Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Browser using all CPU

Started by halloshadow , Aug 10 2011 04:15 PM

This topic is locked

#1
halloshadow

Posted 10 August 2011 - 04:15 PM

New Member

Member
8 posts

I watch a lot of tv shows online and about three days ago they became really sluggish and very slow at buffering, then when they finally did buffer they would still play very choppy. So I put the little CPU meter widget that comes with windows 7 up and whenever my browser is open my cpu usage varies from about 70% to 100% usually hovering closer to 100% if not at 100% the majority of the time. While i was trying to self diagnose I also went to speedtest.net and ran their little scan, my internet connection was fine though. They did have a little section on speeding up your browser, so i clicked on that and that took me to a windows registry cleaner, I ran that and then they offered to clean up half the bugs for free, so I did that, but that did nothing. I also have kaspersky internet security, so I ran a full scan and that returned 0 problems. So i don't know why my browser open makes my CPU usage so high, whether I have some sort of malware or what I don't know and I was hoping you could help me. Thank you very much for your time and service! Oh by the way, the RAM usage stays fairly stable at 433% which is higher than usual but doesn't seem to astronomically high.

OTL log:

OTL logfile created on: 8/10/2011 2:36:13 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\hallo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.99% Memory free
7.81 Gb Paging File | 6.00 Gb Available in Paging File | 76.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.84 Gb Total Space | 314.32 Gb Free Space | 69.41% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: SHADOW | User Name: hallo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/10 14:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\hallo\Downloads\OTL.exe
PRC - [2011/06/20 21:01:46 | 000,122,880 | ---- | M] (Samsung Electronics Co. Ltd.) -- C:\Users\hallo\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
PRC - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2010/12/15 20:20:42 | 000,491,520 | ---- | M] (Samsung Electronices Co., Ltd.) -- C:\ProgramData\Verizon\UA_ar\UtilityApplication.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/20 14:48:04 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files (x86)\Vuze\Azureus.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/08/10 14:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\hallo\Downloads\OTL.exe
MOD - [2010/11/20 05:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/27 20:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/08 17:00:46 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/24 22:44:08 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/28 21:36:31 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/28 18:52:48 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/08/28 18:52:45 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/20 17:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 12:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 13:00:00 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 19:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hallo\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hallo\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/08 07:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/05/31 11:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/05/31 11:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/05/31 11:19:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/08 07:41:09 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\hallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\hallo\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.2 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/09 17:07:50 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Roaming\Systweak
[2011/08/09 17:07:21 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2011/08/09 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\{67129EB0-664A-48CE-80BC-4448F7A7B81E}
[2011/08/09 13:23:43 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\{BF99A59C-C94E-4FBD-A512-0BEFB09CBA87}
[2011/07/24 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/24 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\hallo\Documents\TURBOFloorPlan 3D
[2011/07/24 15:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign
[2011/07/23 23:01:37 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011/07/23 22:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IMSIDesign
[2011/07/23 22:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cadsoft
[2011/07/23 22:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IMSIDesign
[2011/05/24 22:44:08 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\hallo\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/10 14:55:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/10 14:53:28 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082539557-1414208462-3386503259-1000UA.job
[2011/08/10 12:58:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/10 12:58:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/10 12:57:48 | 000,007,603 | ---- | M] () -- C:\Users\hallo\AppData\Local\Resmon.ResmonCfg
[2011/08/10 12:54:43 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/10 12:54:43 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/10 12:54:43 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/10 12:48:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/10 12:47:30 | 000,453,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/10 12:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/10 12:47:10 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 12:46:35 | 000,001,660 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2011/08/10 09:30:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082539557-1414208462-3386503259-1000Core.job
[2011/07/27 15:07:02 | 011,935,072 | ---- | M] () -- C:\Users\hallo\Documents\User_Guide.pdf
[2011/07/25 09:17:27 | 000,799,983 | ---- | M] () -- C:\Users\hallo\Documents\Quick_Start_Guide.pdf
[2011/07/24 16:21:24 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhallo.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 12:41:15 | 000,001,660 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2011/07/27 15:07:01 | 011,935,072 | ---- | C] () -- C:\Users\hallo\Documents\User_Guide.pdf
[2011/07/25 09:17:26 | 000,799,983 | ---- | C] () -- C:\Users\hallo\Documents\Quick_Start_Guide.pdf
[2011/07/23 11:00:35 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForhallo.job
[2011/05/24 22:45:45 | 000,001,041 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\vso_ts_preview.xml
[2011/05/24 22:44:08 | 000,099,384 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\inst.exe
[2011/05/24 22:44:08 | 000,007,859 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\pcouffin.cat
[2011/05/24 22:44:08 | 000,001,167 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\pcouffin.inf
[2011/02/10 19:57:11 | 000,007,603 | ---- | C] () -- C:\Users\hallo\AppData\Local\Resmon.ResmonCfg
[2011/01/15 16:31:52 | 000,001,854 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\GhostObjGAFix.xml
[2010/12/21 19:00:19 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/28 18:52:50 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/08 07:40:46 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/08/09 00:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 13:14:00 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/06/03 13:14:00 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/06/03 13:14:00 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2011/08/10 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Azureus
[2011/08/10 13:01:15 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Systweak
[2011/05/13 11:25:01 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Temp
[2011/05/26 08:32:29 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Vso
[2011/01/12 12:07:14 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Windows Live Writer
[2009/07/13 23:08:49 | 000,027,422 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:A3E39C6A

< End of report >

#2
Essexboy

Posted 21 August 2011 - 05:13 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there and sorry for the delay, I would like a fresh look at your system and an update on your problem

Run OTL.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
halloshadow

Posted 23 August 2011 - 01:58 PM

New Member

Topic Starter
Member
8 posts

here is the otl:
OTL logfile created on: 8/23/2011 11:42:33 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\hallo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.13% Memory free
7.81 Gb Paging File | 5.44 Gb Available in Paging File | 69.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.84 Gb Total Space | 314.57 Gb Free Space | 69.46% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS

Computer Name: SHADOW | User Name: hallo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/10 14:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\hallo\Downloads\OTL.exe
PRC - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2010/11/15 10:04:06 | 001,296,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/22 11:50:20 | 000,561,952 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2011/08/10 14:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\hallo\Downloads\OTL.exe
MOD - [2010/11/20 05:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/27 20:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/08 17:00:46 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/09 13:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/24 22:44:08 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/28 21:36:31 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/28 18:52:48 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/08/28 18:52:45 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/20 17:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 12:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 13:00:00 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 19:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cnnb
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hallo\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hallo\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/08 07:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/05/31 11:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/05/31 11:19:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected] [2011/05/31 11:19:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/08 07:41:09 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Conime] File not found
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\hallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\hallo\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3082539557-1414208462-3386503259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.2 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 22:07:18 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Roaming\vlc
[2011/08/11 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/08/11 21:48:11 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\{30DF4CED-6939-428C-9CA0-411D98C4D9B0}
[2011/08/11 21:46:15 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\{329CC0ED-F2E1-4A8D-B7DA-0CFAD37D1987}
[2011/08/09 17:07:50 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Roaming\Systweak
[2011/08/09 17:07:21 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2011/08/09 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\{67129EB0-664A-48CE-80BC-4448F7A7B81E}
[2011/08/09 13:23:43 | 000,000,000 | ---D | C] -- C:\Users\hallo\AppData\Local\{BF99A59C-C94E-4FBD-A512-0BEFB09CBA87}
[2011/07/24 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/24 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\hallo\Documents\TURBOFloorPlan 3D
[2011/07/24 15:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign
[2011/05/24 22:44:08 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\hallo\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 11:28:07 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/23 11:28:06 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082539557-1414208462-3386503259-1000UA.job
[2011/08/23 09:27:55 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082539557-1414208462-3386503259-1000Core.job
[2011/08/23 09:16:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/22 15:27:38 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhallo.job
[2011/08/21 15:07:54 | 000,001,854 | ---- | M] () -- C:\Users\hallo\AppData\Roaming\GhostObjGAFix.xml
[2011/08/13 15:56:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/13 15:56:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 17:09:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/12 17:09:03 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/12 17:09:03 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/11 05:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/11 05:04:26 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 04:43:11 | 643,628,723 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/10 12:57:48 | 000,007,603 | ---- | M] () -- C:\Users\hallo\AppData\Local\Resmon.ResmonCfg
[2011/08/10 12:47:30 | 000,453,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/10 12:46:35 | 000,001,660 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2011/07/27 15:07:02 | 011,935,072 | ---- | M] () -- C:\Users\hallo\Documents\User_Guide.pdf
[2011/07/25 09:17:27 | 000,799,983 | ---- | M] () -- C:\Users\hallo\Documents\Quick_Start_Guide.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/10 12:41:15 | 000,001,660 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2011/07/27 15:07:01 | 011,935,072 | ---- | C] () -- C:\Users\hallo\Documents\User_Guide.pdf
[2011/07/25 09:17:26 | 000,799,983 | ---- | C] () -- C:\Users\hallo\Documents\Quick_Start_Guide.pdf
[2011/05/24 22:45:45 | 000,001,041 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\vso_ts_preview.xml
[2011/05/24 22:44:08 | 000,099,384 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\inst.exe
[2011/05/24 22:44:08 | 000,007,859 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\pcouffin.cat
[2011/05/24 22:44:08 | 000,001,167 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\pcouffin.inf
[2011/02/10 19:57:11 | 000,007,603 | ---- | C] () -- C:\Users\hallo\AppData\Local\Resmon.ResmonCfg
[2011/01/15 16:31:52 | 000,001,854 | ---- | C] () -- C:\Users\hallo\AppData\Roaming\GhostObjGAFix.xml
[2010/12/21 19:00:19 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/28 18:52:50 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/08 07:40:46 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/08/09 00:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 13:14:00 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/06/03 13:14:00 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/06/03 13:14:00 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2011/08/17 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Azureus
[2011/08/10 13:01:15 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Systweak
[2011/05/13 11:25:01 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Temp
[2011/05/26 08:32:29 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Vso
[2011/01/12 12:07:14 | 000,000,000 | ---D | M] -- C:\Users\hallo\AppData\Roaming\Windows Live Writer
[2009/07/13 23:08:49 | 000,027,922 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:A3E39C6A

< End of report >

here is the asw... thing:
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-23 13:55:04
-----------------------------
13:55:04.531 OS Version: Windows x64 6.1.7601 Service Pack 1
13:55:04.531 Number of processors: 2 586 0x170A
13:55:04.533 ComputerName: SHADOW UserName: hallo
13:55:06.917 Initialze error C000010E - driver not loaded
13:55:06.962 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
13:55:20.862 Service scanning
13:55:21.419 Service 1394ohci C:\Windows\system32\drivers\1394ohci.sys **LOCKED** 32
13:55:21.424 Service Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys **LOCKED** 32
13:55:21.430 Service ACPI C:\Windows\system32\drivers\ACPI.sys **LOCKED** 32
13:55:21.436 Service AcpiPmi C:\Windows\system32\drivers\acpipmi.sys **LOCKED** 32
13:55:21.442 Service adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys **LOCKED** 32
13:55:21.449 Service adpahci C:\Windows\system32\DRIVERS\adpahci.sys **LOCKED** 32
13:55:21.456 Service adpu320 C:\Windows\system32\DRIVERS\adpu320.sys **LOCKED** 32
13:55:21.465 Service AFD C:\Windows\system32\drivers\afd.sys **LOCKED** 32
13:55:21.473 Service AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys **LOCKED** 32
13:55:21.481 Service agp440 C:\Windows\system32\drivers\agp440.sys **LOCKED** 32
13:55:21.490 Service aliide C:\Windows\system32\drivers\aliide.sys **LOCKED** 32
13:55:21.500 Service amdide C:\Windows\system32\drivers\amdide.sys **LOCKED** 32
13:55:21.844 Service AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys **LOCKED** 32
13:55:21.854 Service AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys **LOCKED** 32
13:55:21.865 Service amdsata C:\Windows\system32\drivers\amdsata.sys **LOCKED** 32
13:55:21.876 Service amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys **LOCKED** 32
13:55:21.887 Service amdxata C:\Windows\system32\drivers\amdxata.sys **LOCKED** 32
13:55:21.898 Service AppID C:\Windows\system32\drivers\appid.sys **LOCKED** 32
13:55:21.914 Service arc C:\Windows\system32\DRIVERS\arc.sys **LOCKED** 32
13:55:21.925 Service arcsas C:\Windows\system32\DRIVERS\arcsas.sys **LOCKED** 32
13:55:21.936 Service AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys **LOCKED** 32
13:55:21.948 Service atapi C:\Windows\system32\drivers\atapi.sys **LOCKED** 32
13:55:21.959 Service atikmdag C:\Windows\system32\drivers\atikmdag.sys **LOCKED** 32
13:55:21.975 Service b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys **LOCKED** 32
13:55:21.986 Service b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys **LOCKED** 32
13:55:21.998 Service Beep C:\Windows\System32\Drivers\Beep.sys **LOCKED** 32
13:55:22.012 Service blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys **LOCKED** 32
13:55:22.026 Service BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys **LOCKED** 32
13:55:22.037 Service BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys **LOCKED** 32
13:55:22.050 Service Brserid C:\Windows\System32\Drivers\Brserid.sys **LOCKED** 32
13:55:22.061 Service BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys **LOCKED** 32
13:55:22.073 Service BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys **LOCKED** 32
13:55:22.085 Service BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys **LOCKED** 32
13:55:22.096 Service BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys **LOCKED** 32
13:55:22.110 Service cdrom C:\Windows\system32\drivers\cdrom.sys **LOCKED** 32
13:55:22.124 Service circlass C:\Windows\system32\DRIVERS\circlass.sys **LOCKED** 32
13:55:22.135 Service CLFS C:\Windows\System32\CLFS.sys **LOCKED** 32
13:55:22.150 Service CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys **LOCKED** 32
13:55:22.161 Service cmdide C:\Windows\system32\drivers\cmdide.sys **LOCKED** 32
13:55:22.172 Service CNG C:\Windows\System32\Drivers\cng.sys **LOCKED** 32
13:55:22.184 Service Compbatt C:\Windows\system32\DRIVERS\compbatt.sys **LOCKED** 32
13:55:22.195 Service CompositeBus C:\Windows\system32\drivers\CompositeBus.sys **LOCKED** 32
13:55:22.207 Service crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys **LOCKED** 32
13:55:22.224 Service discache C:\Windows\System32\drivers\discache.sys **LOCKED** 32
13:55:22.236 Service Disk C:\Windows\system32\DRIVERS\disk.sys **LOCKED** 32
13:55:22.251 Service drmkaud C:\Windows\system32\drivers\drmkaud.sys **LOCKED** 32
13:55:22.263 Service DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys **LOCKED** 32
13:55:22.277 Service ebdrv C:\Windows\system32\DRIVERS\evbda.sys **LOCKED** 32
13:55:22.291 Service elxstor C:\Windows\system32\DRIVERS\elxstor.sys **LOCKED** 32
13:55:22.303 Service enecir C:\Windows\system32\DRIVERS\enecir.sys **LOCKED** 32
13:55:22.314 Service ErrDev C:\Windows\system32\drivers\errdev.sys **LOCKED** 32
13:55:22.341 Service fdc C:\Windows\system32\DRIVERS\fdc.sys **LOCKED** 32
13:55:22.355 Service flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys **LOCKED** 32
13:55:22.371 Service fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys **LOCKED** 32
13:55:22.384 Service fvevol C:\Windows\System32\DRIVERS\fvevol.sys **LOCKED** 32
13:55:22.396 Service gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys **LOCKED** 32
13:55:22.407 Service GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys **LOCKED** 32
13:55:22.422 Service hcw85cir C:\Windows\system32\drivers\hcw85cir.sys **LOCKED** 32
13:55:22.433 Service HdAudAddService C:\Windows\system32\drivers\HdAudio.sys **LOCKED** 32
13:55:22.445 Service HDAudBus C:\Windows\system32\drivers\HDAudBus.sys **LOCKED** 32
13:55:22.456 Service HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys **LOCKED** 32
13:55:22.468 Service HidBth C:\Windows\system32\DRIVERS\hidbth.sys **LOCKED** 32
13:55:22.481 Service HidIr C:\Windows\system32\DRIVERS\hidir.sys **LOCKED** 32
13:55:22.493 Service HidUsb C:\Windows\system32\drivers\hidusb.sys **LOCKED** 32
13:55:22.510 Service hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys **LOCKED** 32
13:55:22.522 Service HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys **LOCKED** 32
13:55:22.535 Service HpSAMD C:\Windows\system32\drivers\HpSAMD.sys **LOCKED** 32
13:55:22.547 Service HTTP C:\Windows\system32\drivers\HTTP.sys **LOCKED** 32
13:55:22.558 Service hwpolicy C:\Windows\System32\drivers\hwpolicy.sys **LOCKED** 32
13:55:22.570 Service i8042prt C:\Windows\system32\drivers\i8042prt.sys **LOCKED** 32
13:55:22.583 Service iaStor C:\Windows\system32\DRIVERS\iaStor.sys **LOCKED** 32
13:55:22.595 Service iaStorV C:\Windows\system32\drivers\iaStorV.sys **LOCKED** 32
13:55:22.608 Service igfx C:\Windows\system32\DRIVERS\igdkmd64.sys **LOCKED** 32
13:55:22.619 Service iirsp C:\Windows\system32\DRIVERS\iirsp.sys **LOCKED** 32
13:55:22.632 Service IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys **LOCKED** 32
13:55:22.644 Service intelide C:\Windows\system32\drivers\intelide.sys **LOCKED** 32
13:55:22.656 Service intelppm C:\Windows\system32\DRIVERS\intelppm.sys **LOCKED** 32
13:55:22.668 Service IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys **LOCKED** 32
13:55:22.682 Service IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys **LOCKED** 32
13:55:22.694 Service IPNAT C:\Windows\System32\drivers\ipnat.sys **LOCKED** 32
13:55:22.706 Service IRENUM C:\Windows\system32\drivers\irenum.sys **LOCKED** 32
13:55:22.718 Service isapnp C:\Windows\system32\drivers\isapnp.sys **LOCKED** 32
13:55:22.730 Service iScsiPrt C:\Windows\system32\drivers\msiscsi.sys **LOCKED** 32
13:55:22.741 Service kbdclass C:\Windows\system32\drivers\kbdclass.sys **LOCKED** 32
13:55:22.753 Service kbdhid C:\Windows\system32\drivers\kbdhid.sys **LOCKED** 32
13:55:22.765 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 32
13:55:22.776 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 32
13:55:22.790 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 32
13:55:22.801 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 32
13:55:22.813 Service KSecDD C:\Windows\System32\Drivers\ksecdd.sys **LOCKED** 32
13:55:22.824 Service KSecPkg C:\Windows\System32\Drivers\ksecpkg.sys **LOCKED** 32
13:55:22.835 Service ksthunk C:\Windows\system32\drivers\ksthunk.sys **LOCKED** 32
13:55:22.852 Service lltdio C:\Windows\system32\DRIVERS\lltdio.sys **LOCKED** 32
13:55:22.866 Service LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys **LOCKED** 32
13:55:22.877 Service LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys **LOCKED** 32
13:55:22.889 Service LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys **LOCKED** 32
13:55:22.901 Service LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys **LOCKED** 32
13:55:22.915 Service megasas C:\Windows\system32\DRIVERS\megasas.sys **LOCKED** 32
13:55:22.926 Service MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys **LOCKED** 32
13:55:22.939 Service Modem C:\Windows\system32\drivers\modem.sys **LOCKED** 32
13:55:22.951 Service monitor C:\Windows\system32\DRIVERS\monitor.sys **LOCKED** 32
13:55:22.962 Service mouclass C:\Windows\system32\drivers\mouclass.sys **LOCKED** 32
13:55:22.973 Service mouhid C:\Windows\system32\DRIVERS\mouhid.sys **LOCKED** 32
13:55:22.985 Service mountmgr C:\Windows\System32\drivers\mountmgr.sys **LOCKED** 32
13:55:22.996 Service mpio C:\Windows\system32\drivers\mpio.sys **LOCKED** 32
13:55:23.007 Service mpsdrv C:\Windows\System32\drivers\mpsdrv.sys **LOCKED** 32
13:55:23.022 Service msahci C:\Windows\system32\drivers\msahci.sys **LOCKED** 32
13:55:23.034 Service msdsm C:\Windows\system32\drivers\msdsm.sys **LOCKED** 32
13:55:23.047 Service mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys **LOCKED** 32
13:55:23.058 Service msisadrv C:\Windows\system32\drivers\msisadrv.sys **LOCKED** 32
13:55:23.071 Service MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys **LOCKED** 32
13:55:23.083 Service MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys **LOCKED** 32
13:55:23.094 Service MSPQM C:\Windows\system32\drivers\MSPQM.sys **LOCKED** 32
13:55:23.106 Service MsRPC C:\Windows\System32\Drivers\MsRPC.sys **LOCKED** 32
13:55:23.118 Service mssmbios C:\Windows\system32\drivers\mssmbios.sys **LOCKED** 32
13:55:23.130 Service MSTEE C:\Windows\system32\drivers\MSTEE.sys **LOCKED** 32
13:55:23.141 Service MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys **LOCKED** 32
13:55:23.155 Service NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys **LOCKED** 32
13:55:23.167 Service NDIS C:\Windows\system32\drivers\ndis.sys **LOCKED** 32
13:55:23.180 Service NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys **LOCKED** 32
13:55:23.191 Service NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys **LOCKED** 32
13:55:23.203 Service Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys **LOCKED** 32
13:55:23.214 Service NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys **LOCKED** 32
13:55:23.225 Service NDProxy C:\Windows\System32\Drivers\NDProxy.sys **LOCKED** 32
13:55:23.238 Service NetBT C:\Windows\System32\DRIVERS\netbt.sys **LOCKED** 32
13:55:23.254 Service NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys **LOCKED** 32
13:55:23.265 Service NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys **LOCKED** 32
13:55:23.279 Service netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys **LOCKED** 32
13:55:23.291 Service nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys **LOCKED** 32
13:55:23.305 Service nsiproxy C:\Windows\system32\drivers\nsiproxy.sys **LOCKED** 32
13:55:23.317 Service Null C:\Windows\System32\Drivers\Null.sys **LOCKED** 32
13:55:23.329 Service nvraid C:\Windows\system32\drivers\nvraid.sys **LOCKED** 32
13:55:23.341 Service nvstor C:\Windows\system32\drivers\nvstor.sys **LOCKED** 32
13:55:23.352 Service nv_agp C:\Windows\system32\drivers\nv_agp.sys **LOCKED** 32
13:55:23.365 Service ohci1394 C:\Windows\system32\drivers\ohci1394.sys **LOCKED** 32
13:55:23.381 Service Parport C:\Windows\system32\DRIVERS\parport.sys **LOCKED** 32
13:55:23.393 Service partmgr C:\Windows\System32\drivers\partmgr.sys **LOCKED** 32
13:55:23.405 Service pci C:\Windows\system32\drivers\pci.sys **LOCKED** 32
13:55:23.416 Service pciide C:\Windows\system32\drivers\pciide.sys **LOCKED** 32
13:55:23.427 Service pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys **LOCKED** 32
13:55:23.439 Service pcouffin C:\Windows\System32\Drivers\pcouffin.sys **LOCKED** 32
13:55:23.450 Service pcw C:\Windows\System32\drivers\pcw.sys **LOCKED** 32
13:55:23.461 Service PEAUTH C:\Windows\system32\drivers\peauth.sys **LOCKED** 32
13:55:23.483 Service PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys **LOCKED** 32
13:55:23.494 Service Processor C:\Windows\system32\DRIVERS\processr.sys **LOCKED** 32
13:55:23.508 Service Psched C:\Windows\system32\DRIVERS\pacer.sys **LOCKED** 32
13:55:23.520 Service ql2300 C:\Windows\system32\DRIVERS\ql2300.sys **LOCKED** 32
13:55:23.531 Service ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys **LOCKED** 32
13:55:23.544 Service QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys **LOCKED** 32
13:55:23.555 Service RasAcd C:\Windows\System32\DRIVERS\rasacd.sys **LOCKED** 32
13:55:23.566 Service RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys **LOCKED** 32
13:55:23.579 Service Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys **LOCKED** 32
13:55:23.592 Service RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys **LOCKED** 32
13:55:23.603 Service RasSstp C:\Windows\system32\DRIVERS\rassstp.sys **LOCKED** 32
13:55:23.616 Service rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys **LOCKED** 32
13:55:23.628 Service RDPCDD C:\Windows\System32\DRIVERS\RDPCDD.sys **LOCKED** 32
13:55:23.639 Service RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys **LOCKED** 32
13:55:23.651 Service RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys **LOCKED** 32
13:55:23.662 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
13:55:23.675 Service rdyboost C:\Windows\System32\drivers\rdyboost.sys **LOCKED** 32
13:55:23.696 Service rspndr C:\Windows\system32\DRIVERS\rspndr.sys **LOCKED** 32
13:55:23.710 Service RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys **LOCKED** 32
13:55:23.721 Service RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys **LOCKED** 32
13:55:23.734 Service sbp2port C:\Windows\system32\drivers\sbp2port.sys **LOCKED** 32
13:55:23.747 Service scfilter C:\Windows\System32\DRIVERS\scfilter.sys **LOCKED** 32
13:55:23.761 Service sdbus C:\Windows\system32\drivers\sdbus.sys **LOCKED** 32
13:55:23.773 Service secdrv C:\Windows\System32\Drivers\secdrv.sys **LOCKED** 32
13:55:23.788 Service Serenum C:\Windows\system32\DRIVERS\serenum.sys **LOCKED** 32
13:55:23.801 Service Serial C:\Windows\system32\DRIVERS\serial.sys **LOCKED** 32
13:55:23.813 Service sermouse C:\Windows\system32\DRIVERS\sermouse.sys **LOCKED** 32
13:55:23.826 Service sffdisk C:\Windows\system32\drivers\sffdisk.sys **LOCKED** 32
13:55:23.838 Service sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys **LOCKED** 32
13:55:23.849 Service sffp_sd C:\Windows\system32\drivers\sffp_sd.sys **LOCKED** 32
13:55:23.860 Service sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys **LOCKED** 32
13:55:23.875 Service SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys **LOCKED** 32
13:55:23.886 Service SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys **LOCKED** 32
13:55:23.898 Service Smb C:\Windows\system32\DRIVERS\smb.sys **LOCKED** 32
13:55:23.912 Service spldr C:\Windows\System32\Drivers\spldr.sys **LOCKED** 32
13:55:23.926 Service SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS **LOCKED** 32
13:55:23.939 Service SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS **LOCKED** 32
13:55:23.950 Service SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS **LOCKED** 32
13:55:23.965 Service stexstor C:\Windows\system32\DRIVERS\stexstor.sys **LOCKED** 32
13:55:23.976 Service STHDA C:\Windows\system32\DRIVERS\stwrt64.sys **LOCKED** 32
13:55:23.991 Service swenum C:\Windows\system32\drivers\swenum.sys **LOCKED** 32
13:55:24.004 Service SynTP C:\Windows\system32\DRIVERS\SynTP.sys **LOCKED** 32
13:55:24.022 Service Tcpip C:\Windows\System32\drivers\tcpip.sys **LOCKED** 32
13:55:24.034 Service TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys **LOCKED** 32
13:55:24.045 Service tcpipreg C:\Windows\System32\drivers\tcpipreg.sys **LOCKED** 32
13:55:24.057 Service TDPIPE C:\Windows\system32\drivers\tdpipe.sys **LOCKED** 32
13:55:24.068 Service TDTCP C:\Windows\system32\drivers\tdtcp.sys **LOCKED** 32
13:55:24.079 Service tdx C:\Windows\system32\DRIVERS\tdx.sys **LOCKED** 32
13:55:24.090 Service TermDD C:\Windows\system32\drivers\termdd.sys **LOCKED** 32
13:55:24.108 Service tssecsrv C:\Windows\System32\DRIVERS\tssecsrv.sys **LOCKED** 32
13:55:24.121 Service TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys **LOCKED** 32
13:55:24.133 Service tunnel C:\Windows\system32\DRIVERS\tunnel.sys **LOCKED** 32
13:55:24.145 Service uagp35 C:\Windows\system32\DRIVERS\uagp35.sys **LOCKED** 32
13:55:24.158 Service uliagpkx C:\Windows\system32\drivers\uliagpkx.sys **LOCKED** 32
13:55:24.169 Service umbus C:\Windows\system32\drivers\umbus.sys **LOCKED** 32
13:55:24.180 Service UmPass C:\Windows\system32\DRIVERS\umpass.sys **LOCKED** 32
13:55:24.193 Service USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys **LOCKED** 32
13:55:24.204 Service usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys **LOCKED** 32
13:55:24.216 Service usbcir C:\Windows\system32\drivers\usbcir.sys **LOCKED** 32
13:55:24.228 Service usbehci C:\Windows\system32\drivers\usbehci.sys **LOCKED** 32
13:55:24.239 Service usbhub C:\Windows\system32\DRIVERS\usbhub.sys **LOCKED** 32
13:55:24.251 Service usbohci C:\Windows\system32\drivers\usbohci.sys **LOCKED** 32
13:55:24.262 Service usbprint C:\Windows\system32\DRIVERS\usbprint.sys **LOCKED** 32
13:55:24.273 Service usbscan C:\Windows\system32\DRIVERS\usbscan.sys **LOCKED** 32
13:55:24.285 Service USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS **LOCKED** 32
13:55:24.296 Service usbuhci C:\Windows\system32\drivers\usbuhci.sys **LOCKED** 32
13:55:24.307 Service usbvideo C:\Windows\System32\Drivers\usbvideo.sys **LOCKED** 32
13:55:24.321 Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED** 32
13:55:24.333 Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED** 32
13:55:24.344 Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED** 32
13:55:24.356 Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED** 32
13:55:24.367 Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED** 32
13:55:24.379 Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED** 32
13:55:24.390 Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED** 32
13:55:24.401 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED** 32
13:55:24.413 Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED** 32
13:55:24.426 Service vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys **LOCKED** 32
13:55:24.437 Service vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys **LOCKED** 32
13:55:24.451 Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED** 32
13:55:24.463 Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
13:55:24.475 Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED** 32
13:55:24.492 Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED** 32
13:55:24.504 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED** 32
13:55:24.523 Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED** 32
13:55:24.544 Service WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys **LOCKED** 32
13:55:24.558 Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED** 32
13:55:24.574 Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED** 32
13:55:24.589 Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED** 32
13:55:24.600 Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED** 32
13:55:24.614 Service yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys **LOCKED** 32
13:55:25.130 Modules scanning
13:55:25.140 Disk 0 trace - called modules:
13:55:25.150
13:55:25.159 Scan finished successfully
13:56:20.540 The log file has been saved successfully to "C:\Users\hallo\Desktop\aswMBR.txt"

#4
Essexboy

Posted 23 August 2011 - 02:06 PM

GeekU Moderator

Retired Staff
69,964 posts

Hmm that is a weird aswMBR report - lets look deeper

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

Megaupload

#5
halloshadow

Posted 25 August 2011 - 11:53 PM

New Member

Topic Starter
Member
8 posts

so the automatic scan came up with no threats detected, so there was nothing to click, save, and/or post.
I'll post the zip file in the next post

#6
halloshadow

Posted 26 August 2011 - 12:02 AM

New Member

Topic Starter
Member
8 posts

avptool_sysinfo.zip 9.94KB 139 downloads

#7
halloshadow

Posted 26 August 2011 - 12:03 AM

New Member

Topic Starter
Member
8 posts

above is the manual disinfection collected information folder

#8
Essexboy

Posted 26 August 2011 - 06:43 AM

GeekU Moderator

Retired Staff
69,964 posts

It looks OK as well - I will do one further run before we look at some other options

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#9
halloshadow

Posted 26 August 2011 - 12:12 PM

New Member

Topic Starter
Member
8 posts

Ok I ran that program and now I can no longer access the internet, it says "illegal operation attempted on a registery key that has been marked for deletion." So that doesn't sound good. I am now writing this from my phone

#10
Essexboy

Posted 26 August 2011 - 12:47 PM

GeekU Moderator

Retired Staff
69,964 posts

Reboot the computer and that will go away

#11
halloshadow

Posted 26 August 2011 - 07:20 PM

New Member

Topic Starter
Member
8 posts

Rebooting fixed the previous problem, I am headed out of town for the weekend so wasn't able to test the original problem, when I get home on Sunday I will check it out though and report.

#12
Essexboy

Posted 27 August 2011 - 04:47 AM

GeekU Moderator

Retired Staff
69,964 posts

When you do could you post the combofix log as well please

#13
Essexboy

Posted 31 August 2011 - 01:16 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.