WiredWX Hobby Weather ToolsLog in

 


Dell Laptop Dog - Used for school

2 posters

descriptionDell Laptop Dog - Used for school EmptyDell Laptop Dog - Used for school

more_horiz
Daughter uses this computer for high school. Really bogging down. OTL below:

OTL logfile created on: 2/18/2013 10:54:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joni Seiler\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 24.97% Memory free
5.30 Gb Paging File | 2.72 Gb Available in Paging File | 51.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.46 Gb Total Space | 238.52 Gb Free Space | 85.66% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 1.13 Gb Free Space | 25.84% Space Free | Partition Type: UDF

Computer Name: JONISEILER-PC | User Name: Joni Seiler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 22:52:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joni Seiler\Desktop\OTL.com
PRC - [2013/02/12 15:22:51 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
PRC - [2013/02/12 15:20:47 | 000,107,520 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/24 11:22:50 | 002,231,040 | ---- | M] (Conduit) -- C:\Users\Joni Seiler\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/01/24 11:22:50 | 000,093,440 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/11/14 20:15:53 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Joni Seiler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/24 20:30:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2012/09/19 03:00:48 | 000,383,648 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe
PRC - [2012/09/18 03:46:42 | 000,394,392 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2012/09/18 03:46:30 | 000,041,624 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Hook.exe
PRC - [2012/09/18 03:46:28 | 001,685,144 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Help.exe
PRC - [2012/06/11 16:22:16 | 000,425,040 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe
PRC - [2012/06/11 16:22:16 | 000,267,856 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/06/11 16:22:16 | 000,141,904 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\bingsurrogate.exe
PRC - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/01/27 15:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 20:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/13 09:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/07/02 05:10:28 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/07/02 05:10:24 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007/01/16 22:36:48 | 000,304,624 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 944\memcard.exe
PRC - [2007/01/16 22:36:28 | 000,431,600 | ---- | M] (Dell) -- C:\Program Files (x86)\Dell Photo AIO Printer 944\dlcdmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/18 16:47:36 | 000,096,256 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32api.pyd
MOD - [2013/02/18 16:47:36 | 000,086,016 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\_elementtree.pyd
MOD - [2013/02/18 16:47:36 | 000,040,448 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\_socket.pyd
MOD - [2013/02/18 16:47:35 | 001,024,616 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\windows._cacheinvalidation.pyd
MOD - [2013/02/18 16:47:35 | 000,792,576 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\wx._gdi_.pyd
MOD - [2013/02/18 16:47:35 | 000,731,136 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\wx._misc_.pyd
MOD - [2013/02/18 16:47:35 | 000,571,392 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\pysqlite2._sqlite.pyd
MOD - [2013/02/18 16:47:35 | 000,354,304 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\pythoncom26.dll
MOD - [2013/02/18 16:47:35 | 000,263,168 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32com.shell.shell.pyd
MOD - [2013/02/18 16:47:35 | 000,153,088 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\pyexpat.pyd
MOD - [2013/02/18 16:47:35 | 000,110,592 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32security.pyd
MOD - [2013/02/18 16:47:35 | 000,110,592 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\PyWinTypes26.dll
MOD - [2013/02/18 16:47:35 | 000,073,728 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\_ctypes.pyd
MOD - [2013/02/18 16:47:35 | 000,070,656 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\wx._html2.pyd
MOD - [2013/02/18 16:47:35 | 000,023,040 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32ts.pyd
MOD - [2013/02/18 16:47:35 | 000,017,920 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32profile.pyd
MOD - [2013/02/18 16:47:35 | 000,011,776 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32crypt.pyd
MOD - [2013/02/18 16:47:34 | 001,169,408 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\wx._core_.pyd
MOD - [2013/02/18 16:47:34 | 001,056,256 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\wx._controls_.pyd
MOD - [2013/02/18 16:47:34 | 000,807,424 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\wx._windows_.pyd
MOD - [2013/02/18 16:47:34 | 000,645,120 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\_ssl.pyd
MOD - [2013/02/18 16:47:34 | 000,311,808 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\_hashlib.pyd
MOD - [2013/02/18 16:47:34 | 000,121,856 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\wx._wizard.pyd
MOD - [2013/02/18 16:47:34 | 000,111,104 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32file.pyd
MOD - [2013/02/18 16:47:34 | 000,039,424 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32inet.pyd
MOD - [2013/02/18 16:47:34 | 000,036,352 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32process.pyd
MOD - [2013/02/18 16:47:34 | 000,022,528 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32pdh.pyd
MOD - [2013/02/18 16:47:33 | 000,585,728 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\unicodedata.pyd
MOD - [2013/02/18 16:47:33 | 000,017,920 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\win32event.pyd
MOD - [2013/02/18 16:47:33 | 000,011,776 | ---- | M] () -- C:\Users\Joni Seiler\AppData\Local\Temp\_MEI32722\select.pyd
MOD - [2013/02/17 18:35:31 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/17 18:35:01 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/11 12:31:59 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013/01/11 12:31:53 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll
MOD - [2013/01/11 12:30:41 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 12:29:23 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013/01/11 12:29:22 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013/01/11 12:07:18 | 017,478,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013/01/11 12:07:01 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/11 12:06:58 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013/01/11 12:06:57 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/01/11 12:06:39 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 12:06:15 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 12:06:00 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 12:05:32 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 12:05:28 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 12:05:17 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 12:05:10 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll
MOD - [2013/01/11 12:05:06 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 12:05:04 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 12:04:57 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/11/20 21:24:52 | 000,507,904 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2007/01/16 22:36:48 | 000,304,624 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 944\memcard.exe
MOD - [2006/12/20 20:12:18 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Dell Photo AIO Printer 944\dlcdcfg.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/27 13:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/13 14:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/01/16 22:35:02 | 000,566,768 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcdcoms.exe -- (dlcd_device)
SRV - [2013/02/12 15:20:47 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Joni Seiler\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/24 11:22:50 | 000,093,440 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/24 20:30:30 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2012/09/18 03:46:42 | 000,394,392 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012/08/02 15:06:28 | 000,173,056 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/07/02 05:10:28 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/02 05:10:24 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/16 22:34:36 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/24 20:32:38 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/17 15:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/18 16:40:08 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/08/18 16:39:52 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/08/18 16:39:52 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/18 16:39:50 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/08/18 16:39:50 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/08/18 16:39:50 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/05/27 13:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/17 00:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/31 21:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/25 20:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/01/20 10:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/26 18:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/18 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 03:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN14835643662590919&ctid=CT3279141
IE - HKCU\..\URLSearchHook: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{4B2E815E-3DE4-493D-B35F-F5B0BB70B693}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN14835643662590919
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9F0BD73E-7C60-4F28-856A-8C6CA3A408AA}&mid=35630695fb2547d0ae3db56e710ac71d-67afd26ec4079b9d62c8b4823485b17180a04092&lang=en&ds=AVG&pr=fr&d=2012-07-03 10:00:47&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CEC71AAF-D53F-48D6-A27C-26B84FFD0C3D}: "URL" = http://www.mysearchresults.com/search?&c=4002&t=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joni Seiler\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joni Seiler\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/10/24 20:32:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/24 20:32:41 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://search.conduit.com/?CUI=UN41476848466471977&ctid=CT3279141&SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN41476848466471977&ctid=CT3279141
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?CUI=UN41476848466471977&ctid=CT3279141&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.24_0\crossrider
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.24_0\
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.24_1\crossrider
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.21.24_1\
CHR - Extension: Virtual Keyboard = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: WhiteSmoke B = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.14.251.3_0\
CHR - Extension: Anti-Banner = C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (215 Apps)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Joni Seiler\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (WhiteSmoke B Toolbar) - {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WhiteSmoke B Toolbar) - {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke B Toolbar) - {F0E59437-6148-4A98-B0A6-60D557EF57F4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DLCDCATS] C:\windows\SysNative\spool\DRIVERS\x64\3\DLCDtime.DLL ()
O4:64bit: - HKLM..\Run: [dlcdmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell Photo AIO Printer 944\memcard.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (PCRx.com, LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PCFixSpeed] C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe (Crawler.com)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Joni Seiler\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Spotify] C:\Users\Joni Seiler\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Joni Seiler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41765D3B-A8D7-4BE5-BF38-93379EE7A929}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 22:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joni Seiler\Desktop\OTL.com
[2013/02/18 20:31:57 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Local\{13288BCE-29DE-4758-AE8B-4C27929ED9DF}
[2013/02/14 21:23:41 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/02/14 21:23:41 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/02/14 21:23:40 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/02/14 21:22:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/02/14 21:22:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/02/14 21:22:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/02/14 21:22:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/02/14 21:22:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/02/14 21:22:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/02/14 21:22:08 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/12 15:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/02/12 15:22:40 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\Documents\Flash Player Pro
[2013/02/12 15:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/02/12 15:20:47 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Roaming\DefaultTab
[2013/02/12 15:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
[2013/02/12 15:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2013/02/12 15:20:12 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Roaming\PCFixSpeed
[2013/02/12 15:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PCFixSpeed
[2013/02/12 15:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed
[2013/02/12 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCFixSpeed
[2013/02/12 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Local\Updater21802
[2013/02/12 15:19:35 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Local\Shopping Sidekick Plugin
[2013/02/12 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick Plugin
[2013/02/12 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Local\SwvUpdater
[2013/02/12 15:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/12 15:17:58 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Local\Conduit
[2013/02/12 15:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_B
[2013/02/12 15:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/02/12 15:17:35 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Roaming\SearchProtect
[2013/02/12 15:17:32 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\AppData\Local\CRE
[2013/01/24 20:14:20 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\Documents\SanDiskSecureAccess
[2013/01/24 20:13:56 | 000,000,000 | ---D | C] -- C:\Users\Joni Seiler\Documents\club_application
[2 C:\Users\Joni Seiler\Documents\*.tmp files -> C:\Users\Joni Seiler\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 22:52:50 | 000,000,107 | ---- | M] () -- C:\Users\Joni Seiler\Desktop\Yahoo!.url
[2013/02/18 22:52:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joni Seiler\Desktop\OTL.com
[2013/02/18 22:44:03 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2784060838-1555932679-2798245614-1000UA.job
[2013/02/18 22:14:18 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/18 21:26:49 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/18 20:26:50 | 000,795,384 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/18 20:26:50 | 000,672,290 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/18 20:26:50 | 000,125,268 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/18 19:47:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/18 18:36:12 | 000,000,380 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job
[2013/02/18 17:44:03 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2784060838-1555932679-2798245614-1000Core.job
[2013/02/18 16:55:38 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 16:55:38 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 16:46:46 | 1502,621,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/17 18:30:16 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/12 15:22:51 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/02/12 15:22:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/12 15:20:49 | 000,000,258 | RHS- | M] () -- C:\Users\Joni Seiler\ntuser.pol
[2013/02/12 15:18:36 | 000,000,009 | ---- | M] () -- C:\END
[2 C:\Users\Joni Seiler\Documents\*.tmp files -> C:\Users\Joni Seiler\Documents\*.tmp -> ]

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz

========== Files Created - No Company Name ==========

[2013/02/12 15:20:49 | 000,000,258 | RHS- | C] () -- C:\Users\Joni Seiler\ntuser.pol
[2013/02/12 15:18:43 | 000,000,380 | ---- | C] () -- C:\windows\tasks\AmiUpdXp.job
[2013/02/12 15:17:22 | 000,000,009 | ---- | C] () -- C:\END
[2012/10/21 23:28:32 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2012/09/07 00:22:22 | 000,000,048 | ---- | C] () -- C:\windows\WinInit.Ini
[2012/09/06 22:29:04 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdpmui.dll
[2012/09/06 22:29:04 | 000,434,176 | ---- | C] () -- C:\windows\SysWow64\dlcdutil.dll
[2012/09/06 22:29:04 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdinpa.dll
[2012/09/06 22:29:04 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdiesc.dll
[2012/09/06 22:29:04 | 000,323,584 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdhcp.dll
[2012/09/06 22:29:04 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\dlcdinst.dll
[2012/09/06 22:29:04 | 000,176,128 | ---- | C] () -- C:\windows\SysWow64\dlcdinsb.dll
[2012/09/06 22:29:04 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\dlcdins.dll
[2012/09/06 22:29:04 | 000,135,168 | ---- | C] () -- C:\windows\SysWow64\dlcdjswr.dll
[2012/09/06 22:29:04 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\dlcdinsr.dll
[2012/09/06 22:29:04 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\dlcdcub.dll
[2012/09/06 22:29:04 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\dlcdcu.dll
[2012/09/06 22:29:04 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dlcdcur.dll
[2012/09/06 22:29:03 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdserv.dll
[2012/09/06 22:29:03 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdusb1.dll
[2012/09/06 22:29:03 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdhbn3.dll
[2012/09/06 22:29:03 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdcomc.dll
[2012/09/06 22:29:03 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdlmpm.dll
[2012/09/06 22:29:03 | 000,538,096 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdcoms.exe
[2012/09/06 22:29:03 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdcomm.dll
[2012/09/06 22:29:03 | 000,386,544 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdih.exe
[2012/09/06 22:29:03 | 000,382,448 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdcfg.exe
[2012/09/06 22:29:03 | 000,181,744 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdppls.exe
[2012/09/06 22:29:03 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdprox.dll
[2012/09/06 22:29:03 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\dlcdpplc.dll
[2012/09/06 22:29:03 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\dlcdcfg.dll
[2012/08/11 15:50:35 | 000,017,408 | ---- | C] () -- C:\Users\Joni Seiler\AppData\Local\WebpageIcons.db
[2012/04/20 22:25:20 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2012/04/20 22:25:20 | 000,105,428 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2012/04/20 22:25:19 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2012/04/20 19:58:01 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/02/26 06:02:17 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2012/02/26 06:02:12 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2012/02/26 06:02:12 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2012/02/26 06:02:12 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2012/02/26 06:02:12 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2012/02/26 06:02:12 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2012/02/26 06:02:12 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2012/02/26 06:02:12 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2012/02/26 04:54:12 | 000,789,600 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/20 19:57:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/20 19:57:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/20 19:57:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 19:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/28 19:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\JONI SEILER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\JONI SEILER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\JONI SEILER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\JONI SEILER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/04/20 19:57:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/04/20 19:57:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/04/20 19:57:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 19:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/28 19:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2013/02/12 15:20:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\24x7Help
[2012/04/20 20:20:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/07/03 08:58:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2012/11/14 17:56:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2013/02/12 15:18:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2012/10/16 15:53:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupons
[2012/04/20 19:50:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2012/04/20 19:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2012/04/20 20:16:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2013/02/18 16:47:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2012/08/06 08:53:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Digital Delivery
[2012/09/07 00:12:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Photo AIO Printer 944
[2012/04/20 19:50:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2013/02/12 15:22:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Flash Player Pro
[2012/10/03 09:07:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/04/20 20:21:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/04/20 19:55:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/08/26 08:08:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/09/06 23:53:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/08/11 15:48:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kaspersky Lab
[2012/04/20 20:20:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2012/08/27 02:04:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/08/26 07:42:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/08/27 02:21:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/20 20:18:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/02/26 04:49:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2013/02/12 15:20:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PCFixSpeed
[2012/04/20 19:59:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013/02/12 15:17:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SearchProtect
[2013/02/12 15:20:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shopping Sidekick Plugin
[2012/11/14 17:56:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2013/02/12 15:18:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WhiteSmoke_B
[2010/11/21 01:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/04/20 20:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/11/21 01:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/21 01:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 01:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 21:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 01:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\windows\SysNative\drivers\afd.sys
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 22:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 21:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 20:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/24 21:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/06/01 22:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/23 22:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 21:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 22:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/23 23:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/06/04 01:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\windows\SysNative\cryptsvc.dll
[2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010/11/20 21:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/23 23:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\windows\SysNative\dnsrslvr.dll
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2011/03/03 00:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 21:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

< MD5 for: ES.DLL >
[2013/01/25 20:34:29 | 000,009,168 | ---- | M] () MD5=1D3E71BC0FF12F94D2479F85E9290146 -- C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\24.0.1312.57\Locales\es.dll
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\windows\SysNative\es.dll
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2013/01/18 02:06:26 | 000,009,168 | ---- | M] () MD5=6BF736F8BBC6EFEFEC53703E5F4EF987 -- C:\Users\Joni Seiler\AppData\Local\Google\Chrome\Application\24.0.1312.56\Locales\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\windows\SysNative\ipnathlp.dll
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 21:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\windows\SysNative\drivers\netbt.sys
[2010/11/20 21:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\windows\SysNative\netman.dll
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 11:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 11:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 21:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/08/22 12:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 04:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/04/24 23:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/01/03 00:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\windows\SysNative\drivers\tcpip.sys
[2013/01/03 00:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011/04/25 00:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013/01/03 23:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011/03/19 01:45:16 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2012/10/03 11:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2011/03/19 01:39:54 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2012/08/22 12:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 10:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 21:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\windows\SysNative\drivers\tdx.sys
[2010/11/20 21:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 21:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\drivers\volsnap.sys
[2010/11/20 21:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 21:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\windows\SysNative\wscsvc.dll
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

< End of report >

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz

EXTRAS:

OTL Extras logfile created on: 2/18/2013 10:54:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joni Seiler\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 24.97% Memory free
5.30 Gb Paging File | 2.72 Gb Available in Paging File | 51.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278.46 Gb Total Space | 238.52 Gb Free Space | 85.66% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 1.13 Gb Free Space | 25.84% Space Free | Partition Type: UDF

Computer Name: JONISEILER-PC | User Name: Joni Seiler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9268B5-A1F5-422E-8B92-C5F88FF98F78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18262FA9-8B68-4E9B-A695-360B23F4305B}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F6FE4B7-41E6-4428-BE94-E6A348C182F6}" = rport=445 | protocol=6 | dir=out | app=system |
"{2068284A-AF67-4EFB-B08F-58A13C608721}" = rport=139 | protocol=6 | dir=out | app=system |
"{265E6A22-D3EC-4477-AD6A-8DC525710636}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{267F130D-5F40-4E60-994C-98D240A034D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C972B44-B468-42A9-BAFB-09BC03B95336}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44F2234A-0607-4CCC-96A9-3FC49178E91D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F483C1D-7266-4295-AC42-130CACFFCD76}" = lport=445 | protocol=6 | dir=in | app=system |
"{7760D670-AAD7-441C-B6C4-B41C603B905B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78CA3C21-8A73-4102-A470-69A1D52D25FB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{89296C15-1E70-49E6-8B3F-BABB096585CF}" = lport=137 | protocol=17 | dir=in | app=system |
"{90D515AE-2CEB-44A4-8CB0-761006BAFE96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94410FB2-0C7D-485C-B969-A8F37842E963}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AE29503-F6E7-4139-9752-E39F5C164013}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A093A2B2-04F4-490E-9858-2B0063EBDF51}" = lport=139 | protocol=6 | dir=in | app=system |
"{B80B4654-26AC-47E6-AD17-B2CB3F4006F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBCC5ADC-1E95-47C5-B7C3-62BAB526D28A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB27214D-61F7-48A1-9BE7-789A1E0785B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC36B222-5A7E-4F81-AE1C-0D2550866F98}" = rport=137 | protocol=17 | dir=out | app=system |
"{D147CB43-1913-4F1D-9225-04B7593C9205}" = rport=138 | protocol=17 | dir=out | app=system |
"{D4ED141A-7B4C-47F5-B6F4-94CB6AFEE6AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E59BAD78-D1C2-43ED-83F1-D4EF6D977F2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0786C446-205D-42D3-95D6-C5AB5A0C56B7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dlcdpswx.exe |
"{0CDE20FE-5987-4A4B-8685-31C490120FFD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 944\dlcdaiox.exe |
"{0DE47701-96E6-47CC-B5EC-B6E1EB443911}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{186704D2-D9AF-470E-B26B-FEAA37C508ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D6798E9-2A4A-4F6B-8F54-075C14492BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 944\dlcdmon.exe |
"{1E980078-54E0-42AA-BD1F-D28A45A369EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1F0E7273-6C5F-4258-87F2-0CB90ADE30A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2161775C-5016-427D-8651-28BA9803B18F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2C9A27F8-94BB-40E9-B045-33C79BCC8B33}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3062C61F-E23C-459D-B8B4-EACEA5A615EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{30FE629B-B9E1-4A28-9D85-213E474D6EFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D9C3F65-6B70-40B1-BE09-15F772258935}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E5313BC-94AD-4E97-AFC8-1F0250230E6F}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlcdcoms.exe |
"{41FD9B29-94B6-44FC-B0C0-D516B0DB8915}" = protocol=17 | dir=in | app=c:\program files (x86)\dell photo aio printer 944\dlcdaiox.exe |
"{47BE9068-082A-4A9B-94E4-3CAE4BF43007}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C1419C6-70B0-4204-913C-2B22178CD60F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{69FE686F-6972-4974-98C8-76BB5912E7B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E50AF10-C5F8-46C3-AC13-186A91BC6DEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E712AA7-68A5-409A-99D2-940E431988E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{6F8C5480-577B-4A3D-BB57-585DCBDAA6ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{799A6A03-0599-496E-8AE5-59D667CD705E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8111ED33-4EB8-48CE-B839-831442563DB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{85B4ADB5-7F20-401F-AD0A-C202939AFE8F}" = protocol=17 | dir=in | app=c:\windows\system32\dlcdcoms.exe |
"{8683638F-0BF5-424C-A867-B880C43F59B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{86E905C9-B2B4-43D0-9D95-304F504B1A82}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B48956D-58DE-4685-91D9-56D57E230507}" = protocol=6 | dir=out | app=system |
"{A19FFAEC-B555-487D-95C3-9CB2D401CACB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B17046C0-20CD-4DE7-9E7C-AF65DF8D50E5}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlcdcoms.exe |
"{B7EFAE80-39B6-4E3A-85C4-9864B56961F8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell photo aio printer 944\dlcdmon.exe |
"{B8BF101A-5C85-4956-BB4B-960C05C15DE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8613623-451B-4519-891E-4D95A0A90D5A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D57423A5-16FD-41FA-B013-F8EEAAB82443}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D7E9CF40-E154-4043-BB2A-9A93F9B25372}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC78D25D-17F0-4A2B-B30C-F53FEA1DB288}" = protocol=6 | dir=in | app=c:\windows\system32\dlcdcoms.exe |
"{EA57BE0E-5E26-465A-9431-C099D5CE8403}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dlcdpswx.exe |
"TCP Query User{5A41F19E-4FE3-4617-AF30-57F404E2DB50}C:\users\joni seiler\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\joni seiler\appdata\roaming\spotify\spotify.exe |
"TCP Query User{A9258CFD-C001-413A-8B3C-D80501DBEC5C}C:\users\joni seiler\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\joni seiler\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5823C62F-F97A-43B0-907F-174A0EC60334}C:\users\joni seiler\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\joni seiler\appdata\roaming\spotify\spotify.exe |
"UDP Query User{87D86C87-6FAB-491C-9614-29D34794DDEA}C:\users\joni seiler\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\joni seiler\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5E43D09-96AF-4CA0-85AE-9134E7FFA7FC}" = Dell Digital Delivery
"{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1" = PC Fix Speed 1.2.0.24
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DefaultTab" = DefaultTab
"Dell Webcam Central" = Dell Webcam Central
"Flash Player Pro_is1" = Flash Player Pro V5.4
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SearchProtect" = Search Protect by conduit
"Shopping Sidekick Plugin" = Shopping Sidekick Plugin
"WhiteSmoke_B Toolbar" = WhiteSmoke B Toolbar
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2012 10:21:26 AM | Computer Name = JoniSeiler-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2012 10:51:24 PM | Computer Name = JoniSeiler-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (372) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000010104A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000005E8

Cleanup:
1

Error - 12/12/2012 11:18:27 AM | Computer Name = JoniSeiler-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2012 3:24:05 PM | Computer Name = JoniSeiler-PC | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
stamp: 0x4f35fc1d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000532d0 Faulting
process id: 0x604 Faulting application start time: 0x01cdd89e231be8ca Faulting application
path: C:\windows\System32\spoolsv.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 7d8c43b8-4491-11e2-8e23-642737ee2eee

Error - 12/12/2012 3:24:51 PM | Computer Name = JoniSeiler-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2012 3:33:50 PM | Computer Name = JoniSeiler-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: HTTP status 500: An unexpected condition prevented the server
from fulfilling the request.

Error - 12/13/2012 8:50:41 PM | Computer Name = JoniSeiler-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/14/2012 12:06:37 PM | Computer Name = JoniSeiler-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2012 12:23:20 PM | Computer Name = JoniSeiler-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2013 8:00:29 PM | Computer Name = JoniSeiler-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/24/2013 5:00:33 AM | Computer Name = JoniSeiler-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/24/2013 5:05:32 AM | Computer Name = JoniSeiler-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based
Systems.

Error - 1/24/2013 9:12:40 AM | Computer Name = JoniSeiler-PC | Source = DCOM | ID = 10010
Description =

Error - 1/24/2013 10:38:29 AM | Computer Name = JoniSeiler-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:12:18 AM on ?1/?24/?2013 was unexpected.

Error - 1/24/2013 10:41:41 AM | Computer Name = JoniSeiler-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/24/2013 7:17:10 PM | Computer Name = JoniSeiler-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:11:04 AM on ?1/?24/?2013 was unexpected.

Error - 1/24/2013 7:20:23 PM | Computer Name = JoniSeiler-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Digital Delivery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/24/2013 7:39:33 PM | Computer Name = JoniSeiler-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/28/2013 11:10:49 PM | Computer Name = JoniSeiler-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR6.

Error - 1/29/2013 5:04:45 AM | Computer Name = JoniSeiler-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based
Systems.


< End of report >

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please explain what sort of problems you are encountering.

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************
Dell Laptop Dog - Used for school Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
Adwcleaner first:
# AdwCleaner v2.112 - Logfile created 02/20/2013 at 23:46:17
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joni Seiler - JONISEILER-PC
# Boot Mode : Normal
# Running from : C:\Users\Joni Seiler\Downloads\adwcleaner0.exe
# Option [Search]


***** [Services] *****

Found : 24x7HelpSvc
Found : CltMngSvc
Found : DefaultTabUpdate

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\windows\Tasks\AmiUpdXp.job
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\WhiteSmoke_B
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Found : C:\Users\Joni Seiler\AppData\Local\Conduit
Folder Found : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Folder Found : C:\Users\Joni Seiler\AppData\Local\SwvUpdater
Folder Found : C:\Users\Joni Seiler\AppData\LocalLow\Conduit
Folder Found : C:\Users\Joni Seiler\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Joni Seiler\AppData\LocalLow\WhiteSmoke_B
Folder Found : C:\Users\Joni Seiler\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Joni Seiler\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Found : HKCU\Software\24x7HELP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181102}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181102}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\24x7HELP
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\WhiteSmoke_B
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A679908A-9D19-46B7-94E1-EB7B14A555A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A76635BE-536A-454B-89BE-77D1B0CD99A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_B Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKU\S-1-5-21-2784060838-1555932679-2798245614-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN14835643662590919&ctid=CT3279141

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://search.conduit.com/?CUI=UN41476848466471977&ctid=CT3279141&SearchSource=48",
Found [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN41476848466471977&ctid=CT3279141&SearchSource=48" ]
Found [l.46] : icon_url = "hxxp://search.conduit.com/fav.ico",
Found [l.49] : keyword = "search.conduit.com",
Found [l.52] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN41476848466471977&ctid=CT3279141",
Found [l.1803] : homepage = "hxxp://search.conduit.com/?CUI=UN41476848466471977&ctid=CT3279141&SearchSource=48",
Found [l.2388] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN41476848466471977&ctid=CT3279141&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [9828 octets] - [20/02/2013 23:46:17]

########## EOF - C:\AdwCleaner[R1].txt - [9888 octets] ##########

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
Malware output:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joni Seiler :: JONISEILER-PC [administrator]

2/20/2013 11:51:06 PM
mbam-log-2013-02-20 (23-51-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319882
Time elapsed: 50 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (PUP.215Apps) -> Delete on reboot.

Registry Keys Detected: 16
HKCR\CLSID\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440244184402} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550255185502} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021802.BHO.1 (PUP.215Apps) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin (PUP.215Apps) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (PUP.215Apps) -> Delete on reboot.
C:\Users\Joni Seiler\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Shopping Sidekick Plugin\Uninstall.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.

(end)

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
This computer would not let mee run the security check by screen 317,

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Dell Laptop Dog - Used for school NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Dell Laptop Dog - Used for school NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Dell Laptop Dog - Used for school RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Dell Laptop Dog - Used for school Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
adwclean log

# AdwCleaner v2.113 - Logfile created 02/26/2013 at 22:27:32
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joni Seiler - JONISEILER-PC
# Boot Mode : Normal
# Running from : C:\Users\Joni Seiler\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : 24x7HelpSvc
Stopped & Deleted : CltMngSvc
Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\WhiteSmoke_B
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Deleted : C:\Users\Joni Seiler\AppData\Local\Conduit
Folder Deleted : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Folder Deleted : C:\Users\Joni Seiler\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Joni Seiler\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joni Seiler\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Joni Seiler\AppData\LocalLow\WhiteSmoke_B
Folder Deleted : C:\Users\Joni Seiler\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Joni Seiler\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\24x7HELP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\24x7HELP
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\WhiteSmoke_B
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97A5591D-4C09-4E06-9228-AC433B73650C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A679908A-9D19-46B7-94E1-EB7B14A555A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A76635BE-536A-454B-89BE-77D1B0CD99A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_B Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16448

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN14835643662590919&ctid=CT3279141 --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Joni Seiler\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.33] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.36] : keyword = "search.conduit.com",
Deleted [l.39] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN41[...]
Deleted [l.1909] : homepage = "hxxp://search.conduit.com/?CUI=UN41476848466471977&ctid=CT3279141&SearchSource=48",
Deleted [l.2393] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN41476848466471977&ctid=CT327[...]

*************************

AdwCleaner[R1].txt - [9949 octets] - [20/02/2013 23:46:17]
AdwCleaner[S1].txt - [8254 octets] - [26/02/2013 22:27:32]

########## EOF - C:\AdwCleaner[S1].txt - [8314 octets] ##########

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
combofix log

ComboFix 13-02-26.01 - Joni Seiler 02/26/2013 22:44:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.682 [GMT -6:00]
Running from: c:\users\Joni Seiler\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\0276115d-b6c6-4a1b-8e6b-68bc9dbe4f93.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5b35a8f1-54bf-4743-8fd7-358ffc15372a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\63acf506-979e-4b72-a7ce-2af6dc2b98c4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\_ctypes.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\_elementtree.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\_hashlib.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\_socket.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\_ssl.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\pyexpat.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\pysqlite2._sqlite.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\python26.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\pythoncom26.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\PyWinTypes26.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\select.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\unicodedata.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32api.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32com.shell.shell.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32crypt.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32event.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32file.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32inet.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32pdh.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32process.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32profile.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32security.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\win32ts.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\windows._cacheinvalidation.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wx._controls_.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wx._core_.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wx._gdi_.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wx._html2.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wx._misc_.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wx._windows_.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wx._wizard.pyd
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wxbase293u_net_vc.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wxbase293u_vc.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wxmsw293u_adv_vc.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wxmsw293u_core_vc.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wxmsw293u_html_vc.dll
c:\users\Joni Seiler\AppData\Local\Temp\_MEI32802\wxmsw293u_webview_vc.dll
c:\users\Joni Seiler\Documents\~WRL0005.tmp
c:\users\Joni Seiler\Documents\~WRL1977.tmp
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\_ctypes.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\_elementtree.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\_hashlib.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\_socket.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\_ssl.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\pyexpat.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\pysqlite2._sqlite.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\python26.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\pythoncom26.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\PyWinTypes26.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\select.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\unicodedata.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32api.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32com.shell.shell.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32crypt.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32event.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32file.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32inet.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32pdh.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32process.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32profile.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32security.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\win32ts.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\windows._cacheinvalidation.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wx._controls_.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wx._core_.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wx._gdi_.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wx._html2.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wx._misc_.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wx._windows_.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wx._wizard.pyd
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wxbase293u_net_vc.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wxbase293u_vc.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wxmsw293u_adv_vc.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wxmsw293u_core_vc.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wxmsw293u_html_vc.dll
c:\users\JONISE~1\AppData\Local\Temp\_MEI32802\wxmsw293u_webview_vc.dll
c:\windows\RPSETUP.EXE.LOG
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 05:02 . 2013-02-27 05:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-27 02:37 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBC10C29-0F08-4C2C-8884-8737BAE281A1}\mpengine.dll
2013-02-25 16:29 . 2013-02-25 16:29 -------- d-----w- C:\found.001
2013-02-21 05:50 . 2013-02-21 05:50 -------- d-----w- c:\users\Joni Seiler\AppData\Roaming\Malwarebytes
2013-02-21 05:49 . 2013-02-21 05:49 -------- d-----w- c:\programdata\Malwarebytes
2013-02-21 05:49 . 2013-02-21 05:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-21 05:49 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-21 05:48 . 2013-02-21 05:48 -------- d-----w- c:\users\Joni Seiler\AppData\Local\Programs
2013-02-15 03:23 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-15 03:23 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-15 03:23 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-15 03:23 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-15 03:22 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-15 03:22 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-15 03:22 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-15 03:22 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-15 03:22 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-15 03:22 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-15 03:22 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-15 03:22 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 21:22 . 2013-02-12 21:22 -------- d-----w- c:\program files (x86)\Flash Player Pro
2013-02-12 21:20 . 2013-02-12 21:20 -------- d-----w- c:\program files (x86)\24x7Help
2013-02-12 21:20 . 2013-02-15 02:58 -------- d-----w- c:\users\Joni Seiler\AppData\Roaming\PCFixSpeed
2013-02-12 21:20 . 2013-02-16 00:52 -------- d-----w- c:\programdata\PCFixSpeed
2013-02-12 21:20 . 2013-02-12 21:20 -------- d-----w- c:\program files (x86)\PCFixSpeed
2013-02-12 21:19 . 2013-02-12 21:19 -------- d-----w- c:\users\Joni Seiler\AppData\Local\Updater21802
2013-02-12 21:19 . 2013-02-12 21:19 -------- d-----w- c:\users\Joni Seiler\AppData\Local\Shopping Sidekick Plugin
2013-02-12 21:19 . 2013-02-21 06:45 -------- d-----w- c:\program files (x86)\Shopping Sidekick Plugin
2013-02-12 21:17 . 2013-02-12 21:17 -------- d-----w- c:\users\Joni Seiler\AppData\Local\CRE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 21:22 . 2012-04-21 01:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 21:22 . 2012-04-21 01:56 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-05 04:49 . 2012-09-07 05:41 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 07:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-15 03:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-11 00:16 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-11 00:16 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-11 00:16 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-11 00:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 18:25 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:25 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:25 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:25 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:25 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:25 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:25 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:25 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:25 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:25 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:25 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:25 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:25 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:25 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:25 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:25 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:25 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:25 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:25 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:25 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:25 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:25 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:25 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:25 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:25 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:25 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:25 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:25 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:25 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:25 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:25 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:25 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 18:23 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 18:23 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 18:23 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 18:23 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 18:23 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 18:23 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 18:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 18:23 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
"Spotify Web Helper"="c:\users\Joni Seiler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-15 1199576]
"Spotify"="c:\users\Joni Seiler\AppData\Roaming\Spotify\Spotify.exe" [2012-11-15 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-25 206448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PCFixSpeed"="c:\program files (x86)\PCFixSpeed\PCFixTray.exe" [2012-09-19 383648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe [2007-01-17 566768]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 13:47]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 13:47]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784060838-1555932679-2798245614-1000Core.job
- c:\users\Joni Seiler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 15:27]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784060838-1555932679-2798245614-1000UA.job
- c:\users\Joni Seiler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 15:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"DLCDCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCDtime.dll" [2006-02-24 28672]
"dlcdmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 944\dlcdmon.exe" [2007-01-17 431600]
"MemoryCardManager"="c:\program files (x86)\Dell Photo AIO Printer 944\memcard.exe" [2007-01-17 304624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-02-26 23:22:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-27 05:22
.
Pre-Run: 256,745,775,104 bytes free
Post-Run: 256,832,225,280 bytes free
.
- - End Of File - - 410443411948764A90582F78608FCCFC

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

******************************************

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
Thank you for your paptience:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:278 Go - Free:239 Go )
D:\ [CD_Rom]
F:\ [Removable]
Q:\ [Fixed-FAT32] .. ( Total:0 Go - Free:0 Go )
.
Scan : 23:18.25
Path : C:\Users\Joni Seiler\Desktop\Rooter.exe
User : Joni Seiler ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ????????? (416)
______ ????????? (512)
______ ????????? (564)
______ ????????? (588)
______ ????????? (624)
______ ????????? (648)
______ ????????? (656)
______ ????????? (780)
______ ????????? (860)
______ ????????? (920)
______ ????????? (948)
______ ????????? (988)
______ ????????? (1016)
______ ????????? (436)
______ ????????? (508)
Locked audiodg.exe (1036)
______ ????????? (1176)
______ ????????? (1400)
______ ????????? (1408)
______ ????????? (1492)
______ ????????? (1540)
______ ????????? (1624)
______ ????????? (1652)
______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (1760)
______ ????????? (1788)
______ ????????? (1840)
______ ????????? (1148)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (2136)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2160)
______ C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2192)
______ ????????? (2264)
______ ????????? (2340)
______ ????????? (2428)
______ ????????? (2588)
______ ????????? (2660)
______ ????????? (2688)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2784)
______ ????????? (3004)
______ ????????? (3064)
______ ????????? (2304)
______ ????????? (3084)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (3316)
______ ????????? (3396)
______ ????????? (3404)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (3532)
______ C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (3644)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3660)
______ C:\Program Files (x86)\Dell Photo AIO Printer 944\dlcdmon.exe (3708)
______ C:\Program Files (x86)\Dell Photo AIO Printer 944\memcard.exe (3740)
______ ????????? (3752)
______ C:\Program Files (x86)\Google\Drive\googledrivesync.exe (3764)
______ ????????? (2868)
______ ????????? (3524)
______ C:\Users\Joni Seiler\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (1072)
______ ????????? (3872)
______ C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (1896)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3416)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4112)
______ ????????? (4120)
______ ????????? (4188)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4220)
______ ????????? (4360)
______ ????????? (4376)
______ ????????? (4400)
______ C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe (4584)
______ C:\Program Files (x86)\Google\Drive\googledrivesync.exe (4924)
______ ????????? (2992)
______ ????????? (5560)
______ ????????? (5820)
______ C:\windows\SysWOW64\RunDll32.exe (1956)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (5596)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (3044)
______ ????????? (4532)
______ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6948)
______ ????????? (5168)
______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (5088)
______ ????????? (2368)
______ ????????? (6160)
______ ????????? (3848)
______ C:\windows\SysWOW64\notepad.exe (572)
______ ????????? (7084)
______ ????????? (7108)
______ C:\Users\Joni Seiler\Desktop\Rooter.exe (3924)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:105906176 | Length:20971520000)
\Device\Harddisk0\Partition3 (Start_Offset:21077426176 | Length:298994458624)
.
----------------------\\ Scheduled Tasks
.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784060838-1555932679-2798245614-1000Core.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2784060838-1555932679-2798245614-1000UA.job
C:\windows\Tasks\SA.DAT
C:\windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:18.27
.
C:\Rooter$\Rooter_2.txt - (04/03/2013 | 23:18.27)

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
I meant patience:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joni Seiler [Admin rights]
Mode : Remove -- Date : 03/04/2013 23:17:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] Updater21802.exe : C:\Users\Joni Seiler\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-75JJ5T0 +++++
--- User ---
[MBR] 394c5eafa55c443150e33f90103add3d
[BSP] 226bfcb163189296763242f68bd00bfa : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 285143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] ce9e9ece43a0949d9aad2d1892c1ab34
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7883 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03042013_02d2317.txt >>
RKreport[1]_S_03042013_02d2315.txt ; RKreport[2]_D_03042013_02d2317.txt

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the Dell Laptop Dog - Used for school EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on Dell Laptop Dog - Used for school EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Dell Laptop Dog - Used for school EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check Dell Laptop Dog - Used for school EsetAcceptTerms
•Click the Dell Laptop Dog - Used for school EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check Dell Laptop Dog - Used for school EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push Dell Laptop Dog - Used for school EsetListThreats
•Push Dell Laptop Dog - Used for school EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the Dell Laptop Dog - Used for school EsetBack button.
•Push Dell Laptop Dog - Used for school EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
Computer is still sluggish. I had to restart this application a few times. This is all the log file had:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

descriptionDell Laptop Dog - Used for school EmptyRe: Dell Laptop Dog - Used for school

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum