as93

yeah, been working all day since and got no time to update this anyways computer is running faster for sure, freezes maybe like once every few days which is a lot better than before, thanks brahs

with what?

All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\ARSH\Desktop\cmd.bat deleted successfully. C:\Users\ARSH\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: ARSH ->Temp folder emptied: 48335556 bytes ->Temporary Internet Files folder emptied: 1072657 bytes ->Java cache emptied: 97128745 bytes ->FireFox cache emptied: 1142415912 bytes ->Google Chrome cache emptied: 393014468 bytes ->Flash cache emptied: 30249 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3346596 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50397 bytes RecycleBin emptied: 108638663 bytes Total Files Cleaned = 1,711.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.0 log created on 07142012_182407 Files\Folders moved on Reboot... C:\Users\ARSH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\ARSH\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...

i quick scanned otl only one notepad thing opened. the extras.txt one didnt OTL logfile created on: 7/13/2012 11:18:46 PM - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\ARSH\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.80 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 65.33% Memory free 7.60 Gb Paging File | 5.29 Gb Available in Paging File | 69.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 281.58 Gb Total Space | 205.66 Gb Free Space | 73.04% Space Free | Partition Type: NTFS Drive D: | 16.21 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS Computer Name: ARSH-HP | User Name: ARSH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/13 23:14:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe PRC - [2012/06/13 19:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\ARSH\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe PRC - [2011/04/25 00:12:42 | 000,197,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbws.exe PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010/08/31 21:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ARSH\Local Settings\Apps\F.lux\flux.exe ========== Modules (No Company Name) ========== MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll MOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ARSH\Local Settings\Apps\F.lux\flux.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/17 01:53:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/20 19:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012/05/20 19:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/20 15:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011/03/30 18:45:23 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011/02/13 11:55:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/05 12:57:18 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2007/06/28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64) DRV:64bit: - [2007/06/28 12:46:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64) DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342} IE:64bit: - HKLM\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4 IE - HKLM\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342} IE - HKLM\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342} IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.ca" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8 FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ARSH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/03 13:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/05/03 13:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 01:53:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 14:42:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 01:53:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 14:42:56 | 000,000,000 | ---D | M] [2010/12/26 16:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Extensions [2012/07/04 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions [2012/03/29 19:41:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/05/20 12:26:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/06/26 22:55:02 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\FasterFox_Lite@BigRedBrent [2011/05/06 16:16:27 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\tineye@ideeinc.com [2011/12/27 00:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/19 22:40:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/12/26 20:52:06 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012/07/04 21:14:44 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\ARSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VEWC7UE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/11/23 15:31:02 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\ARSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VEWC7UE.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI [2012/06/17 01:53:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/01/15 16:25:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/01/15 16:25:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://google.ca/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://google.ca/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ARSH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Angry Birds = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Kaspersky URL Advisor = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: The Champions 3D = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagfaoglpicblgbdiflhhgibpmknpga\2.8.6_0\ CHR - Extension: Virtual Keyboard = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Anti-Banner = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2012/05/17 12:29:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\Run: [F.lux] C:\Users\ARSH\Local Settings\Apps\F.lux\flux.exe () O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\Run: [Facebook Update] C:\Users\ARSH\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ARSH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 64.59.144.19 64.59.150.135 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12ECA67A-87FE-4C4F-8044-481E66C95625}: DhcpNameServer = 192.168.1.1 64.59.144.19 64.59.150.135 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/13 23:13:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe [2012/07/11 12:25:42 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{E0C1D213-68B6-454C-9D17-07EAC816F8AD} [2012/07/11 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{17EC516B-D92D-4B6C-BA00-56961D737026} [2012/07/10 23:57:01 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux [2012/07/10 23:56:58 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\Apps [2012/07/10 17:45:53 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{D2752F5C-1B86-4752-9FC8-475BB80F0A78} [2012/07/10 17:44:24 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{F39C2D4F-6257-42A8-8D0A-C3F8097D0B05} [2012/07/10 17:42:47 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{BB04CC52-3722-4CF6-B467-CAB04A8284D8} [2012/07/10 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{4E0606F8-0F90-45CB-92A8-83AD8DF3DFD8} [2012/07/08 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{8AF3B168-EA08-4C03-9DD6-3575A3C584FD} [2012/07/08 16:10:52 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{E470499B-08B6-4888-8D11-43D906550D9E} [2012/07/08 16:10:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ARSH\Desktop\aswMBR.exe [2012/07/07 12:44:08 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{B4FA0685-2A71-46FB-9DFF-D223A3160A33} [2012/07/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{A5136444-6FB4-45EB-9A55-35D3CAD89017} [2012/07/02 23:45:20 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9CB7E8C2-3FB8-4E0F-B42C-462821B6AF56} [2012/07/02 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{BF6F3D72-150A-4518-97BE-9EFC61B10D9C} [2012/06/30 16:50:34 | 000,000,000 | ---D | C] -- C:\Users\ARSH\Documents\EpicBot [2012/06/29 14:25:29 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\EpicBot [2012/06/29 14:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot [2012/06/29 14:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpicBot [2012/06/27 23:13:12 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{2100597C-3481-4A11-8445-D7C3EF65DE4B} [2012/06/27 23:12:54 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9396706C-6F52-4BF4-89B2-0A66695F030D} [2012/06/23 23:09:57 | 000,000,000 | R--D | C] -- C:\Users\ARSH\Dropbox [2012/06/23 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012/06/23 23:02:43 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Dropbox [2012/06/23 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\ARSH\jagexcache2 [2012/06/23 17:10:55 | 000,000,000 | ---D | C] -- C:\Users\ARSH\jagexcache1 [2012/06/23 16:12:59 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape [2012/06/23 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\ARSH\jagexcache [2012/06/22 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{869EA663-EB4E-4DD5-95D8-62AC7B3AF523} [2012/06/22 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{EEAEC77B-F42A-4DF9-85DB-703EFB403514} [2012/06/22 22:29:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/06/21 21:11:12 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{1F95DD5B-0612-4B11-96F3-5E814A6FD2B7} [2012/06/21 19:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/06/21 19:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/06/21 19:48:28 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{45A37833-6E81-4895-B09F-E6D02DFB900F} [2012/06/21 19:47:03 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9A9BC192-B31D-45FF-99D4-9F16935EE826} [2012/06/21 13:19:57 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{374FDC5F-5FB3-46BE-BA51-4C207BFD2F05} [2012/06/21 13:19:04 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{8790C494-A925-4589-B433-6CB2A0A87255} [2012/06/20 21:21:06 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{6CE9EACE-A8E2-42EA-893A-6DB1C5707A95} [2012/06/20 21:20:37 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{80BBE79C-327C-48D4-873F-A2DB4F093256} [2012/06/20 20:24:14 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{12E6AB38-8128-48C6-BA99-8E226BEADA9B} [2012/06/20 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{7FF6835E-3D3A-44F5-9BB1-1D0007995B44} [2012/06/20 12:29:30 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{C2E50F82-8FC5-4CAF-A63F-04F6EC587E26} [2012/06/20 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9BCDB067-7034-4261-B6D0-A4DFAFF405FB} [2012/06/20 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{227D225E-D4CE-4605-BD08-DCCC45835FED} [2012/06/20 00:08:38 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{1082E08A-770B-427D-8ED5-45436CF401C4} [2012/06/19 22:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/06/19 22:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/06/19 22:36:30 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{54D5CB23-7FF5-48E6-9ACF-85561C028D24} [2012/06/17 01:52:12 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{B464F029-14E9-4544-B199-916C9EAB93A9} [2012/06/16 11:56:01 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{CDBB5CC1-25B7-434D-98A0-C2F6962934E4} [2011/08/16 19:08:54 | 563,640,952 | ---- | C] (Z8Games.com ) -- C:\Users\ARSH\CrossFire_Setup_v1071.exe ========== Files - Modified Within 30 Days ========== [2012/07/13 23:18:43 | 000,000,024 | ---- | M] () -- C:\Users\ARSH\random.dat [2012/07/13 23:18:42 | 000,000,024 | ---- | M] () -- C:\Users\ARSH\jagexappletviewer.preferences [2012/07/13 23:15:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job [2012/07/13 23:14:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe [2012/07/13 23:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job [2012/07/13 22:12:48 | 000,000,043 | ---- | M] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE.dat [2012/07/13 22:12:23 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job [2012/07/13 22:12:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/13 14:18:16 | 000,080,384 | ---- | M] () -- C:\Users\ARSH\Desktop\MBRCheck.exe [2012/07/13 12:02:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job [2012/07/11 11:31:07 | 000,002,391 | ---- | M] () -- C:\Users\ARSH\Desktop\Google Chrome.lnk [2012/07/10 19:09:48 | 000,000,512 | ---- | M] () -- C:\Users\ARSH\Desktop\MBR.dat [2012/07/10 18:11:47 | 000,559,424 | ---- | M] () -- C:\Users\ARSH\Desktop\flux-setup.exe [2012/07/10 17:31:49 | 005,394,081 | ---- | M] () -- C:\Users\ARSH\Desktop\Bhai Jasbir Singh Poanta Sahib Wale.mp3 [2012/07/09 22:30:21 | 002,880,470 | ---- | M] () -- C:\Users\ARSH\Desktop\Batman Instrumental Beat.mp3 [2012/07/09 10:31:10 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForARSH.job [2012/07/08 16:11:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ARSH\Desktop\aswMBR.exe [2012/07/05 14:19:20 | 000,000,044 | ---- | M] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE1.dat [2012/07/05 12:33:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/05 12:33:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/01 14:52:08 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2012/06/29 14:25:12 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\EpicBot.lnk [2012/06/23 23:09:57 | 000,001,037 | ---- | M] () -- C:\Users\ARSH\Desktop\Dropbox.lnk [2012/06/23 23:05:37 | 000,001,047 | ---- | M] () -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/23 21:46:56 | 000,000,129 | ---- | M] () -- C:\Users\ARSH\jagex_runescape_preferences2.dat [2012/06/23 21:45:52 | 000,000,046 | ---- | M] () -- C:\Users\ARSH\jagex_runescape_preferences.dat [2012/06/23 21:45:51 | 000,000,044 | ---- | M] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE2.dat [2012/06/23 17:10:03 | 000,725,696 | ---- | M] () -- C:\Users\ARSH\Desktop\RSBot-4018.jar [2012/06/23 16:12:59 | 000,002,046 | ---- | M] () -- C:\Users\ARSH\Desktop\RuneScape.lnk [2012/06/20 18:41:36 | 000,007,623 | ---- | M] () -- C:\Users\ARSH\AppData\Local\resmon.resmoncfg [2012/06/19 22:39:17 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/06/16 20:55:12 | 000,493,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/16 12:18:30 | 000,791,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/16 12:18:30 | 000,656,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/16 12:18:30 | 000,123,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2012/07/13 14:18:13 | 000,080,384 | ---- | C] () -- C:\Users\ARSH\Desktop\MBRCheck.exe [2012/07/10 18:11:43 | 000,559,424 | ---- | C] () -- C:\Users\ARSH\Desktop\flux-setup.exe [2012/07/10 17:31:32 | 005,394,081 | ---- | C] () -- C:\Users\ARSH\Desktop\Bhai Jasbir Singh Poanta Sahib Wale.mp3 [2012/07/09 22:30:08 | 002,880,470 | ---- | C] () -- C:\Users\ARSH\Desktop\Batman Instrumental Beat.mp3 [2012/07/08 16:21:32 | 000,000,512 | ---- | C] () -- C:\Users\ARSH\Desktop\MBR.dat [2012/06/29 14:25:12 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\EpicBot.lnk [2012/06/23 23:09:57 | 000,001,037 | ---- | C] () -- C:\Users\ARSH\Desktop\Dropbox.lnk [2012/06/23 23:05:37 | 000,001,047 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/23 21:45:51 | 000,000,044 | ---- | C] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE2.dat [2012/06/23 17:10:55 | 000,000,044 | ---- | C] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE1.dat [2012/06/23 17:10:27 | 000,725,696 | ---- | C] () -- C:\Users\ARSH\Desktop\RSBot-4018.jar [2012/06/23 16:14:21 | 000,000,024 | ---- | C] () -- C:\Users\ARSH\jagexappletviewer.preferences [2012/06/23 16:12:59 | 000,002,076 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk [2012/06/23 16:12:59 | 000,002,046 | ---- | C] () -- C:\Users\ARSH\Desktop\RuneScape.lnk [2012/06/19 22:39:17 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/05/17 12:13:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/17 12:13:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/17 12:13:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/17 12:13:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/17 12:13:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/02 21:07:00 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011/12/26 20:53:07 | 000,017,408 | ---- | C] () -- C:\Users\ARSH\AppData\Local\WebpageIcons.db [2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011/11/19 16:37:45 | 000,000,024 | ---- | C] () -- C:\Users\ARSH\random.dat [2011/11/16 21:55:30 | 000,771,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/25 12:44:47 | 000,000,043 | ---- | C] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE.dat [2011/09/12 18:02:11 | 000,000,300 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\RSBuddy_tylerty97821.ini [2011/08/16 22:03:11 | 000,001,092 | ---- | C] () -- C:\Users\ARSH\My Documents - Shortcut.lnk [2011/08/06 23:17:51 | 000,007,623 | ---- | C] () -- C:\Users\ARSH\AppData\Local\resmon.resmoncfg [2011/07/16 19:01:48 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll [2011/07/16 19:01:48 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini [2011/07/11 21:18:56 | 000,009,728 | ---- | C] () -- C:\Users\ARSH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/04 19:36:05 | 001,332,295 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\UserTile.png [2011/04/16 18:47:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/04/08 23:33:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/04/08 23:33:11 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/03/19 13:48:43 | 000,000,600 | ---- | C] () -- C:\Users\ARSH\AppData\Local\PUTTY.RND [2011/03/18 21:33:08 | 000,000,129 | ---- | C] () -- C:\Users\ARSH\jagex_runescape_preferences2.dat [2011/03/18 21:03:42 | 000,000,474 | ---- | C] () -- C:\Windows\eReg.dat [2011/03/15 19:29:27 | 000,000,036 | ---- | C] () -- C:\Users\ARSH\AppData\Local\housecall.guid.cache [2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/02/07 11:33:57 | 000,001,854 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\GhostObjGAFix.xml [2011/02/06 18:37:23 | 000,000,135 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\RSBot_Accounts.ini [2010/12/31 17:32:06 | 000,000,000 | ---- | C] () -- C:\Users\ARSH\jagex__preferences3.dat [2010/12/26 17:19:00 | 000,000,046 | ---- | C] () -- C:\Users\ARSH\jagex_runescape_preferences.dat [2010/09/20 01:38:20 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010/09/20 01:33:30 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010/09/20 01:33:30 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin ========== LOP Check ========== [2011/01/23 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\.jagex_cache_22 [2011/06/11 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\2K Sports [2011/07/17 15:20:59 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Audacity [2010/12/28 23:49:06 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\BatteryCare [2011/07/12 16:15:31 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 [2012/07/10 17:42:59 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Dropbox [2012/06/29 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\EpicBot [2011/05/01 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\GrabPro [2011/11/29 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ImgBurn [2011/07/31 00:05:14 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\IObit [2011/03/17 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Leadertech [2012/03/08 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ManyCam [2011/04/06 21:05:33 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\My Games [2011/05/01 12:00:08 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Orbit [2011/06/22 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Pokemon Lab [2011/07/26 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\proDAD [2011/05/01 11:49:04 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ProgSense [2011/06/11 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\QuickScan [2012/06/12 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Samsung [2011/08/16 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\SystemRequirementsLab [2011/08/14 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\TeamViewer [2012/06/12 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Temp [2011/03/31 22:47:29 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\The Creative Assembly [2011/10/18 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011/07/13 16:01:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Windows Live Writer [2012/07/13 22:12:23 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job [2012/07/13 23:15:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job [2012/03/26 10:17:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >

MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Hewlett-Packard BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP G62 Notebook PC Logical Drives Mask: 0x0000001c Kernel Drivers (total 190): 0x0305D000 \SystemRoot\system32\ntoskrnl.exe 0x03014000 \SystemRoot\system32\hal.dll 0x00BC8000 \SystemRoot\system32\kdcom.dll 0x00C95000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CD9000 \SystemRoot\system32\PSHED.dll 0x00CED000 \SystemRoot\system32\CLFS.SYS 0x00E82000 \SystemRoot\system32\CI.dll 0x00F42000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00FE6000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x01017000 \SystemRoot\System32\Drivers\sptd.sys 0x01174000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x0117D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x011AC000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x011B6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x011C3000 \SystemRoot\system32\DRIVERS\pci.sys 0x01224000 \SystemRoot\system32\DRIVERS\kl1.sys 0x01983000 \SystemRoot\System32\drivers\partmgr.sys 0x01998000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x019A1000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x019AD000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D4B000 \SystemRoot\System32\drivers\volmgrx.sys 0x019C2000 \SystemRoot\System32\drivers\mountmgr.sys 0x01A11000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x01C1B000 \SystemRoot\system32\DRIVERS\atapi.sys 0x01C24000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x01C4E000 \SystemRoot\system32\DRIVERS\msahci.sys 0x01C59000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x01C69000 \SystemRoot\system32\drivers\amdxata.sys 0x01C74000 \SystemRoot\system32\drivers\fltmgr.sys 0x01CC0000 \SystemRoot\system32\drivers\fileinfo.sys 0x01E27000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01CD4000 \SystemRoot\System32\Drivers\msrpc.sys 0x01FC9000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01D32000 \SystemRoot\System32\Drivers\cng.sys 0x01FE3000 \SystemRoot\System32\drivers\pcw.sys 0x01FF4000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x0205B000 \SystemRoot\system32\drivers\ndis.sys 0x0214D000 \SystemRoot\system32\drivers\NETIO.SYS 0x021AD000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x02200000 \SystemRoot\System32\drivers\tcpip.sys 0x02000000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01DA5000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0204A000 \SystemRoot\System32\Drivers\spldr.sys 0x00DA7000 \SystemRoot\System32\drivers\rdyboost.sys 0x021D8000 \SystemRoot\System32\Drivers\mup.sys 0x021EA000 \SystemRoot\System32\drivers\hwpolicy.sys 0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01E00000 \SystemRoot\system32\DRIVERS\disk.sys 0x00C3A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x00E57000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x0447A000 \SystemRoot\system32\DRIVERS\klif.sys 0x0451D000 \SystemRoot\System32\Drivers\Null.SYS 0x04526000 \SystemRoot\System32\Drivers\Beep.SYS 0x0452D000 \SystemRoot\System32\drivers\vga.sys 0x0453B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x04560000 \SystemRoot\System32\drivers\watchdog.sys 0x04570000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x04579000 \SystemRoot\system32\drivers\rdpencdd.sys 0x04582000 \SystemRoot\system32\drivers\rdprefmp.sys 0x0458B000 \SystemRoot\System32\Drivers\Msfs.SYS 0x04596000 \SystemRoot\System32\Drivers\Npfs.SYS 0x045A7000 \SystemRoot\system32\DRIVERS\tdx.sys 0x045C5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x045D2000 \SystemRoot\system32\DRIVERS\kl2.sys 0x04A1B000 \SystemRoot\system32\drivers\afd.sys 0x04AA4000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04AE9000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x04AF4000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04AFD000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04B23000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x04B39000 \SystemRoot\system32\DRIVERS\klim6.sys 0x04B42000 \SystemRoot\system32\DRIVERS\netbios.sys 0x04B51000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04B6C000 \SystemRoot\system32\DRIVERS\termdd.sys 0x04B80000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04BD1000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04BDD000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x04BE8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x04A00000 \SystemRoot\System32\drivers\discache.sys 0x045D9000 \SystemRoot\System32\Drivers\dfsc.sys 0x04400000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x04411000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x04A0F000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x0527F000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x05CA2000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x05D96000 \SystemRoot\System32\drivers\dxgmms1.sys 0x05DDC000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x05DED000 \SystemRoot\system32\drivers\usbehci.sys 0x05200000 \SystemRoot\system32\drivers\USBPORT.SYS 0x05256000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04C46000 \SystemRoot\system32\DRIVERS\rtl8192se.sys 0x04D6F000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04D7C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x04C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x04C1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04E78000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x04ECB000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04ECD000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0x04ED7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x04EE6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x04EF3000 \SystemRoot\system32\DRIVERS\Impcd.sys 0x04F1A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x04F23000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04F39000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x04F49000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x04F5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x04F83000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04F8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x04FBE000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04FD9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04E00000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04E1A000 \SystemRoot\system32\DRIVERS\VClone.sys 0x04E29000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04E2B000 \SystemRoot\system32\DRIVERS\ks.sys 0x04C2D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x060FA000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x06154000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x06E5F000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x070A2000 \SystemRoot\system32\drivers\portcls.sys 0x070DF000 \SystemRoot\system32\drivers\drmk.sys 0x07101000 \SystemRoot\system32\drivers\ksthunk.sys 0x07107000 \SystemRoot\system32\DRIVERS\IntcDAud.sys 0x0714E000 \SystemRoot\System32\Drivers\fastfat.SYS 0x000C0000 \SystemRoot\System32\win32k.sys 0x07192000 \SystemRoot\System32\drivers\Dxapi.sys 0x0719E000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x071BB000 \SystemRoot\System32\Drivers\usbvideo.sys 0x004D0000 \SystemRoot\System32\TSDDD.dll 0x00730000 \SystemRoot\System32\cdd.dll 0x00890000 \SystemRoot\System32\ATMFD.DLL 0x06E00000 \SystemRoot\system32\drivers\luafv.sys 0x06E23000 \SystemRoot\system32\drivers\WudfPf.sys 0x06E44000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x06169000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x061BC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x061CF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x06000000 \SystemRoot\system32\drivers\HTTP.sys 0x060C8000 \SystemRoot\system32\DRIVERS\bowser.sys 0x061E7000 \SystemRoot\System32\drivers\mpsdrv.sys 0x04437000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0327E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x032CC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x032EF000 \SystemRoot\system32\drivers\peauth.sys 0x03395000 \SystemRoot\System32\Drivers\secdrv.SYS 0x033A0000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x033CD000 \SystemRoot\System32\drivers\tcpipreg.sys 0x03200000 \SystemRoot\System32\DRIVERS\srv2.sys 0x07CF2000 \SystemRoot\System32\DRIVERS\srv.sys 0x07C3F000 \SystemRoot\System32\Drivers\crashdmp.sys 0x07C4D000 \??\C:\Users\ARSH\AppData\Local\Temp\aswMBR.sys 0x0CADC000 \SystemRoot\system32\DRIVERS\monitor.sys 0x76F80000 \Windows\System32\ntdll.dll 0x480A0000 \Windows\System32\smss.exe 0xFF2A0000 \Windows\System32\apisetschema.dll 0xFF080000 \Windows\System32\ole32.dll 0xFF010000 \Windows\System32\gdi32.dll 0xFEF30000 \Windows\System32\advapi32.dll 0xFEF20000 \Windows\System32\lpk.dll 0xFEDA0000 \Windows\System32\urlmon.dll 0xFEC70000 \Windows\System32\wininet.dll 0xFEC20000 \Windows\System32\ws2_32.dll 0xFEBD0000 \Windows\System32\Wldap32.dll 0xFEAC0000 \Windows\System32\msctf.dll 0x76E80000 \Windows\System32\user32.dll 0xFE9E0000 \Windows\System32\oleaut32.dll 0xFE960000 \Windows\System32\difxapi.dll 0x76D60000 \Windows\System32\kernel32.dll 0xFE940000 \Windows\System32\sechost.dll 0x77150000 \Windows\System32\normaliz.dll 0xFE930000 \Windows\System32\nsi.dll 0xFE900000 \Windows\System32\imm32.dll 0xFE8E0000 \Windows\System32\imagehlp.dll 0xFDB50000 \Windows\System32\shell32.dll 0x77140000 \Windows\System32\psapi.dll 0xFDA80000 \Windows\System32\usp10.dll 0xFD9E0000 \Windows\System32\msvcrt.dll 0xFD800000 \Windows\System32\setupapi.dll 0xFD5A0000 \Windows\System32\iertutil.dll 0xFD500000 \Windows\System32\comdlg32.dll 0xFD480000 \Windows\System32\shlwapi.dll 0xFD350000 \Windows\System32\rpcrt4.dll 0xFD2B0000 \Windows\System32\clbcatq.dll 0xFD290000 \Windows\System32\devobj.dll 0xFD220000 \Windows\System32\KernelBase.dll 0xFD1E0000 \Windows\System32\wintrust.dll 0xFD1A0000 \Windows\System32\cfgmgr32.dll 0xFD100000 \Windows\System32\comctl32.dll 0xFCF90000 \Windows\System32\crypt32.dll 0xFCF80000 \Windows\System32\msasn1.dll Processes (total 77): 0 System Idle Process 4 System 388 C:\Windows\System32\smss.exe 572 csrss.exe 636 C:\Windows\System32\wininit.exe 664 csrss.exe 696 C:\Windows\System32\services.exe 724 C:\Windows\System32\lsass.exe 732 C:\Windows\System32\lsm.exe 836 C:\Windows\System32\svchost.exe 900 C:\Windows\System32\winlogon.exe 960 C:\Windows\System32\svchost.exe 556 C:\Windows\System32\svchost.exe 596 C:\Windows\System32\svchost.exe 772 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\svchost.exe 1176 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\spoolsv.exe 1444 C:\Windows\System32\svchost.exe 1548 C:\Windows\System32\svchost.exe 1576 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 1600 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1632 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe 1812 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1856 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 1904 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 1932 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 1964 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 1312 C:\Windows\System32\svchost.exe 2064 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2264 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2608 C:\Windows\System32\svchost.exe 2652 C:\Windows\System32\SearchIndexer.exe 3604 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe 3680 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe 3732 C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe 3776 C:\Program Files\Realtek\RtVOsd\RtVOsd.exe 3868 WmiPrvSE.exe 3920 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 3968 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 3132 C:\Program Files\Windows Media Player\wmpnetwk.exe 2012 C:\Windows\System32\taskhost.exe 3152 C:\Windows\System32\dwm.exe 3332 C:\Windows\explorer.exe 3316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2512 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe 3368 C:\Windows\System32\igfxtray.exe 1164 C:\Windows\System32\hkcmd.exe 2560 C:\Windows\System32\igfxpers.exe 956 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 2044 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1992 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe 1648 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe 4316 C:\Windows\System32\svchost.exe 1612 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe 4676 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe 5524 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 7420 C:\Users\ARSH\AppData\Roaming\Dropbox\bin\Dropbox.exe 6932 WmiPrvSE.exe 4456 C:\Users\ARSH\AppData\Local\Apps\F.lux\flux.exe 6752 C:\Windows\HelpPane.exe 3432 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbws.exe 8436 C:\Windows\System32\wuauclt.exe 4556 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 8576 C:\Windows\System32\audiodg.exe 3204 C:\Program Files (x86)\Windows Media Player\wmplayer.exe 7804 C:\Program Files (x86)\Skype\Phone\Skype.exe 6124 C:\Users\ARSH\jagexcache\jagexlauncher\bin\JagexLauncher.exe 3816 C:\Windows\System32\taskeng.exe 6832 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 3212 C:\Windows\System32\SearchProtocolHost.exe 2528 C:\Windows\System32\SearchFilterHost.exe 8616 C:\Windows\System32\consent.exe 7872 dllhost.exe 3884 dllhost.exe 560 C:\Users\ARSH\Desktop\MBRCheck.exe 7356 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000046`71d00000 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-60A23T0, Rev: 02.01A02 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: F37A9776F0E98E38BD78E91425829D97888CEEFC Done!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-08 16:11:28 ----------------------------- 16:11:29.019 OS Version: Windows x64 6.1.7600 16:11:29.020 Number of processors: 4 586 0x2505 16:11:29.022 ComputerName: ARSH-HP UserName: ARSH 16:11:32.304 Initialize success 16:11:56.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:11:56.245 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3 16:11:56.270 Disk 0 MBR read successfully 16:11:56.275 Disk 0 MBR scan 16:11:56.281 Disk 0 unknown MBR code 16:11:56.301 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 16:11:56.331 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288341 MB offset 409600 16:11:56.367 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16600 MB offset 590931968 16:11:56.418 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768 16:11:56.531 Disk 0 scanning C:\Windows\system32\drivers 16:12:36.595 Service scanning 16:13:09.198 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 16:13:09.569 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5 16:13:10.594 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 16:13:11.177 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 16:13:40.373 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 16:14:07.092 Modules scanning 16:14:07.115 Disk 0 trace - called modules: 16:14:07.166 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll 16:14:07.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0a060] 16:14:07.192 3 CLASSPNP.SYS[fffff88000c3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497f050] 16:14:07.205 Scan finished successfully 16:21:32.379 Disk 0 MBR has been saved successfully to "C:\Users\ARSH\Desktop\MBR.dat" 16:21:32.389 The log file has been saved successfully to "C:\Users\ARSH\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-10 19:03:29 ----------------------------- 19:03:29.074 OS Version: Windows x64 6.1.7600 19:03:29.074 Number of processors: 4 586 0x2505 19:03:29.075 ComputerName: ARSH-HP UserName: ARSH 19:03:29.775 Initialize success 19:03:35.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:03:35.551 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3 19:03:35.578 Disk 0 MBR read successfully 19:03:35.581 Disk 0 MBR scan 19:03:35.588 Disk 0 unknown MBR code 19:03:35.606 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 19:03:35.627 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288341 MB offset 409600 19:03:35.661 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16600 MB offset 590931968 19:03:35.679 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768 19:03:35.746 Disk 0 scanning C:\Windows\system32\drivers 19:03:45.661 Service scanning 19:04:04.472 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 19:04:04.611 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5 19:04:05.131 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 19:04:05.628 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 19:04:21.179 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 19:04:36.537 Modules scanning 19:04:36.548 Disk 0 trace - called modules: 19:04:36.572 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys 19:04:36.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0a060] 19:04:36.590 3 CLASSPNP.SYS[fffff88000c3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497f050] 19:04:36.600 Scan finished successfully 19:09:01.038 Verifying 19:09:11.054 Disk 0 Windows 601 MBR fixed successfully 19:09:48.080 Disk 0 MBR has been saved successfully to "C:\Users\ARSH\Desktop\MBR.dat" 19:09:48.107 The log file has been saved successfully to "C:\Users\ARSH\Desktop\aswMBR.txt"

OTL servers are down so I cant download that heres the other thing though aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-08 16:11:28 ----------------------------- 16:11:29.019 OS Version: Windows x64 6.1.7600 16:11:29.020 Number of processors: 4 586 0x2505 16:11:29.022 ComputerName: ARSH-HP UserName: ARSH 16:11:32.304 Initialize success 16:11:56.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:11:56.245 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3 16:11:56.270 Disk 0 MBR read successfully 16:11:56.275 Disk 0 MBR scan 16:11:56.281 Disk 0 unknown MBR code 16:11:56.301 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 16:11:56.331 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288341 MB offset 409600 16:11:56.367 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16600 MB offset 590931968 16:11:56.418 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768 16:11:56.531 Disk 0 scanning C:\Windows\system32\drivers 16:12:36.595 Service scanning 16:13:09.198 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 16:13:09.569 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5 16:13:10.594 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 16:13:11.177 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 16:13:40.373 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 16:14:07.092 Modules scanning 16:14:07.115 Disk 0 trace - called modules: 16:14:07.166 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll 16:14:07.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0a060] 16:14:07.192 3 CLASSPNP.SYS[fffff88000c3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497f050] 16:14:07.205 Scan finished successfully 16:21:32.379 Disk 0 MBR has been saved successfully to "C:\Users\ARSH\Desktop\MBR.dat" 16:21:32.389 The log file has been saved successfully to "C:\Users\ARSH\Desktop\aswMBR.txt"

sorry ive been away from computer for a while anyways i tried again and it froze again

Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.30.07 Windows 7 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7600.16385 ARSH :: ARSH-HP [administrator] 01/07/2012 2:43:00 PM mbam-log-2012-07-01 (14-43-00).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 69545 Time elapsed: 8 minute(s), 8 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$RECYCLE.BIN\S-1-5-21-4066962898-1214771355-913425146-1001\$RW4JICM.exe (PUP.BundleInstaller.IQ) -> Quarantined and deleted successfully. (end)

i tried again in safe mode, it froze at like 130k objects scanned but detected one thing, so i rebooted again into safe mode, and as soon as it detected that file i stopped the scan and deleted it, then rebooted. now what?

files DDS.txt Attach.txt

my computers got really really slow in the last 2 weeks, i tried scanning with malwarebytes but the full scan freezes after a bit and then i have to wait 10 minutes for task manager to open then close it same things happening with firefox. just randomly freezes then wont unfreeze until i end it from task manager cant even virus scan either.. mbam quick scan comes out clean, full scan wont even finish.. wtf do i do?

faster now for sure. did I even have a virus?

combofix.txt ComboFix 12-05-17.05 - ARSH 17/05/2012 12:16:28.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3894.2458 [GMT -7:00] Running from: c:\users\ARSH\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\CrashLog_20111116.txt . . ((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 ))))))))))))))))))))))))))))))) . . 2012-05-17 19:27 . 2012-05-17 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-15 20:34 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2139039-72A6-44E4-9CA1-A20A2F1B2D06}\mpengine.dll 2012-05-14 18:52 . 2012-05-14 18:52 -------- d-----w- C:\_OTL 2012-05-14 03:32 . 2012-05-14 03:32 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-05-14 03:32 . 2012-05-14 03:32 -------- d-----w- c:\program files (x86)\Oracle 2012-05-14 03:31 . 2012-05-14 03:30 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-10 07:07 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-10 07:07 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-10 07:07 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-10 07:07 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-10 07:07 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-10 07:07 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-10 07:07 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-10 07:07 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-10 07:07 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-10 07:07 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-10 07:06 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-10 07:06 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys 2012-05-10 07:06 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-10 07:06 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-10 07:06 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-10 07:06 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-10 07:06 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 07:06 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-04-26 17:38 . 2012-04-26 17:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-04-26 17:37 . 2012-04-26 17:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-26 17:37 . 2012-04-26 17:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-21 10:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-21 10:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-21 10:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-21 10:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-21 10:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-21 10:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-21 10:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-05 01:47 . 2010-07-13 12:57 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-04 22:56 . 2011-01-05 05:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-23 17:18 . 2010-12-26 21:08 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-28 937360] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-28 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-28 3508624] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392] R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 GPU-Z;GPU-Z;c:\users\ARSH\AppData\Local\Temp\GPU-Z.sys [x] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\ARSH\AppData\Local\Temp\0051FFB.tmp [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job - c:\users\ARSH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 04:55] . 2012-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job - c:\users\ARSH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 04:55] . 2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job - c:\users\ARSH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-28 04:26] . 2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job - c:\users\ARSH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-28 04:26] . 2012-05-10 c:\windows\Tasks\HPCeeScheduleForARSH.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 64.59.144.18 64.59.144.19 FF - ProfilePath - c:\users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.ca FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\ARSH\AppData\Local\Temp\0051FFB.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe . ************************************************************************** . Completion time: 2012-05-17 12:37:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-17 19:37 . Pre-Run: 217,931,640,832 bytes free Post-Run: 217,608,527,872 bytes free . - - End Of File - - 550D8ACE9ABEDF2BE3B7306ABAD1CBF8

Here you go All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found. HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{858CF64C-4891-438E-BF47-C56141E859E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{858CF64C-4891-438E-BF47-C56141E859E3}\ not found. Registry key HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\searchplugins\askcom.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. C:\Users\ARSH\AppData\Roaming\56498018 moved successfully. C:\Users\ARSH\AppData\Local\3db081a9 moved successfully. C:\ProgramData\84e2a78c moved successfully. C:\Users\ARSH\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully. C:\Users\ARSH\AppData\Roaming\BitTorrent\apps folder moved successfully. C:\Users\ARSH\AppData\Roaming\BitTorrent folder moved successfully. C:\Users\ARSH\AppData\Roaming\FrostWire folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: ARSH ->Temp folder emptied: 3180701 bytes ->Temporary Internet Files folder emptied: 12705825 bytes ->Java cache emptied: 6399725 bytes ->FireFox cache emptied: 1109747879 bytes ->Google Chrome cache emptied: 482893050 bytes ->Flash cache emptied: 8184755 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 711240 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 4278856 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 53897212 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67825 bytes RecycleBin emptied: 48762148 bytes Total Files Cleaned = 1,651.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.42.3 log created on 05142012_115255 Files\Folders moved on Reboot... C:\Users\ARSH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\kls6660.tmp moved successfully. Registry entries deleted on Reboot...