854417 _____ () C:\Users\rbratz\Desktop\SecurityCheck.exe
2014-08-27 10:56 - 2014-08-27 10:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-27 09:02 - 2014-08-27 09:03 - 02347384 _____ (ESET) C:\Users\rbratz\Desktop\esetsmartinstaller_deu.exe
2014-08-26 15:55 - 2014-08-26 15:56 - 06570513 _____ () C:\Users\rbratz\Downloads\US_Surfboards_JPG.rar
2014-08-26 10:45 - 2014-08-26 10:45 - 00004217 _____ () C:\Users\rbratz\Desktop\JRT.txt
2014-08-26 10:37 - 2014-08-26 10:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 10:36 - 2014-08-26 10:36 - 01016261 _____ (Thisisu) C:\Users\rbratz\Desktop\JRT.exe
2014-08-26 10:30 - 2014-08-26 10:30 - 00001066 _____ () C:\Users\rbratz\Desktop\anti_malware.txt
2014-08-26 09:23 - 2014-08-26 09:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 09:22 - 2014-08-26 09:22 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-26 09:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 09:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-26 09:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-26 09:20 - 2014-08-26 09:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rbratz\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-26 08:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-26 08:49 - 2014-08-26 09:10 - 00000000 ____D () C:\AdwCleaner
2014-08-26 08:28 - 2014-08-26 08:29 - 01364531 _____ () C:\Users\rbratz\Desktop\adwcleaner_3.308.exe
2014-08-25 09:01 - 2014-08-26 10:52 - 00048116 _____ () C:\Users\rbratz\Desktop\Addition.txt
2014-08-25 08:59 - 2014-08-28 09:23 - 00033290 _____ () C:\Users\rbratz\Desktop\FRST.txt
2014-08-25 08:57 - 2014-08-28 09:23 - 00000000 ____D () C:\FRST
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\rbratz\Desktop\FRST64.exe
2014-08-25 08:55 - 2014-08-25 08:55 - 01095168 _____ (Farbar) C:\Users\rbratz\Desktop\FRST.exe
2014-08-22 11:58 - 2014-08-22 11:58 - 00052224 _____ () C:\Users\rbratz\Downloads\SearchResults(2).xls
2014-08-21 21:32 - 2014-08-21 21:48 - 00012504 _____ () C:\Users\rbratz\Desktop\turnover.xlsx
2014-08-21 08:31 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 08:31 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 08:31 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 08:31 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 08:31 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 08:31 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 08:31 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 08:30 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 08:30 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 08:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 08:30 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 08:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 16:08 - 2014-08-19 17:07 - 00048195 _____ () C:\Users\rbratz\Desktop\zahlen.xlsx
2014-08-19 10:15 - 2014-08-26 15:00 - 00123928 _____ () C:\Users\rbratz\Desktop\pre order overview.xlsx
2014-08-18 15:31 - 2014-08-18 15:31 - 00009599 _____ () C:\Users\rbratz\Desktop\POP EU.xlsx
2014-08-15 11:56 - 2014-08-15 11:56 - 00165376 _____ () C:\Users\rbratz\Desktop\Copy of  SYD Stock On Hand Thursday 14 August 2014 20_00_44_RB.xls
2014-08-14 10:00 - 2014-08-14 10:07 - 00000000 ____D () C:\def8b9787b111ada1366d9301a4c82
2014-08-14 09:54 - 2014-07-01 08:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 09:54 - 2014-07-01 08:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 09:54 - 2014-06-06 16:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 09:54 - 2014-06-06 16:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 09:54 - 2014-03-10 07:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 09:54 - 2014-03-10 07:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 09:54 - 2014-03-10 07:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 09:54 - 2014-03-10 07:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 09:37 - 2014-08-14 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 09:00 - 2014-07-09 12:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 09:00 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 09:00 - 2014-07-09 08:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 09:00 - 2014-07-09 08:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 08:56 - 2014-07-16 13:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:56 - 2014-07-16 12:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:56 - 2014-06-03 20:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:56 - 2014-06-03 19:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 08:56 - 2014-06-03 19:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 08:56 - 2014-06-03 19:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 08:55 - 2014-07-16 13:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 08:55 - 2014-07-16 12:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 08:55 - 2014-07-16 12:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 08:55 - 2014-07-14 12:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 08:55 - 2014-07-14 11:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 08:55 - 2014-06-25 12:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 08:55 - 2014-06-25 11:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 08:55 - 2014-06-16 12:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:52 - 2014-08-07 12:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 08:52 - 2014-08-07 12:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 15:26 - 2014-08-12 15:29 - 90288664 _____ () C:\Users\rbratz\Downloads\gimp-2.8.10-setup.exe
2014-08-12 12:12 - 2014-08-12 12:12 - 02948254 _____ () C:\Users\rbratz\Downloads\wetransfer-64cfcc.zip.part
2014-08-12 10:16 - 2014-08-12 10:16 - 00004822 _____ () C:\Users\rbratz\Downloads\Mapped Dealers List.xlsx
2014-08-11 17:16 - 2014-08-18 09:44 - 00082064 _____ () C:\Users\rbratz\Desktop\ROBERT2014.TAX
2014-08-11 17:16 - 2014-08-18 09:42 - 00082048 _____ () C:\Users\rbratz\Desktop\ROBERT2014.BAK
2014-08-11 16:27 - 2014-08-11 16:35 - 00000416 _____ () C:\Users\rbratz\Documents\ROBERT2014.TAX
2014-08-11 16:27 - 2014-08-11 16:27 - 00000256 _____ () C:\Users\rbratz\Documents\ROBERT2014.BAK
2014-08-11 15:52 - 2014-08-11 15:52 - 00000000 ____D () C:\Users\rbratz\AppData\Local\etax2014
2014-08-11 15:51 - 2014-08-11 15:51 - 00001887 _____ () C:\Users\rbratz\Desktop\e-tax 2014.lnk
2014-08-11 15:51 - 2014-08-11 15:51 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-08-11 15:50 - 2014-08-11 15:51 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-08-11 15:45 - 2014-08-11 15:48 - 30756864 _____ () C:\Users\rbratz\Downloads\etax2014_1.msi
2014-08-06 11:09 - 2014-08-06 11:10 - 00013045 _____ () C:\Users\rbratz\Downloads\_DetailTranSummary (Bratz,Robert)(2).html
2014-08-04 09:31 - 2014-08-04 09:34 - 02462356 _____ () C:\Users\rbratz\Downloads\2015_launch_banners.zip
2014-07-30 14:25 - 2014-07-30 14:25 - 00064464 _____ () C:\Users\rbratz\Downloads\Item list_RB.xlsx
2014-07-30 14:03 - 2014-07-30 14:03 - 00047368 _____ () C:\Users\rbratz\Downloads\Item list.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 09:23 - 2014-08-25 08:59 - 00033290 _____ () C:\Users\rbratz\Desktop\FRST.txt
2014-08-28 09:23 - 2014-08-25 08:57 - 00000000 ____D () C:\FRST
2014-08-28 09:22 - 2014-08-28 09:22 - 00000896 _____ () C:\Users\rbratz\Desktop\checkup.txt
2014-08-28 09:18 - 2011-07-16 03:39 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Skype
2014-08-28 09:17 - 2014-08-28 09:17 - 00854417 _____ () C:\Users\rbratz\Desktop\SecurityCheck.exe
2014-08-28 09:15 - 2011-12-21 20:43 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA.job
2014-08-28 08:51 - 2012-11-21 20:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 08:26 - 2011-05-24 23:22 - 01714792 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 07:31 - 2012-11-21 20:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 21:12 - 2011-07-16 03:41 - 00000000 ____D () C:\Users\rbratz\Documents\Outlook Files
2014-08-27 13:43 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 13:43 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 13:42 - 2009-07-14 15:13 - 00816122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 13:37 - 2011-07-27 21:52 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\.oit
2014-08-27 13:35 - 2013-10-20 18:18 - 00050972 _____ () C:\Windows\setupact.log
2014-08-27 13:35 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 12:26 - 2013-10-20 18:18 - 03075144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 10:56 - 2014-08-27 10:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-27 09:05 - 2013-10-20 18:18 - 01386208 _____ () C:\Windows\PFRO.log
2014-08-27 09:03 - 2014-08-27 09:02 - 02347384 _____ (ESET) C:\Users\rbratz\Desktop\esetsmartinstaller_deu.exe
2014-08-27 08:56 - 2013-12-08 18:59 - 00000000 ____D () C:\Users\rbratz\AppData\Local\CRE
2014-08-27 07:55 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
2014-08-26 15:56 - 2014-08-26 15:55 - 06570513 _____ () C:\Users\rbratz\Downloads\US_Surfboards_JPG.rar
2014-08-26 15:00 - 2014-08-19 10:15 - 00123928 _____ () C:\Users\rbratz\Desktop\pre order overview.xlsx
2014-08-26 15:00 - 2011-07-26 21:26 - 00000000 ____D () C:\Users\rbratz\Desktop\BEST
2014-08-26 12:15 - 2011-12-21 20:43 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core.job
2014-08-26 10:52 - 2014-08-25 09:01 - 00048116 _____ () C:\Users\rbratz\Desktop\Addition.txt
2014-08-26 10:45 - 2014-08-26 10:45 - 00004217 _____ () C:\Users\rbratz\Desktop\JRT.txt
2014-08-26 10:37 - 2014-08-26 10:37 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 10:36 - 2014-08-26 10:36 - 01016261 _____ (Thisisu) C:\Users\rbratz\Desktop\JRT.exe
2014-08-26 10:30 - 2014-08-26 10:30 - 00001066 _____ () C:\Users\rbratz\Desktop\anti_malware.txt
2014-08-26 10:29 - 2014-05-15 03:44 - 00000000 ____D () C:\temp
2014-08-26 09:25 - 2014-08-26 09:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 09:22 - 2014-08-26 09:22 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-26 09:22 - 2014-08-26 09:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-26 09:21 - 2014-08-26 09:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\rbratz\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-26 09:10 - 2014-08-26 08:49 - 00000000 ____D () C:\AdwCleaner
2014-08-26 09:10 - 2011-07-14 06:52 - 00000000 ____D () C:\Users\rbratz
2014-08-26 08:29 - 2014-08-26 08:28 - 01364531 _____ () C:\Users\rbratz\Desktop\adwcleaner_3.308.exe
2014-08-25 14:03 - 2013-05-17 01:55 - 00000000 ____D () C:\Users\rbratz\Desktop\Auatralia
2014-08-25 08:56 - 2014-08-25 08:56 - 02103296 _____ (Farbar) C:\Users\rbratz\Desktop\FRST64.exe
2014-08-25 08:55 - 2014-08-25 08:55 - 01095168 _____ (Farbar) C:\Users\rbratz\Desktop\FRST.exe
2014-08-23 21:59 - 2014-04-11 13:44 - 00000000 ____D () C:\Windows\rescache
2014-08-22 11:58 - 2014-08-22 11:58 - 00052224 _____ () C:\Users\rbratz\Downloads\SearchResults(2).xls
2014-08-21 21:48 - 2014-08-21 21:32 - 00012504 _____ () C:\Users\rbratz\Desktop\turnover.xlsx
2014-08-20 20:55 - 2014-04-03 14:22 - 00000000 ____D () C:\Users\rbratz\Desktop\Transition period Navi
2014-08-20 13:06 - 2013-03-29 04:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 17:07 - 2014-08-19 16:08 - 00048195 _____ () C:\Users\rbratz\Desktop\zahlen.xlsx
2014-08-18 15:31 - 2014-08-18 15:31 - 00009599 _____ () C:\Users\rbratz\Desktop\POP EU.xlsx
2014-08-18 09:44 - 2014-08-11 17:16 - 00082064 _____ () C:\Users\rbratz\Desktop\ROBERT2014.TAX
2014-08-18 09:42 - 2014-08-11 17:16 - 00082048 _____ () C:\Users\rbratz\Desktop\ROBERT2014.BAK
2014-08-15 11:56 - 2014-08-15 11:56 - 00165376 _____ () C:\Users\rbratz\Desktop\Copy of  SYD Stock On Hand Thursday 14 August 2014 20_00_44_RB.xls
2014-08-14 22:58 - 2012-06-13 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 10:07 - 2014-08-14 10:00 - 00000000 ____D () C:\def8b9787b111ada1366d9301a4c82
2014-08-14 10:07 - 2013-09-19 08:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:07 - 2011-07-09 04:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 10:00 - 2011-07-09 04:59 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 09:53 - 2014-05-06 12:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 09:37 - 2014-08-14 09:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-12 15:29 - 2014-08-12 15:26 - 90288664 _____ () C:\Users\rbratz\Downloads\gimp-2.8.10-setup.exe
2014-08-12 13:56 - 2011-09-30 22:24 - 00000000 ____D () C:\Users\rbratz\Desktop\privat
2014-08-12 12:12 - 2014-08-12 12:12 - 02948254 _____ () C:\Users\rbratz\Downloads\wetransfer-64cfcc.zip.part
2014-08-12 10:16 - 2014-08-12 10:16 - 00004822 _____ () C:\Users\rbratz\Downloads\Mapped Dealers List.xlsx
2014-08-11 16:35 - 2014-08-11 16:27 - 00000416 _____ () C:\Users\rbratz\Documents\ROBERT2014.TAX
2014-08-11 16:27 - 2014-08-11 16:27 - 00000256 _____ () C:\Users\rbratz\Documents\ROBERT2014.BAK
2014-08-11 15:52 - 2014-08-11 15:52 - 00000000 ____D () C:\Users\rbratz\AppData\Local\etax2014
2014-08-11 15:51 - 2014-08-11 15:51 - 00001887 _____ () C:\Users\rbratz\Desktop\e-tax 2014.lnk
2014-08-11 15:51 - 2014-08-11 15:51 - 00000000 ____D () C:\Users\rbratz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2014
2014-08-11 15:51 - 2014-08-11 15:50 - 00000000 ____D () C:\Program Files (x86)\etax2014
2014-08-11 15:48 - 2014-08-11 15:45 - 30756864 _____ () C:\Users\rbratz\Downloads\etax2014_1.msi
2014-08-07 12:06 - 2014-08-14 08:52 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 12:01 - 2014-08-14 08:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 11:10 - 2014-08-06 11:09 - 00013045 _____ () C:\Users\rbratz\Downloads\_DetailTranSummary (Bratz,Robert)(2).html
2014-08-05 09:20 - 2010-11-21 13:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 09:34 - 2014-08-04 09:31 - 02462356 _____ () C:\Users\rbratz\Downloads\2015_launch_banners.zip
2014-07-30 14:25 - 2014-07-30 14:25 - 00064464 _____ () C:\Users\rbratz\Downloads\Item list_RB.xlsx
2014-07-30 14:03 - 2014-07-30 14:03 - 00047368 _____ () C:\Users\rbratz\Downloads\Item list.xlsx

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 08:06

==================== End Of Log ============================

--- --- ---

--- --- ---

rbratz · 28.08.2014, 00:27

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by rbratz at 2014-08-28 09:24:11
Running from C:\Users\rbratz\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: FortiClient AntiVirus (Enabled - Up to date) {385618A6-2256-708E-3FB9-7E98B93F91F9}
AS: FortiClient AntiVirus (Enabled - Up to date) {8337F942-046C-7F00-0509-45EAC2B8DB44}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 Presets (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CS4 American English Speech Analysis Models (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix online plug-in (DV) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Citrix online plug-in (PNA) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (SSON) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.116 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
Design-Lib.Com - Batch PSD to JPG 1.5 (HKLM-x32\...\Design-Lib.Com - Batch PSD to JPG 1.5) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
EPSON BX305 Series Printer Uninstall (HKLM\...\EPSON BX305 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
e-tax 2011 (HKLM-x32\...\{C078C299-C2C2-4110-A6EF-8D5E66C228DA}) (Version: 11.1.704 - ATO)
e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.8.758 - Australian Taxation Office)
FortiClient (HKLM\...\{863EB7F6-0FD9-4BA5-B95A-FC48218AEF5C}) (Version: 5.0.9.0347 - Fortinet Inc)
FTP Commander (HKLM-x32\...\FTP Commander) (Version:  - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICP 9.0 (HKLM\...\ICP install2_is1) (Version:  - )
ImageConverter Plus 8.0 (HKLM-x32\...\ImageConverter Plus_is1) (Version: 8.0.105 (build: 110201) - fCoder Group, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel(R) Network Connections 15.7.176.1 (Version: 15.7.176.1 - Dell) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2347 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Light Image Resizer 4.4.1.4 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.4.1.4 - ObviousIdea)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiSkypeLauncher (remove only) (HKLM-x32\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version:  - neftojpg.com)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.14.104 - Skype Technologies S.A.)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - SPSS Inc.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rbratz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\rbratz\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-08-2014 14:01:19 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04A67888-AA83-4F0B-871E-9A82E741E939} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: {1020FB7C-3CE8-4DF1-99A1-BA20780A419C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21] (Google Inc.)
Task: {B8B40398-DBE6-4F92-9BF4-A0879649CA7E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2186728067-1712137595-3068445564-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B9A46014-6119-49C7-8382-C047220387FC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D336B5BE-863D-4DC1-9EBB-194A4EBF6705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21] (Google Inc.)
Task: {E39CDA05-00FE-4786-807B-15E84D7E1554} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2186728067-1712137595-3068445564-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E719FD0C-C8AA-4D64-AE97-D7BE9738EF0D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001Core.job => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186728067-1712137595-3068445564-1001UA.job => C:\Users\rbratz\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-24 23:24 - 2003-04-19 12:06 - 00008192 ____N () c:\Windows\SysWOW64\srvany.exe
2011-05-25 00:59 - 2011-03-29 03:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-02-08 16:41 - 2011-02-08 16:41 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-11-27 11:19 - 2013-11-27 11:19 - 00389138 _____ () C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2011-07-27 21:49 - 2008-11-17 23:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll
2011-07-27 21:49 - 2009-07-08 23:23 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll
2011-07-27 21:49 - 2009-12-05 02:21 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll
2011-07-27 21:49 - 2009-11-20 22:20 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll
2011-07-27 21:49 - 2008-08-26 02:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll
2011-07-27 21:50 - 2007-03-30 19:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll
2011-07-27 21:49 - 2009-11-27 02:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll
2011-07-27 21:50 - 2009-12-08 19:51 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll
2011-07-27 21:49 - 2009-09-09 23:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll
2011-07-27 21:49 - 2007-03-30 18:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll
2011-07-27 21:49 - 2009-12-07 20:07 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll
2011-07-27 21:49 - 2009-11-28 02:50 - 00135168 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll
2011-07-27 21:49 - 2009-10-17 00:04 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll
2011-07-27 21:49 - 2009-08-06 19:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll
2011-07-27 21:49 - 2009-12-19 01:12 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll
2011-07-27 21:49 - 2008-12-13 01:52 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll
2011-07-27 21:49 - 2007-09-01 02:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll
2011-07-27 21:49 - 2008-12-13 02:00 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll
2011-07-27 21:49 - 2009-11-28 02:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll
2011-07-27 21:49 - 2009-12-05 02:21 - 04567040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll
2011-07-27 21:49 - 2007-03-30 19:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll
2011-07-27 21:49 - 2009-12-19 04:10 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll
2011-07-27 21:49 - 2009-11-12 02:21 - 00450560 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll
2011-07-27 21:49 - 2009-11-12 02:20 - 00098304 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll
2011-07-27 21:49 - 2009-06-26 18:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll
2011-07-27 21:50 - 2009-11-20 20:30 - 01032192 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll
2011-07-27 21:49 - 2009-12-05 02:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll
2011-07-27 21:49 - 2009-11-10 03:35 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll
2011-07-27 21:49 - 2008-08-26 01:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll
2011-07-27 21:49 - 2009-07-14 22:25 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll
2011-07-27 21:49 - 2009-10-23 02:50 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll
2011-07-27 21:49 - 2009-12-07 22:55 - 00253952 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll
2011-07-27 21:49 - 2007-03-30 18:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll
2011-07-27 21:49 - 2008-04-24 19:46 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll
2014-08-27 13:36 - 2014-08-27 13:36 - 00098816 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32api.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00110080 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\pywintypes27.dll
2014-08-27 13:36 - 2014-08-27 13:36 - 00364544 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\pythoncom27.dll
2014-08-27 13:36 - 2014-08-27 13:36 - 00045568 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\_socket.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 01160704 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\_ssl.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00320512 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32com.shell.shell.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00713216 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\_hashlib.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 01175040 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._core_.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00805888 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._gdi_.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00811008 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._windows_.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 01062400 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._controls_.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00735232 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._misc_.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00128512 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\_elementtree.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00127488 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\pyexpat.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00557056 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\pysqlite2._sqlite.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00007168 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\hashobjs_ext.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00087552 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\_ctypes.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00119808 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32file.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00108544 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32security.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00018432 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32event.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00038912 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32inet.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00070656 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._html2.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00167936 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32gui.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00011264 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32crypt.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00027136 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\_multiprocessing.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00686080 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\unicodedata.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00122368 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._wizard.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00010240 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\select.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00024064 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32pipe.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00025600 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32pdh.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00525640 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\windows._lib_cacheinvalidation.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00035840 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32process.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00017408 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32profile.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00022528 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\win32ts.pyd
2014-08-27 13:36 - 2014-08-27 13:36 - 00078336 _____ () C:\Users\rbratz\AppData\Local\Temp\_MEI35162\wx._animate.pyd
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-14 09:37 - 2014-08-14 09:37 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-12 06:07 - 2013-06-12 06:07 - 16033160 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: FortiFW
Description: FortiFW
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: FortiFW
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 08:10:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2014 07:48:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2014 01:37:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/28/2014 01:32:16 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).

Error: (08/27/2014 01:40:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/27/2014 01:39:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/27/2014 01:39:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/27/2014 01:39:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/27/2014 01:36:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 00:26:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/27/2014 05:41:28 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/27/2014 01:36:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0

Error: (08/27/2014 01:05:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/27/2014 00:25:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0

Error: (08/27/2014 11:26:50 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/27/2014 11:24:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/27/2014 11:24:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (08/27/2014 10:41:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0

Error: (08/27/2014 09:21:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (08/27/2014 09:21:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}


Microsoft Office Sessions:
=========================
Error: (08/28/2014 08:10:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/28/2014 07:48:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/28/2014 01:37:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (08/28/2014 01:32:16 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough free space on the backup storage location to back up the data. (0x80780048)

Error: (08/27/2014 01:40:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\rbratz\Desktop\esetsmartinstaller_deu.exe

Error: (08/27/2014 01:39:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\rbratz\Desktop\esetsmartinstaller_deu.exe

Error: (08/27/2014 01:39:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\rbratz\Desktop\esetsmartinstaller_deu.exe

Error: (08/27/2014 01:39:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\rbratz\Desktop\esetsmartinstaller_deu.exe

Error: (08/27/2014 01:36:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 00:26:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 58%
Total physical RAM: 3976.9 MB
Available physical RAM: 1635.1 MB
Total Pagefile: 7951.98 MB
Available Pagefile: 5076.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.11 GB) (Free:41.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 84B5407A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 28.08.2014, 12:25

Servus,

wir haben was übersehen, müssen daher nochmal ran:

Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*CieoNetUtilities_0eEI*
*Conduit*

:folderfind
*CieoNetUtilities_0eEI*
*Conduit*

:regfind
CieoNetUtilities_0eEI
Conduit

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

rbratz · 29.08.2014, 00:30

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 09:13 on 29/08/2014 by rbratz
Administrator - Elevation successful

========== filefind ==========

Searching for "*CieoNetUtilities_0eEI*"
No files found.

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir	--a---- 4216104 bytes	[08:43 07/10/2011]	[17:17 14/03/2011] 1A8438854DD15E4389F5BDEF502C369D
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe.vir	--a---- 38496 bytes	[08:43 07/10/2011]	[13:37 25/03/2010] A320DF2B47CFCAF98D06EB59CD72084C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngineUninstall.exe.vir	--a---- 23648 bytes	[08:43 07/10/2011]	[10:10 03/03/2011] DF465BE110DC0F7E5329D1B8065A405F
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\prxConduitEngine.dll.vir	--a---- 175912 bytes	[08:43 07/10/2011]	[15:54 17/01/2011] B92293778555CE3DABE7F0A7E98B34C0
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_PT.xml.vir	--a---- 392 bytes	[08:58 10/01/2012]	[11:47 06/02/2013] 33A6FE9D4B0A2B55F7437667B7E61F84
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_ZA.xml.vir	--a---- 188 bytes	[22:02 21/02/2013]	[10:55 11/07/2013] F9D8638A27605D2B5FA3F4B8DFFF579E
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_PT.xml.vir	--a---- 191 bytes	[08:58 10/01/2012]	[10:55 11/07/2013] 43C93B80235159F037CEA9A173922F92
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir	--a---- 4216104 bytes	[08:43 07/10/2011]	[17:17 14/03/2011] 1A8438854DD15E4389F5BDEF502C369D
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Roaming\Mozilla\Firefox\Profiles\778oqeqv.default-1376129905533\searchplugins\Conduit.xml.vir	--a---- 1035 bytes	[08:59 08/12/2013]	[08:59 08/12/2013] E6104763E20325B64DFB1F3577489DCB
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_AU.xml.vir	--a---- 188 bytes	[05:40 14/06/2012]	[16:03 23/06/2012] E2A87E535CF5282072AA46166D27D1DF
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_PT.xml.vir	--a---- 188 bytes	[08:52 13/04/2013]	[21:37 14/04/2013] F9D8638A27605D2B5FA3F4B8DFFF579E
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_AU.xml.vir	--a---- 191 bytes	[05:40 14/06/2012]	[21:37 14/04/2013] 43C93B80235159F037CEA9A173922F92
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir	--a---- 4216104 bytes	[05:39 14/06/2012]	[17:17 14/03/2011] 1A8438854DD15E4389F5BDEF502C369D
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_About_png.png.vir	--a---- 821 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Browse_png.png.vir	--a---- 729 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Contact_png.png.vir	--a---- 531 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] A847C5F6CE2C700048749892DD2E0619
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Hide_png.png.vir	--a---- 669 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png.vir	--a---- 263 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png.vir	--a---- 734 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_More_png.png.vir	--a---- 562 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_MoveLeft_png.png.vir	--a---- 610 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 68E9E9252E45ED7BD51B8680E8DD4462
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_MoveRight_png.png.vir	--a---- 606 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 8D8D187BA99DBEF76E4286668B474A4E
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Options_png.png.vir	--a---- 493 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 275C9DA2D536F18F528C80E050C3D705
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Privacy_png.png.vir	--a---- 706 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Refresh_png.png.vir	--a---- 674 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 650731EEF807C292E699779B12CBE552
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Share_png.png.vir	--a---- 696 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 70D43EC3F4BD7C10D5534EFCEC6D7AE5
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\CacheIcons\http___Storage_Conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png.vir	--a---- 607 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml.vir	--a---- 6629 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] EA7547EEB39E758EB24759D06DA92724
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml.vir	--a---- 39 bytes	[05:40 14/06/2012]	[10:54 14/04/2013] 1325F69C5A856ABD7A3A77514B0D51B6
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml.vir	--a---- 4076 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] CDE0F63CC5F7F3EA3A4742508C31163B
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml.vir	--a---- 39 bytes	[05:40 14/06/2012]	[10:54 14/04/2013] 1325F69C5A856ABD7A3A77514B0D51B6
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633802669919925000_gif.gif.vir	--a---- 628 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 8EFCD7BBB062F42761BEADD37901E10E
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633809126480237500_gif.gif.vir	--a---- 239 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 97C1CFF6C6E462B0913E9B2FF5E49E73
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633820122725725000_gif.gif.vir	--a---- 687 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] E0FB2A47746473BC7BBA5449EF7CBFB8
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633995607281715000_gif.gif.vir	--a---- 91 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] FE6B8ECECAB3CD9DF92678AA1E818FA9
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633997096343121250_png.png.vir	--a---- 1767 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 201E550AECF4891B4AC0D2D713548858
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_634001364341241250_png.png.vir	--a---- 1860 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 1BFD931E9D5074625A49AD8B991DDE73
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_Email_xml-2-Classic-633609893622793750_gif.gif.vir	--a---- 1094 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 789748BB5DC16862324FF0BA82E534B7
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000_gif.gif.vir	--a---- 425 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 3BB3646E10E49B85A2BE492420E59EA1
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png.vir	--a---- 821 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png.vir	--a---- 729 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png.vir	--a---- 531 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] A847C5F6CE2C700048749892DD2E0619
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png.vir	--a---- 669 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png.vir	--a---- 263 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png.vir	--a---- 734 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png.vir	--a---- 562 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png.vir	--a---- 493 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 275C9DA2D536F18F528C80E050C3D705
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png.vir	--a---- 706 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png.vir	--a---- 674 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 650731EEF807C292E699779B12CBE552
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png.vir	--a---- 607 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_eula_png.png.vir	--a---- 513 bytes	[08:52 13/04/2013]	[08:52 13/04/2013] F43944209A64CCD0C9B5A92743F0F787
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif.vir	--a---- 403 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif.vir	--a---- 414 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] A9E001CBC00B06B121DFBC80707F5298
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif.vir	--a---- 278 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif.vir	--a---- 405 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif.vir	--a---- 405 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif.vir	--a---- 361 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif.vir	--a---- 425 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 6427565C7105DC497287866100F260BB
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif.vir	--a---- 381 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif.vir	--a---- 351 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] C3EBA0237D68F665AF6D663906221092
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif.vir	--a---- 399 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png.vir	--a---- 617 bytes	[08:52 13/04/2013]	[08:52 13/04/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif.vir	--a---- 405 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif.vir	--a---- 371 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\CacheIcons\http___storage_conduit_com_MarketPlace_40_543_40d79af3-dd82-4256-902c-0d3d39ad5543_Thumbnail_634592210631512474_png.png.vir	--a---- 3167 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] 5E912C952CC4F2D0F067D78451E2FFB7
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en-us.xml.vir	--a---- 7037 bytes	[05:40 14/06/2012]	[10:54 14/04/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en-us.xml.vir	--a---- 5515 bytes	[05:40 14/06/2012]	[10:54 14/04/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en-us.xml.vir	--a---- 6583 bytes	[05:40 14/06/2012]	[10:54 14/04/2013] 520CD78D6EC12247DDC7EC77F51BAFDF
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us.xml.vir	--a---- 5516 bytes	[05:40 14/06/2012]	[10:54 14/04/2013] E0180CE0C845FEC3A03EC0CD988B3763
C:\Users\Robert_privat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\A6OC21PH\storage.conduit[1].xml	--a---- 13 bytes	[05:40 14/06/2012]	[05:40 14/06/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_AU.xml	------- 191 bytes	[01:21 12/08/2013]	[22:33 12/08/2013] 43C93B80235159F037CEA9A173922F92
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ConduitEngine.dll	------- 4216104 bytes	[01:21 12/08/2013]	[17:17 14/03/2011] 1A8438854DD15E4389F5BDEF502C369D
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml	------- 39 bytes	[01:21 12/08/2013]	[01:21 12/08/2013] 1325F69C5A856ABD7A3A77514B0D51B6
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml	------- 39 bytes	[01:21 12/08/2013]	[01:21 12/08/2013] 1325F69C5A856ABD7A3A77514B0D51B6

========== folderfind ==========

Searching for "*CieoNetUtilities_0eEI*"
C:\Program Files (x86)\CieoNetUtilities_0eEI	d------	[18:08 23/11/2011]
C:\Users\rbratz\AppData\LocalLow\CieoNetUtilities_0eEI	d------	[18:08 23/11/2011]

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\Local\Conduit	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\Conduit	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\rbratz\AppData\LocalLow\ConduitEngine	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Conduit	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\ConduitEngine\Repository\conduit_ConduitEngine	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\Repository\conduit_CT2504091_CT2504091	d------	[23:09 25/08/2014]
C:\AdwCleaner\Quarantine\C\Users\Robert_privat\AppData\LocalLow\Vuze_Remote\Repository\conduit_CT2504091_en-us	d------	[23:09 25/08/2014]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit	d------	[01:21 12/08/2013]
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine	d------	[01:21 12/08/2013]

========== regfind ==========

Searching for "CieoNetUtilities_0eEI"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CieoNetUtilities_0eEI]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\CieoNetUtilities_0eEI\Installer]
"CacheDir"="C:\Users\rbratz\AppData\LocalLow\CieoNetUtilities_0eEI\Installr\Cache\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}\1.0\0\win32]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}\1.0\HELPDIR]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936}\InprocServer32]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}\1.0\0\win32]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}\1.0\HELPDIR]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CieoNetUtilities_0eEI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CieoNetUtilities_0eEI\Installer]
"Dir"="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CieoNetUtilities_0eEI\Installer]
"PluginPath"="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ei.CieoNetUtilities_0e.com/Plugin]
"Path"="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\NP0eEISB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936}\InprocServer32]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}\1.0\0\win32]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}\1.0\HELPDIR]
@="C:\Program Files (x86)\CieoNetUtilities_0eEI\Installr\2.bin\0eEZSETP.dll\"
[HKEY_USERS\S-1-5-21-2186728067-1712137595-3068445564-1001\Software\AppDataLow\Software\CieoNetUtilities_0eEI]
[HKEY_USERS\S-1-5-21-2186728067-1712137595-3068445564-1001\Software\AppDataLow\Software\CieoNetUtilities_0eEI\Installer]
"CacheDir"="C:\Users\rbratz\AppData\LocalLow\CieoNetUtilities_0eEI\Installr\Cache\"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}]
@="Conduit Engine API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}\InprocServer32]
@="C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}\ProgID]
@="Conduit.Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}\VersionIndependentProgID]
@="Conduit.Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}]
@="Conduit Engine API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}\InprocServer32]
@="C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}\ProgID]
@="Conduit.Engine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}\VersionIndependentProgID]
@="Conduit.Engine"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="hxxp://alerts.conduit-services.com/root/909619/905414/AU"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="hxxp://alert.services.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="hxxp://alert.client.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="hxxp://alert.storage.conduit.com"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="hxxp://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="hxxp://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine\toolbar]
"ToolbarDllName"="ConduitEngine.dll"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine\toolbar\Repository\conduit_ConduitEngine]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine\toolbar\Repository\IndexTable\ConduitEngine]
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine\toolbar\Repository\MetaData\2964487648]
"dbname"="conduit_ConduitEngine"
[HKEY_USERS\S-1-5-21-2186728067-1712137595-3068445564-1001\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Url"="hxxp://alerts.conduit-services.com/root/909619/905414/AU"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Data\Feeds\905414]
"Title"="Conduit Engine Notifications"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPServicesServerName"="hxxp://alert.services.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"ALPClientsServerName"="hxxp://alert.client.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings]
"AutoUpdateServerName"="hxxp://alert.storage.conduit.com"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\ChannelsSettings]
"URL"="hxxp://alert.services.conduit.com/channels/?aid=EB_CHANNEL_ID"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\DynamicDialogs]
"URL"="hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Login]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/AlertLogin"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Translation]
"URL"="hxxp://alerts.conduit-services.com/translation/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Services\Usage]
"URL"="hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/SetAlertUsageRequest"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine\toolbar]
"ToolbarDllName"="ConduitEngine.dll"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine\toolbar\Repository\conduit_ConduitEngine]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine\toolbar\Repository\IndexTable\ConduitEngine]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\ConduitEngine\toolbar\Repository\MetaData\2964487648]
"dbname"="conduit_ConduitEngine"

Searching for "         "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\rbratz\Downloads\mbam-setup-2.0.2.1012(1).exe"=" Malwarebytes Anti-Malware                                    "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#7CE1E7ED&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001DB21F75&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_1.0#123456789ABC&0#]
"DeviceDesc"="Storage         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_V2.0#123456789ABC&0#]
"DeviceDesc"="Storage         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LACIE&PROD_IAMAKEY&REV_0.00#AB77F4C155375B&0#]
"DeviceDesc"="iamaKey         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-Q3&REV_1.00#94D554A8B0A300000000000000000000&0#]
"DeviceDesc"="YP-Q3           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#2204601175430D5E&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#7CE1E7ED&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001DB21F75&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_1.0#123456789ABC&0#]
"DeviceDesc"="Storage         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_V2.0#123456789ABC&0#]
"DeviceDesc"="Storage         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LACIE&PROD_IAMAKEY&REV_0.00#AB77F4C155375B&0#]
"DeviceDesc"="iamaKey         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-Q3&REV_1.00#94D554A8B0A300000000000000000000&0#]
"DeviceDesc"="YP-Q3           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#2204601175430D5E&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#7CE1E7ED&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001DB21F75&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_1.0#123456789ABC&0#]
"DeviceDesc"="Storage         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GOPRO&PROD_STORAGE&REV_V2.0#123456789ABC&0#]
"DeviceDesc"="Storage         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_LACIE&PROD_IAMAKEY&REV_0.00#AB77F4C155375B&0#]
"DeviceDesc"="iamaKey         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-Q3&REV_1.00#94D554A8B0A300000000000000000000&0#]
"DeviceDesc"="YP-Q3           "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_7.01#2204601175430D5E&0#]
"DeviceDesc"="Cruzer          "
[HKEY_USERS\S-1-5-21-2186728067-1712137595-3068445564-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\rbratz\Downloads\mbam-setup-2.0.2.1012(1).exe"=" Malwarebytes Anti-Malware                                    "
[HKEY_USERS\S-1-5-21-2186728067-1712137595-3068445564-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\rbratz\Downloads\mbam-setup-2.0.2.1012(1).exe"=" Malwarebytes Anti-Malware                                    "

-= EOF =-

so das wird doch langsam - erstmal grosse klasse und DANKE!
Nur mal so zum update - die werbefenster sind soweit alle weg. auch diese unterstrichnen links. Das ist erstmal ein riessen Erfolg. Im generellen habe ich aber immer noch das gefuehl das der rechner sehr langsam ist. wenn wir alles abgeschlossen haben kannst du ja eventl noch mal einen Ratschlag zu diesem Problem geben. Gruss aus down under!!!

M-K-D-B · 29.08.2014, 09:57

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
C:\Program Files (x86)\CieoNetUtilities_0eEI
C:\Users\rbratz\AppData\LocalLow\CieoNetUtilities_0eEI
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
DeleteKey: HKEY_CURRENT_USER\Software\AppDataLow\Software\CieoNetUtilities_0eEI
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CieoNetUtilities_0eEI
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ei.CieoNetUtilities_0e.com/Plugin
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}
DeleteKey: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit
DeleteKey: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hier noch ein Tipp:
PC wird immer langsamer - was tun?

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!

Verwende für jede Anwendung und jeden Account ein anderes Passwort.
Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.

Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:

Java(TM) 6 Update 26
Adobe Flash Player 11

Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:

Java 8 Update 20
Adobe Flash Player

Starte deinen Rechner nach der Installation neu auf.

Schritt 2
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

rbratz · 30.08.2014, 06:32

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-08-2014 01
Ran by rbratz at 2014-08-30 15:25:08 Run:2
Running from C:\Users\rbratz\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\CieoNetUtilities_0eEI
C:\Users\rbratz\AppData\LocalLow\CieoNetUtilities_0eEI
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine
DeleteKey: HKEY_CURRENT_USER\Software\AppDataLow\Software\CieoNetUtilities_0eEI
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CieoNetUtilities_0eEI
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ei.CieoNetUtilities_0e.com/Plugin
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF}
DeleteKey: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit
DeleteKey: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine
EmptyTemp:
end
*****************

C:\Program Files (x86)\CieoNetUtilities_0eEI => Moved successfully.
C:\Users\rbratz\AppData\LocalLow\CieoNetUtilities_0eEI => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine => Moved successfully.
HKEY_CURRENT_USER\Software\AppDataLow\Software\CieoNetUtilities_0eEI => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98} => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936} => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CieoNetUtilities_0eEI => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ei.CieoNetUtilities_0e.com/Plugin => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{98ee749f-a86f-4c48-8007-4b47f5657936} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{8E80CE33-CD54-421C-9DE4-BC946780AB98} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F38B6752-45A1-41AF-A4BC-B063DEF57DDF} => Key deleted successfully.
HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit => Key deleted successfully.
HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\ConduitEngine => Key deleted successfully.
EmptyTemp: => Removed 178.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====