Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

slowing computer, mouse less responsive, long time loading anything &

Started by skgrate , Mar 02 2012 08:56 AM

Please log in to reply

#1
skgrate

Posted 02 March 2012 - 08:56 AM

Member

Member
63 posts

My Computer is an ASUST eK notebook K40U/K50U series
Pentium R Dual Core CPU [email protected] RAM 4.00 GB 64 bit
running on windows 7 premium service pack 1

In the last 2 weeks the mouse has been less responsive,ie taking clicks and not doing anything then opening 6 pages at the same time.( I bought a new mouse thinking it was too old and maybe just on its way out) but this has made no difference, I was also having problems clicking and dragging things and some funny mysterious things happening with my cursor when typing ie it jumps to somehwere else without me intending it to.
The computer is slow to open up firefox, and links to facebook from windows live mail do not work ,
The computer is still working but I am concerned something is not right somewhere.
I have Kapersky anti virus 11.010400 running al the time .
I have run c cleaner on a regular basis but perhaps i have missed and anti malware or spyware program i perhaps foolishly thought I was covered with what I have.
I am not super at understanding all the different combinations of what goes with what and what slows or works against each other?

I am keen to learn if I am missing something or if I need to correct something or if I have critters on the system somewhere.
I am sorry but this is all i can think of to explain the problem.
I have posted the otl report underneath, and would like to thank you for your time before embarking on helping me I very much appreciate the help

Also the first version of OTL didnt manage a quick scan so I tried the other version suggested in the guide. One final thing It took close to 10 hours or so to run the quick scan so was not that quick! perhaps this is normal but thought i should mention it,
Thanks again
kate

OTL logfile created on: 01/03/2012 14:06:28 - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\K8\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.21% Memory free
7.93 Gb Paging File | 5.64 Gb Available in Paging File | 71.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.24 Gb Total Space | 160.32 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 669.89 Gb Free Space | 71.93% Space Free | Partition Type: FAT32

Computer Name: K8-PC | User Name: K8 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 14:03:12 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\K8\Downloads\OTL.scr
PRC - [2012/02/18 11:56:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/25 10:16:28 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/09 09:47:26 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/23 13:01:58 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/04/03 09:59:47 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/16 18:52:14 | 000,331,776 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2009/08/20 04:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 17:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 22:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/24 20:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 04:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/18 11:56:50 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/03 08:39:32 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 19:05:28 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/05/09 13:26:40 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/05/09 13:26:39 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/01/05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/23 13:01:58 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/08/17 11:19:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/25 10:16:44 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 13:01:58 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/03 09:56:39 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/10/15 10:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/05 02:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/23 06:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/09 09:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 20:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 19:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/01/25 10:16:46 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/01/25 10:16:44 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/12/15 18:14:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3106575
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {5c4cae29-c754-4ca3-89e1-90b82459159a} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PCHelpSoft Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PCHelpSoft Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\K8\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 11:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 18:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010/09/23 12:50:43 | 000,000,000 | ---D | M]

[2011/10/01 14:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K8\AppData\Roaming\Mozilla\Extensions
[2012/02/22 13:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K8\AppData\Roaming\Mozilla\Firefox\Profiles\i2wpgulv.default\extensions
[2012/01/03 09:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/17 15:45:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/23 12:51:38 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\USERS\K8\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I2WPGULV.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012/02/18 11:56:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/18 11:56:48 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/18 11:56:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/18 11:56:48 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/18 11:56:48 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/18 11:56:48 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\K8\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\K8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\K8\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\K8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\K8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\K8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E37BB2D-FB3D-4A20-B70F-7BC05F2098DB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/26 17:15:22 | 000,000,191 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 09:36:58 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A5733EE5-1C10-4F69-9918-C149C1B8BAAC}
[2012/03/01 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F7B170F8-7474-422F-8F09-4A388EE2BE0B}
[2012/02/29 09:29:29 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{AFB6F932-CADA-45AD-B731-660BA2C82485}
[2012/02/29 09:28:57 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{376C65B8-84C8-412F-9B6A-D15F2036BA3B}
[2012/02/28 12:25:36 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{05B52EC0-E401-4CAD-866D-0DC26D219AB4}
[2012/02/28 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{9076989A-3E6E-4F0D-A3B1-838727281789}
[2012/02/27 21:53:19 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{6F680A32-C17D-45DE-9489-1411E73FB8CA}
[2012/02/27 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{6BCDC0EE-C602-40E8-8002-4FA513AAAFCD}
[2012/02/27 09:51:56 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F0F1467F-AEC5-4E91-BAFA-936C796D30A0}
[2012/02/27 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{56EE7F7B-891C-4671-BE21-189B3483E659}
[2012/02/26 10:42:41 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{29FBB378-DC9D-445F-8317-8E1BE49EBF74}
[2012/02/25 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E883E01E-2F01-47B3-BCAF-A0E0F22A47B0}
[2012/02/25 14:14:31 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{FA8FFF6E-2FE9-4F4A-A0E3-4E896FB03B0B}
[2012/02/25 09:45:17 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{203EF71A-031D-4E64-9EA5-93CBFF72DDE3}
[2012/02/25 02:14:37 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C30D40DC-F854-4EE8-BE11-554019DDCFD4}
[2012/02/24 11:03:15 | 000,000,000 | ---D | C] -- C:\Users\K8\Documents\cc Registry backups
[2012/02/24 09:20:51 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{9A830147-6413-4E9B-AB6F-7C90C77CA722}
[2012/02/24 09:20:26 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5E8A8042-B900-439C-B229-E1E4B8DA92F5}
[2012/02/23 21:20:03 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E6C5982D-46B9-4C36-8A7A-C80E16BF73E6}
[2012/02/23 21:19:40 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{926F2B66-5881-4326-BDB4-1F2219049B99}
[2012/02/23 09:17:45 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5EC60E84-0F03-4ADD-BFFF-90A70A00311B}
[2012/02/23 09:17:10 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{2FF3368A-5B79-4944-B692-B5AD07E224E7}
[2012/02/22 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{06324FC1-78C7-4AE9-8ECE-5A18416D6A92}
[2012/02/22 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{28C25BD2-3D0C-48B5-9D50-B98E39357E26}
[2012/02/21 23:32:05 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{2ACA339A-BFAB-4759-B413-8990ACF85025}
[2012/02/21 23:31:33 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{ADFFA814-0FFA-4419-A526-45C30506CF40}
[2012/02/21 08:42:06 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A28E5FE9-222F-4E38-906F-2363F213E406}
[2012/02/21 08:41:37 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5F259D83-3159-4451-BB70-1942B3A0F49E}
[2012/02/20 18:35:21 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{1201B7A6-06A4-4FCA-B484-2C6875CFB311}
[2012/02/20 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{2BB84090-F544-4B61-B31C-9DCF3E59A9A6}
[2012/02/20 05:33:48 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C2EB7565-B23A-44AE-9516-0761A0607842}
[2012/02/20 05:33:35 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F766D916-F6C2-4D3C-A83A-4017ED07F7E1}
[2012/02/19 17:33:08 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{147D87E6-243D-402C-A3F7-3FEBCC1C0185}
[2012/02/19 17:32:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E06859C3-547D-4346-B1CB-A5C20FFE82EA}
[2012/02/18 16:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HardwareHelper
[2012/02/18 16:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/02/18 16:04:56 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\Conduit
[2012/02/18 11:54:04 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E6EE3545-2A32-4A5B-BBAF-8AFF4840F2E7}
[2012/02/18 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C7416BB4-44F4-4C4A-A233-484A79354DF1}
[2012/02/17 20:46:13 | 000,000,000 | ---D | C] -- C:\Users\K8\Documents\manuals
[2012/02/17 13:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage
[2012/02/17 12:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/02/17 11:47:18 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{897CD385-DD5E-4218-9F33-0070B70AD869}
[2012/02/17 11:47:06 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{AAA61C7F-6D80-4A7F-B3F7-D2AB32BDE8A2}
[2012/02/16 12:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/02/16 08:21:30 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{839E3465-706B-481D-9311-6BA59314EFF3}
[2012/02/16 08:21:09 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{4AA5F4E5-900D-415C-812D-62BEC541AF31}
[2012/02/15 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{07ED72F4-8EF9-4645-8C2A-AECD195C536D}
[2012/02/15 08:21:30 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{70371A6E-3172-4ADF-AFF1-8D2E3F57F173}
[2012/02/14 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F355D8AC-8441-4A16-841A-6CABB23C89D4}
[2012/02/14 18:40:27 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{BBC9848C-FF59-40BF-A7B7-26B2A236424D}
[2012/02/14 01:01:36 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{1B71C0B4-2FB5-4F68-9AE7-DA0AF8024512}
[2012/02/13 08:25:39 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{7EE95B05-AAC5-4DF9-8D74-F89DFF70B4F6}
[2012/02/13 08:25:15 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E1C60FC9-A973-442D-BDF7-C473696C767C}
[2012/02/12 11:32:34 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{78C53BFD-30AD-4702-8217-79BDE013F1FE}
[2012/02/12 11:32:13 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{D78827A7-2E81-4B80-8623-E8CAADB08BED}
[2012/02/11 23:31:57 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F512AD78-1607-4F84-AADC-6735D83E3AF7}
[2012/02/11 23:31:35 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A6C73014-3B92-452F-BD1E-C827CE89C752}
[2012/02/11 11:31:17 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{541D8BC6-9B4C-4497-BED7-5E6B66E8D353}
[2012/02/11 11:30:55 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{BF0639C6-1E60-49D4-877B-CF8BC368E833}
[2012/02/10 23:30:42 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{04BDA0F0-5D4E-4CCC-A4D6-2AC257CFFE0E}
[2012/02/10 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{BCA36104-8530-4408-9A35-6C1A44DB7FFC}
[2012/02/10 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{D47BBDF2-3B3D-4850-81C1-AF87961DE476}
[2012/02/10 11:29:32 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{879234A2-EB7F-404B-BDB9-8B23C8D955B9}
[2012/02/09 13:50:57 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{DF70B8D7-CAEC-40A6-AFBB-E21E96F01AF4}
[2012/02/09 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{DCE188B7-20AA-45F7-9ED8-EA0192585312}
[2012/02/09 01:50:49 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F30E6A9F-A5AF-495F-AD41-1A7D6CF13B61}
[2012/02/08 17:00:21 | 000,000,000 | ---D | C] -- C:\Users\K8\Documents\next door2012
[2012/02/08 10:10:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{0303A059-4927-497C-AE53-443C983BDC03}
[2012/02/08 10:10:20 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A0827F07-58DC-433D-A4DC-ED6CB38185AB}
[2012/02/07 22:09:52 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{057257BB-07D0-4477-A5A3-C6424C086B39}
[2012/02/07 22:09:31 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{8BA0079A-A000-48A7-887F-0FD8CF33311D}
[2012/02/07 08:13:08 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{8A6C47B7-C094-4EBA-9785-68C5AE0E3034}
[2012/02/07 08:12:57 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{34765074-2115-44F2-B11B-01CE8EA14BBF}
[2012/02/07 01:42:56 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E8064AE2-FBA0-4E2D-9316-B0D174ED2797}
[2012/02/06 09:53:22 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{4E52FF24-26A8-4BB5-8783-C0807254F053}
[2012/02/06 09:53:11 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{33B5C10A-55FA-4E32-B280-5B528FE3C206}
[2012/02/05 20:04:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F5D1E70C-1633-4BA7-A6D9-97BAEEDB16F9}
[2012/02/05 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{667C00CE-A4E0-4A97-A975-15A8BBB28400}
[2012/02/04 10:30:57 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{D4A1BA72-2E58-4DD2-9847-AD3D5207AEE4}
[2012/02/04 10:30:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{3299F676-0263-4428-8F3D-A83782C373CF}
[2012/02/03 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5F002C0D-C9D7-4D1F-A63C-BFE2C2CD6780}
[2012/02/03 21:36:45 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{FB8AC159-F87D-42F7-9427-A2C7A13B9D2A}
[2012/02/03 09:36:20 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{BCBED2B1-5256-40C1-BF70-55AA55D975CF}
[2012/02/03 09:36:09 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{BBB93FE4-EDBA-4232-B58B-87A87C942CAE}
[2012/02/03 00:55:03 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5F94C37B-68FF-4000-9B30-C164281DEF2F}
[2012/02/02 09:38:11 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F309FD15-04A0-4B54-9921-79949119AE73}
[2012/02/02 09:37:58 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{50CC707C-B418-4C50-B1D1-37B6F2C16AEB}
[2012/02/01 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E7594BE5-A662-4C74-B0CA-59C1E15C6502}
[2012/02/01 21:32:08 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{B0A555A5-4460-4001-866A-58C598E32C9E}
[2012/02/01 09:31:34 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5B3CD9E0-5501-442A-AB0D-E3E61DD65010}
[2012/02/01 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{7AD7B093-EFDD-4552-B7C4-9B1147940B0E}
[2012/01/31 21:29:23 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{FD2E4DA6-AD6A-4C7A-AF90-9EE50BB92EBC}
[2012/01/31 21:29:01 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5EC5A474-02BF-413E-A676-FAE9DA93F7A6}
[2009/04/08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/08/12 05:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[2008/05/22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[1 C:\Users\K8\AppData\Local\*.tmp files -> C:\Users\K8\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/01 20:30:55 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 20:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 13:30:15 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 16:58:18 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/28 16:58:18 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/28 16:58:18 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/26 10:47:24 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/26 10:47:24 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/24 12:52:29 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 21:57:01 | 000,008,704 | ---- | M] () -- C:\Users\K8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 14:57:25 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/17 13:20:35 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\ASUS WebStorage.lnk
[2012/02/17 03:50:07 | 000,472,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/06 16:16:32 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[1 C:\Users\K8\AppData\Local\*.tmp files -> C:\Users\K8\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 18:57:31 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\qttask.exe
[2011/06/19 13:42:16 | 000,007,604 | ---- | C] () -- C:\Users\K8\AppData\Local\Resmon.ResmonCfg
[2011/06/14 09:52:34 | 000,000,000 | ---- | C] () -- C:\Users\K8\AppData\Local\{F9F8B4B1-2DDA-4F07-98C9-F7E19911AE2F}
[2010/08/28 17:20:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/17 22:17:30 | 000,008,704 | ---- | C] () -- C:\Users\K8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 09:57:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/04/03 09:36:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2012/02/17 11:45:11 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\ASUS WebStorage
[2011/03/12 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/01/01 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\EeeStorageUploader
[2011/02/12 12:31:24 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\OfferBox
[2010/08/17 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\OpenOffice.org
[2011/01/01 14:00:53 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\temp
[2010/09/02 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\Trusteer
[2010/12/24 17:39:45 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\Unity
[2012/03/02 09:06:32 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\uTorrent
[2010/10/28 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\K8\AppData\Roaming\Windows Live Writer
[2011/09/13 13:17:39 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >

#2
RKinner

Posted 07 March 2012 - 02:09 AM

Malware Expert

Expert
24,625 posts

10 hours is about 60 times longer than it should take so there is something very wrong with your PC. I don't see any obvious signs of malware so let's check some other things first.

IF you got an Extras log with OTL please post it.

Uninstall:
uTorrent/BitTorrent

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#3
skgrate

Posted 13 March 2012 - 09:08 AM

Member

Topic Starter
Member
63 posts

Firstly big thankyou

sorry i am late in responding but I did not receive an email saying my post had been replied to
My computer is deteriorating so I checked the site again today and Bingo there you were.
I have done all that you asked but my right click is playing up and cursor porblems interfere with typing I will try and cut and paste all the logs, when i re booted my computer it would not re start for ages I went into safe mode loged out and re started and it seems ok again now.
Ok here goes
I could not copy and past so attatched the files below, I hope you can access them, thanks again
skgrate :rolleyes:

Attached Files

Extras.Txt 44.94KB 160 downloads
K8-PC.txt 190.09KB 276 downloads
VEW.txt 448bytes 155 downloads
2VEW.txt 463bytes 131 downloads
System Idle Process.txt 8.35KB 140 downloads

#4
RKinner

Posted 13 March 2012 - 10:12 AM

Malware Expert

Expert
24,625 posts

Check your email's Spam filter folders for notifications from geekstogo.com. If none then click on where it says "My Settings" up at the top right of this page then on Change Email address and verify that it has the correct email address.

The major visible problem is that Kaspersky has taken over your PC and is using most of your CPU. It may have a reason like an infection but it is hard to tell. Process Explorer claims some key Windows files can not be verified but it might just be it can't get enough CPU time to do the verify process.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).


cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt

attach the file \windows\logs\cbs\junk.txt to your next reply.

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

If SFC and sigverif finish OK then I think you need to uninstall Kaspersky and reinstall. Make sure you save the activation code before uninstalling (http://support.kaspe...e?qid=208279560 ) If SFC does not finish then I would try the Kaspersky Rescue Disk

http://support.kaspe.../?qid=208282173

You can burn it to a CD or USB and then boot from it and it will scan your PC for viruses.
This is a better scan than the Windows based version since it can't be hidden from by rootkits.

#5
skgrate

Posted 16 March 2012 - 03:29 AM

Member

Topic Starter
Member
63 posts

Thankyou I have done as you have requested with a few minor hiccups in that
with the command prompt I got as far as sfc / scannow and it did something but i could not copy or attach or save file, it scanned it and came back with a result of some sort but then I could not enter findstr/c .......
So I did it again but of course it could not find the pathfile specified as it was deleted so I messed this up havent I sorry!!!

So I ran siverif and it ran but there were no drivers with newish dates
but as my right click is not working it is difficult to paste anything but managed eventually with keyboard short cuts here goes
********************************

Microsoft Signature Verification

Log file generated on 14/03/2012 at 18:51
OS Platform: Windows (x64), Version: 6.1, Build: 7601, CSDVersion: Service Pack 1
Scan Results: Total Files: 254, Signed: 254, Unsigned: 0, Not Scanned: 0

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files (x86)\trusteer\rapport\bin\x64]
rapportei64.sys 25/01/2012 None Signed N/A
rapportpg64.sys 25/01/2012 None Signed N/A
[c:\program files\atkgfnex]
asmmap64.sys 24/07/2007 None Signed N/A
[c:\program files\elantech]
etdapi.dll 30/04/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etdapi32.dll 30/04/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etdapix.dll 09/10/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etdcmds.dll 12/08/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etdctrl.exe 30/09/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etdfavorite.dll 08/07/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etdmag.exe 10/03/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etdmcpl.dll 05/10/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etduninst.dll 06/10/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
etduninst.exe 06/10/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
[c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302]
rapportcerberus64_34 15/12/2011 None Signed N/A
[c:\windows]
drvinst.exe 05/06/2009 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
uninstsxga.bat 02/02/2009 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
uninstsxga.reg 21/03/2008 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
uninstuxga.bat 25/06/2008 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
uninstuxga.reg 21/03/2008 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
uninstvga.bat 27/05/2009 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
uninstvga.reg 21/03/2008 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
batt.dll 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
clfs.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
difx64.exe 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
dts2apo.dll 01/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
dts2proppageext.dll 04/03/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
etdui.cpl 30/09/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.ar-sa.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.cs-cz.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.da-dk.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.de-de.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.el-gr.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.en-us.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.es-es.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.fi-fi.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.fr-fr.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.he-il.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.hu-hu.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.it-it.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.ja-jp.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.ko-kr.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.nb-no.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.nl-nl.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.pl-pl.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.pt-br.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.pt-pt.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.ru-ru.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.sk-sk.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.sl-si.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.sv-se.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.th-th.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.tr-tr.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.zh-cn.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxres.zh-tw.resourc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxsrvc.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxui.exe 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
gfxui.exe.config 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
hccutils.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
hpotscl1.dll 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
hpowiav1.dll 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
ig4icd64.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igcompkrng500.bin 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igd10umd64.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igdumd64.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfcg500m.bin 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcoin_v2021.dll 14/12/2009 2:6.0,2:6.1 Signed oem7.CAT Microsoft Windows Hardware Compatibility Publisher
igfxcoin_v2202.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcpl.cpl 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdev.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdevlib.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdo.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxexps.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpph.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrara.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrchs.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcht.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcsy.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdan.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdeu.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrell.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrenu.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxresn.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxress.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfin.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfra.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrheb.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrhun.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrita.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrjpn.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrkor.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnld.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnor.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrplk.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptb.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptg.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrrus.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsky.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrslv.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsve.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtha.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtrk.lrc 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtmm.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igkrng500.bin 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhcp64.dll 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhsip64.dll 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxa64.cpa 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxa64.vp 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxc64.vp 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxg64.vp 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxo64.vp 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxs64.vp 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
nqapo.dll 04/12/2007 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
nqproppageext.dll 04/12/2007 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
streamci.dll 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
viamicarrayapo.dll 19/01/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viamicarrayproppagee 19/01/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viaproppageext.dll 06/07/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
viasysfx.dll 06/07/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32\drivers]
acpi.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
afd.sys 28/12/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2645Microsoft Windows
agilevpn.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
asyncmac.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
atapi.sys 14/07/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-CoMicrosoft Windows
athrx.sys 05/10/2009 2:6.1 Signed athrextx.cat Microsoft Windows Hardware Compatibility Publisher
atk64amd.sys 13/05/2009 2:5.00 Signed atk0100.cat Microsoft Windows Hardware Compatibility Publisher
battc.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
blbdrive.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cdrom.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cmbatt.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
cng.sys 17/11/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2585Microsoft Windows
compbatt.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
compositebus.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
discache.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
disk.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
drmk.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
drmkaud.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
dxgkrnl.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
etd.sys 15/10/2009 2:6.1 Signed etd.cat Microsoft Windows Hardware Compatibility Publisher
fvevol.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-SeMicrosoft Windows
hdaudbus.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
hidclass.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidparse.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
hidusb.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
http.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
hwpolicy.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
i8042prt.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
iastor.sys 06/08/2009 2:5.1 Signed iaahci.cat Microsoft Windows Hardware Compatibility Publisher
igdkmd64.sys 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
intelppm.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kbdclass.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
kbfiltr.sys 20/07/2009 2:6.1 Signed kbfiltr.cat Microsoft Windows Hardware Compatibility Publisher
kl1.sys 09/06/2010 None Signed N/A
kl2.sys 09/06/2010 None Signed N/A
klim6.sys 22/04/2010 2:5.00,2:6.0,2:6.1 Signed klim6.cat Microsoft Windows Hardware Compatibility Publisher
ksecdd.sys 17/11/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2585Microsoft Windows
ksecpkg.sys 17/11/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_3_for_KB2585Microsoft Windows
l1e62x64.sys 23/08/2009 2:6.1 Signed l1e62x64.cat Microsoft Windows Hardware Compatibility Publisher
lltdio.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
monitor.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
mouclass.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mouhid.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mountmgr.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
mpsdrv.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
msahci.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-CoMicrosoft Windows
msisadrv.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mskssrv.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspclock.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
mspqm.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
mssmbios.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
mstee.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndis.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
ndistapi.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
ndisuio.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
ndiswan.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
netbt.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
nsiproxy.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
nwifi.sys 14/07/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-ClMicrosoft Windows
pacer.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
pci.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
pciide.sys 14/07/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-CoMicrosoft Windows
pcw.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
peauth.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
portcls.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
rapportke64.sys 25/01/2012 None Signed N/A
rasl2tp.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
raspppoe.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
raspptp.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
rassstp.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdpcdd.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdpencdd.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
rdprefmp.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
rspndr.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
sermouse.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
sncduvc.sys 05/06/2009 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
snp2uvc.sys 05/06/2009 2:5.1 Signed snp2uvc.cat Microsoft Windows Hardware Compatibility Publisher
swenum.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tcpip.sys 29/09/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2588Microsoft Windows
tcpipreg.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
tdx.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
termdd.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
tunnel.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
umbus.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
usbccgp.sys 25/03/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbd.sys 25/03/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbehci.sys 25/03/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbhub.sys 25/03/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbport.sys 25/03/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
usbprint.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
usbscan.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
usbstor.sys 11/03/2011 2:5.1 Signed Package_1_for_KB9820Microsoft Windows
usbuhci.sys 25/03/2011 2:5.1 Signed Package_1_for_KB2529Microsoft Windows
vdrvroot.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vga.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
viahduaa.sys 09/07/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
volmgr.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
volmgrx.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
volsnap.sys 20/11/2010 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows
vwifibus.sys 14/07/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows
vwififlt.sys 14/07/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-ClMicrosoft Windows
vwifimp.sys 14/07/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-ClMicrosoft Windows
wanarp.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
wdf01000.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
wfplwf.sys 14/07/2009 2:6.1 Signed nt5.cat Microsoft Windows
wudfpf.sys 20/11/2010 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-FoMicrosoft Windows
[c:\windows\system32\srslabs\{176f4e15-8f7c-4833-aded-81fae8ccd186}]
slcshp64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slcsii64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slgeq64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slh36064.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slinit64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slmaxv64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slprop64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slprt000.txt 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
sltshd64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
sltune00.txt 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
sluapo64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slvipp64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
slviq64.dll 12/06/2009 2:6.0 Signed viahduaa.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\syswow64]
ig4icd32.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igcompkrng500.bin 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igd10umd32.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igdumd32.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igdumdx32.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfcg500m.bin 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdv32.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxexps32.dll 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igkrng500.bin 25/08/2010 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhcp32.dll 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhsip32.dll 14/12/2009 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

SO ilooked up keyboard shortcuts and here it is

I have also tried to uninstall kapersky and it says I cannot do it unless logged on as an administrator , but i am logged on as the administrator So it seems very stubbborn, I have created a rescue disk but it just will not do it!
I feel I have not managed the last steps that well I am afraid!!
So Not Sure What to do next really
Again thanks for your time
skgrate

#6
skgrate

Posted 16 March 2012 - 05:57 AM

Member

Topic Starter
Member
63 posts

Well I had one more go at uninstalling it and manged to do it this time I created a rescue disk but it would not boot up from it so I re installed it from the website and used my activation code. I have updated it and will do a full scan which may take a while I am not sure, I will post more when I have completed the scan Thank you
skgrate

#7
skgrate

Posted 18 March 2012 - 08:38 AM

Member

Topic Starter
Member
63 posts

I scanned with the newly downloaded kapersky and the scans came back clear so maybe it is all ok
Certanly a bit better than before.#
should i do anything else, should i downlaod a supplementary programme for bus to run alongside kapersky?
Do I nedd to get rid of the installed programs
do i need to do further clean ups do you think?
Thankyou
skgrate

#8
RKinner

Posted 18 March 2012 - 09:05 AM

Malware Expert

Expert
24,625 posts

For your right click problem - if you go into Control Panel, Mouse, and on the Buttons page, check Switch Primary and Secondary buttons (takes effect immediately) the right button should work as the left button used to. IF it doesn't you have a bad mouse and need to get a new one.

I'm not sure what we did to make it run faster other than reloading Kaspersky. Run a new OTL scan:

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#9
skgrate

Posted 18 March 2012 - 10:32 AM

Member

Topic Starter
Member
63 posts

Hi Thamkyou again
I have done as requested and here goes
Still my right click doesn't work so gone back to on old mouse but still not brilliant
so attached files as could not copy and paste!
cheers
Skgrate

OTL logfile created on: 18/03/2012 16:34:32 - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\K8\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 55.46% Memory free
7.93 Gb Paging File | 5.96 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.24 Gb Total Space | 158.60 Gb Free Space | 72.67% Space Free | Partition Type: NTFS
Drive D: | 931.28 Gb Total Space | 640.86 Gb Free Space | 68.81% Space Free | Partition Type: FAT32

Computer Name: K8-PC | User Name: K8 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 13:48:36 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/01 14:03:12 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\K8\Desktop\OTL.scr
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/04/03 09:59:47 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/16 18:52:14 | 000,331,776 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2009/08/20 04:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 17:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 22:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/07/31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/24 20:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 04:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 19:05:28 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/05/09 13:26:40 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/05/09 13:26:39 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/01/05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/09/23 19:07:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2007/11/30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010/08/17 11:19:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/16 12:26:56 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/11 13:48:52 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/03 09:56:39 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/10/15 10:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/05 02:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/23 06:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/09 09:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 20:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 19:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/03/11 13:48:52 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/03/11 13:48:52 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/15 18:14:59 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3106575
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {5c4cae29-c754-4ca3-89e1-90b82459159a} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PCHelpSoft Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PCHelpSoft Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\K8\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/03/16 12:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/03/16 12:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 11:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 18:10:56 | 000,000,000 | ---D | M]

[2011/10/01 14:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K8\AppData\Roaming\Mozilla\Extensions
[2012/02/22 13:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\K8\AppData\Roaming\Mozilla\Firefox\Profiles\i2wpgulv.default\extensions
[2012/01/03 09:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/17 15:45:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\K8\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I2WPGULV.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012/02/18 11:56:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/18 11:56:48 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/18 11:56:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/18 11:56:48 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/18 11:56:48 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/18 11:56:48 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\K8\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\K8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\K8\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\K8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\K8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\K8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E37BB2D-FB3D-4A20-B70F-7BC05F2098DB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/26 17:15:22 | 000,000,191 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 10:08:30 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{45328B92-5D19-4901-A987-8B3869C5BB5A}
[2012/03/18 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{30BAA037-4DCC-46FB-A28F-5852D564DE29}
[2012/03/17 08:47:37 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{93C2B1BD-5F51-47E9-937E-A216FBCEAFF0}
[2012/03/17 08:47:00 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{AAEAEBC4-6B4F-4287-AAC3-56ADF50603E7}
[2012/03/16 12:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/03/16 12:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/03/16 12:26:56 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/03/16 10:31:17 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C229B0BE-9081-4652-AFDC-E7778FD66603}
[2012/03/16 10:31:07 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{9E3D8A1D-46DB-4FAE-97E5-CE356F25001C}
[2012/03/15 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{53661C84-7290-4396-BE67-31AA7EC46819}
[2012/03/15 22:05:55 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A2ED6E2C-C0C2-4043-9187-785D13FDE8B4}
[2012/03/15 09:50:27 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{624353B2-5734-43E8-A93A-57B8CDBA699E}
[2012/03/15 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C2BD0EB5-5983-4C4F-8545-E68E79FD792F}
[2012/03/15 03:11:54 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 03:11:52 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 03:11:51 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{3F217796-F4D3-4066-9C35-144A6B16FC3C}
[2012/03/14 21:48:51 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{AB107ACF-5ECB-4F1E-A4A4-5B3D3E6AB375}
[2012/03/14 11:26:35 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 11:24:41 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 11:24:41 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 11:24:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 11:24:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 11:24:35 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 09:48:08 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{79D60596-BF1D-42EE-98D7-F62041B1D578}
[2012/03/14 09:47:40 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{8D10318C-E8BF-476E-91A2-C8085ACAAC4B}
[2012/03/13 21:44:51 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{28714074-EE03-487B-A3C5-D5BE41DF692D}
[2012/03/13 21:44:25 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{0C107030-0B2C-4CCA-A4CB-BCDE17569C72}
[2012/03/13 15:28:18 | 000,061,440 | ---- | C] ( ) -- C:\Users\K8\Desktop\VEW.exe
[2012/03/13 13:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/03/13 13:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/03/13 13:16:09 | 004,485,448 | ---- | C] (Piriform Ltd) -- C:\Users\K8\Desktop\spsetup116.exe
[2012/03/13 12:59:21 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\K8\Desktop\procexp.exe
[2012/03/13 09:43:49 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A5A73FD4-1C01-4EDC-99EA-2B4B0AC905F4}
[2012/03/13 09:43:24 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{79F643F5-8168-4E44-A7E6-1F4A60AB322E}
[2012/03/12 21:43:05 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{B2A8EE76-3348-4C01-9F04-7DA9BF4ABA01}
[2012/03/12 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{BAC7D8A9-030E-4456-89FD-4CFA01921E59}
[2012/03/12 09:42:05 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{7FA454E0-DDC9-47D7-8DA9-88E568784BDC}
[2012/03/12 09:41:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{83930FD9-C1E1-4A07-AC11-416A5FEF9757}
[2012/03/11 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{462ADF03-7BED-4B88-A7E7-32AE32BA7831}
[2012/03/11 01:51:34 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{8D690F07-4C46-43F0-9979-2A99EC0C1777}
[2012/03/10 09:45:25 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{7FDD9154-D62A-442B-ABE4-6FB5F896E3BA}
[2012/03/10 09:44:50 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{4FD78E65-35D1-4CF2-A533-9A14ED4D19E6}
[2012/03/09 14:25:48 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{280FF1FA-9B39-4F08-8C3C-8BF032BE9935}
[2012/03/09 14:25:25 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{9E0F7CB8-AEA1-45FA-B202-76F8FCB9205A}
[2012/03/09 02:26:04 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{48619239-3BEE-4CE4-A782-8BB941F7E335}
[2012/03/08 12:30:01 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{AD38CA3E-A8F6-4AC8-A1F1-39FE009A4441}
[2012/03/08 12:29:38 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{8A81816F-7119-4C4D-95F5-7D0FAF6A27A9}
[2012/03/08 00:47:22 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A6DD8305-5E46-4AAD-9E3B-6628AB5ABD01}
[2012/03/07 09:18:22 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{813B4952-1D71-49A1-A8CF-DC9ACF7489BA}
[2012/03/07 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{D6F62A6E-8D26-44D0-A6DD-5100408BADA0}
[2012/03/06 09:16:19 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{1272CA7D-71EF-476E-B8C0-0316E9F11A71}
[2012/03/06 09:15:50 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{0F60E7CC-02BA-4891-9FAE-9C4F8185326A}
[2012/03/05 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A49B708A-0535-4D65-8D0E-9B205EC910AF}
[2012/03/05 20:57:46 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{2A4052F0-9D68-4948-B4D8-C62E3B6C8DE5}
[2012/03/05 08:56:24 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{24D32D5A-532A-4911-8BB0-00ABCABED92E}
[2012/03/05 08:56:03 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{FA661A30-AB71-4658-B24D-E5DFD51ABB97}
[2012/03/04 17:53:38 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E0950AB2-6C74-4310-9187-E48AAA0AB36A}
[2012/03/04 17:53:20 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{67266656-D1FC-4241-949E-E30875E7F061}
[2012/03/03 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{736C2485-DBA6-4CBB-B00B-7C83BAB14B6E}
[2012/03/03 22:50:21 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{0E41A23D-D29C-41C9-A244-0FABDA5EFFE8}
[2012/03/03 10:19:17 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{3971B66B-816A-44E5-8A94-96F16DF778BC}
[2012/03/03 10:18:03 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{563C49D5-B08E-4CD0-A10D-090E3CD7C6BB}
[2012/03/02 08:53:27 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{ED4C9CE2-A130-4858-82B4-8C230949B487}
[2012/03/02 08:52:53 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C7B769A3-AF5E-4A7A-90D4-27B813AB138C}
[2012/03/01 14:03:01 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\K8\Desktop\OTL.scr
[2012/03/01 09:36:58 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A5733EE5-1C10-4F69-9918-C149C1B8BAAC}
[2012/03/01 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F7B170F8-7474-422F-8F09-4A388EE2BE0B}
[2012/02/29 09:29:29 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{AFB6F932-CADA-45AD-B731-660BA2C82485}
[2012/02/29 09:28:57 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{376C65B8-84C8-412F-9B6A-D15F2036BA3B}
[2012/02/28 12:25:36 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{05B52EC0-E401-4CAD-866D-0DC26D219AB4}
[2012/02/28 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{9076989A-3E6E-4F0D-A3B1-838727281789}
[2012/02/27 21:53:19 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{6F680A32-C17D-45DE-9489-1411E73FB8CA}
[2012/02/27 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{6BCDC0EE-C602-40E8-8002-4FA513AAAFCD}
[2012/02/27 09:51:56 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F0F1467F-AEC5-4E91-BAFA-936C796D30A0}
[2012/02/27 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{56EE7F7B-891C-4671-BE21-189B3483E659}
[2012/02/26 10:42:41 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{29FBB378-DC9D-445F-8317-8E1BE49EBF74}
[2012/02/25 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E883E01E-2F01-47B3-BCAF-A0E0F22A47B0}
[2012/02/25 14:14:31 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{FA8FFF6E-2FE9-4F4A-A0E3-4E896FB03B0B}
[2012/02/25 09:45:17 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{203EF71A-031D-4E64-9EA5-93CBFF72DDE3}
[2012/02/25 02:14:37 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C30D40DC-F854-4EE8-BE11-554019DDCFD4}
[2012/02/24 11:03:15 | 000,000,000 | ---D | C] -- C:\Users\K8\Documents\cc Registry backups
[2012/02/24 09:20:51 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{9A830147-6413-4E9B-AB6F-7C90C77CA722}
[2012/02/24 09:20:26 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5E8A8042-B900-439C-B229-E1E4B8DA92F5}
[2012/02/23 21:20:03 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E6C5982D-46B9-4C36-8A7A-C80E16BF73E6}
[2012/02/23 21:19:40 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{926F2B66-5881-4326-BDB4-1F2219049B99}
[2012/02/23 09:17:45 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5EC60E84-0F03-4ADD-BFFF-90A70A00311B}
[2012/02/23 09:17:10 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{2FF3368A-5B79-4944-B692-B5AD07E224E7}
[2012/02/22 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{06324FC1-78C7-4AE9-8ECE-5A18416D6A92}
[2012/02/22 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{28C25BD2-3D0C-48B5-9D50-B98E39357E26}
[2012/02/21 23:32:05 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{2ACA339A-BFAB-4759-B413-8990ACF85025}
[2012/02/21 23:31:33 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{ADFFA814-0FFA-4419-A526-45C30506CF40}
[2012/02/21 08:42:06 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{A28E5FE9-222F-4E38-906F-2363F213E406}
[2012/02/21 08:41:37 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{5F259D83-3159-4451-BB70-1942B3A0F49E}
[2012/02/20 18:35:21 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{1201B7A6-06A4-4FCA-B484-2C6875CFB311}
[2012/02/20 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{2BB84090-F544-4B61-B31C-9DCF3E59A9A6}
[2012/02/20 05:33:48 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C2EB7565-B23A-44AE-9516-0761A0607842}
[2012/02/20 05:33:35 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{F766D916-F6C2-4D3C-A83A-4017ED07F7E1}
[2012/02/19 17:33:08 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{147D87E6-243D-402C-A3F7-3FEBCC1C0185}
[2012/02/19 17:32:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E06859C3-547D-4346-B1CB-A5C20FFE82EA}
[2012/02/18 16:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HardwareHelper
[2012/02/18 16:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/02/18 16:04:56 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\Conduit
[2012/02/18 11:54:04 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{E6EE3545-2A32-4A5B-BBAF-8AFF4840F2E7}
[2012/02/18 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\K8\AppData\Local\{C7416BB4-44F4-4C4A-A233-484A79354DF1}
[2012/02/17 20:46:13 | 000,000,000 | ---D | C] -- C:\Users\K8\Documents\manuals
[2009/04/08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/08/12 05:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[2008/05/22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[1 C:\Users\K8\AppData\Local\*.tmp files -> C:\Users\K8\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/18 16:30:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/18 16:20:16 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/03/18 16:20:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/18 13:30:02 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/18 11:50:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 11:50:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 11:00:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/18 10:17:20 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/16 16:01:11 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/16 16:01:11 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/16 16:01:11 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/16 12:44:22 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/03/16 12:44:22 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/03/16 12:31:54 | 000,017,408 | ---- | M] () -- C:\Users\K8\AppData\Local\WebpageIcons.db
[2012/03/16 12:26:56 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/03/15 03:33:08 | 000,472,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/13 15:28:21 | 000,061,440 | ---- | M] ( ) -- C:\Users\K8\Desktop\VEW.exe
[2012/03/13 13:20:00 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/13 13:16:51 | 004,485,448 | ---- | M] (Piriform Ltd) -- C:\Users\K8\Desktop\spsetup116.exe
[2012/03/13 13:00:06 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\K8\Desktop\procexp.exe
[2012/03/11 13:48:52 | 000,063,760 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/03/05 14:42:18 | 000,014,557 | ---- | M] () -- C:\Users\K8\Documents\borocs%20facturesept2011.rtf_0.odt
[2012/03/03 15:55:23 | 000,050,542 | ---- | M] () -- C:\Users\K8\Desktop\Accounts KATE2011.ods
[2012/03/01 14:03:12 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\K8\Desktop\OTL.scr
[2012/02/18 21:57:01 | 000,008,704 | ---- | M] () -- C:\Users\K8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 14:57:25 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Users\K8\AppData\Local\*.tmp files -> C:\Users\K8\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/16 12:31:54 | 000,017,408 | ---- | C] () -- C:\Users\K8\AppData\Local\WebpageIcons.db
[2012/03/16 12:29:30 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/03/16 12:29:30 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/03/13 13:20:00 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/05 14:44:57 | 000,014,557 | ---- | C] () -- C:\Users\K8\Documents\borocs%20facturesept2011.rtf_0.odt
[2011/12/09 18:57:31 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\qttask.exe
[2011/06/19 13:42:16 | 000,007,604 | ---- | C] () -- C:\Users\K8\AppData\Local\Resmon.ResmonCfg
[2011/06/14 09:52:34 | 000,000,000 | ---- | C] () -- C:\Users\K8\AppData\Local\{F9F8B4B1-2DDA-4F07-98C9-F7E19911AE2F}
[2010/08/28 17:20:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/17 22:17:30 | 000,008,704 | ---- | C] () -- C:\Users\K8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/03 09:57:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010/04/03 09:36:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >

Attached Files

2OTL.Txt 100.74KB 103 downloads
2Extras.Txt 55.89KB 123 downloads
3vew.txt 448bytes 131 downloads
4VEW.txt 463bytes 121 downloads

#10
RKinner

Posted 18 March 2012 - 12:33 PM

Malware Expert

Expert
24,625 posts

Uninstall

Java 22 - obsolete and you have a newer version
Speccy - we don't need it any more

Delete the ZooskMessenger.lnk file at:
O4 - Startup: C:\Users\K8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if right click works better.

Also please run Process Explorer as before and post the log.

Ron

PS Leaving tomorrow for a 4 day trip. Will take my netbook but don't know for sure if we will have web access or not so expect delays.

#11
skgrate

Posted 19 March 2012 - 03:28 AM

Member

Topic Starter
Member
63 posts

HI Thank you again, I have done as requested and here is the process explorer log,
Hope you have a nice 4 days and enjoy I can wait till you get back forget about it until then, Hope you are doing something nice
skgrate

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 43.54 0 K 24 K
procexp64.exe 4800 25.21 21,124 K 40,068 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
RapportService.exe 3132 24.42 23,464 K 24,024 K
avp.exe 1744 4.38 168,148 K 32,984 K Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
dwm.exe 3024 1.64 54,840 K 34,972 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 1.58 0 K 0 K Hardware Interrupts and DPCs
avp.exe 1792 1.33 33,480 K 4,588 K Kaspersky Anti-Virus Kaspersky Lab ZAO (Verified) Kaspersky Lab
csrss.exe 548 0.84 2,692 K 24,788 K
System 4 1.21 176 K 888 K
ACDaemon.exe 1588 0.72 2,228 K 6,616 K ArcSoft Connect Daemon ArcSoft Inc. (Verified) ArcSoft, Inc.
RapportMgmtService.exe 908 0.58 13,752 K 17,700 K RapportMgmtService Trusteer Ltd. (Verified) Trusteer
wmpnetwk.exe 868 0.43 31,348 K 14,460 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
wlmail.exe 4204 0.26 205,304 K 210,804 K Windows Live Mail Microsoft Corporation (Verified) Microsoft Corporation
explorer.exe 924 0.24 25,664 K 47,660 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
FBAgent.exe 1340 0.22 32,100 K 38,488 K ASUS FastBoot ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
CLMLSvc.exe 4828 0.16 3,464 K 8,436 K CyberLink MediaLibray Service CyberLink (Verified) CyberLink
svchost.exe 1828 0.15 7,996 K 33,172 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 632 0.15 2,636 K 4,428 K
svchost.exe 1220 0.11 13,484 K 14,568 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
VDeck.exe 3752 0.07 10,052 K 28,420 K VIA HD Audio CPL VIA (Unable to verify) VIA
svchost.exe 496 0.06 106,152 K 115,340 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ETDCtrl.exe 3652 0.06 3,152 K 8,168 K ETD Control Center ELAN Microelectronic Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
services.exe 584 0.05 5,640 K 10,480 K
wlcomm.exe 396 0.04 14,708 K 21,564 K Windows Live Communications Platform Microsoft Corporation (Verified) Microsoft Corporation
BatteryLife.exe 2748 0.04 2,568 K 528 K
svchost.exe 432 0.04 25,212 K 41,168 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 3964 0.04 14,080 K 34,864 K Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1068 0.04 9,104 K 16,712 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 624 0.03 5,648 K 13,564 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
wcourier.exe 2752 0.03 2,808 K 1,228 K
svchost.exe 768 0.02 4,104 K 9,096 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ACMON.exe 3164 0.02 2,352 K 528 K
SearchIndexer.exe 1620 0.01 52,932 K 50,248 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
uBBMonitor.exe 3740 0.01 3,924 K 8,720 K BBMonitor ArcSoft, Inc. (Unable to verify) ArcSoft, Inc.
WLIDSVC.EXE 1972 0.01 6,000 K 13,468 K
SearchProtocolHost.exe 4848 0.01 1,968 K 5,120 K
AsScrPro.exe 3360 0.01 1,364 K 5,528 K AsScrPro ASUS (Verified) ASUSTeK Computer Inc.
csrss.exe 472 < 0.01 2,168 K 4,440 K
HControl.exe 3512 < 0.01 6,200 K 7,436 K
soffice.bin 2900 < 0.01 15,652 K 44,484 K OpenOffice.org 3.3 OpenOffice.org (Unable to verify) OpenOffice.org
WmiPrvSE.exe 2328 3,368 K 7,616 K
WLIDSVCM.EXE 2060 1,220 K 3,212 K
winlogon.exe 640 2,860 K 7,000 K
wininit.exe 528 1,464 K 4,472 K
WDC.exe 3940 1,320 K 5,276 K
taskhost.exe 1236 4,152 K 10,452 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1316 2,636 K 6,596 K
svchost.exe 4188 10,400 K 13,476 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1400 35,752 K 24,556 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 368 23,516 K 27,268 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 848 4,548 K 8,608 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1568 14,648 K 14,896 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2684 2,268 K 5,764 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3808 1,608 K 4,220 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SRSPremiumPanel_64.exe 2508 15,128 K 18,484 K SRS Premium Panel SRS Labs, Inc. (Verified) SRS Labs, Inc
spoolsv.exe 1504 6,804 K 12,584 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
soffice.exe 4092 1,032 K 3,336 K OpenOffice.org 3.3 OpenOffice.org (Unable to verify) OpenOffice.org
smss.exe 388 440 K 1,100 K
sensorsrv.exe 3276 1,428 K 528 K
SearchFilterHost.exe 988 1,880 K 4,884 K
procexp.exe 1764 1,868 K 6,508 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
KBFiltr.exe 3620 1,040 K 4,000 K
igfxtray.exe 3764 2,260 K 6,300 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 3900 2,524 K 8,300 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 3828 2,900 K 9,684 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
HControlUser.exe 3928 856 K 3,356 K HControlUser ASUS (Verified) ASUSTeK Computer Inc.
GFNEXSrv.exe 1392 936 K 3,276 K GFNEXSrv
DMedia.exe 3532 1,000 K 4,032 K ATK Media ASUS (Verified) ASUSTeK Computer Inc.
dllhost.exe 4892 2,416 K 6,804 K
ControlDeckStartUp.exe 3332 940 K 528 K
Atouch64.exe 3580 1,424 K 5,460 K
ATKOSD2.exe 3092 1,256 K 5,068 K ATKOSD2 ASUS (Verified) ASUSTeK Computer Inc.
ATKOSD.exe 3120 852 K 5,760 K
ASPG.exe 1876 1,508 K 528 K
AsLdrSrv.exe 1368 1,152 K 3,928 K ASLDR Service ASUS (Verified) ASUSTeK Computer Inc.
armsvc.exe 1720 1,160 K 3,832 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
AmIcoSinglun64.exe 3712 1,864 K 6,140 K Single LUN Icon Utility for VID 058F PID 6366 AlcorMicro Co., Ltd. (Unable to verify) AlcorMicro Co., Ltd.
ALU.exe 3220 2,248 K 4,056 K
ADSMTray.exe 4988 1,220 K 5,180 K ADSMTray ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
ADSMSrv.exe 4700 1,092 K 3,860 K
ACService.exe 1672 1,156 K 3,764 K ArcSoft Connect Service ArcSoft Inc. (Verified) ArcSoft, Inc.
ACEngSvr.exe 3684 2,176 K 5,680 K

AGAIN right click no good god knows whats going on, Have a nice time anyhow I can live without right click for a bit
cheers
skgrate