as93
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by as93
-
-
-
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ARSH\Desktop\cmd.bat deleted successfully.
C:\Users\ARSH\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ARSH
->Temp folder emptied: 48335556 bytes
->Temporary Internet Files folder emptied: 1072657 bytes
->Java cache emptied: 97128745 bytes
->FireFox cache emptied: 1142415912 bytes
->Google Chrome cache emptied: 393014468 bytes
->Flash cache emptied: 30249 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3346596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50397 bytes
RecycleBin emptied: 108638663 bytes
Total Files Cleaned = 1,711.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.54.0 log created on 07142012_182407
Files\Folders moved on Reboot...
C:\Users\ARSH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\ARSH\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
-
i quick scanned otl only one notepad thing opened. the extras.txt one didnt
OTL logfile created on: 7/13/2012 11:18:46 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\ARSH\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.80 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 65.33% Memory free
7.60 Gb Paging File | 5.29 Gb Available in Paging File | 69.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.58 Gb Total Space | 205.66 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
Drive D: | 16.21 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Computer Name: ARSH-HP | User Name: ARSH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/13 23:14:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe
PRC - [2012/06/13 19:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\ARSH\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/04/25 00:12:42 | 000,197,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbws.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/08/31 21:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ARSH\Local Settings\Apps\F.lux\flux.exe
========== Modules (No Company Name) ==========
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ARSH\Local Settings\Apps\F.lux\flux.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/17 01:53:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/20 19:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/05/20 19:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 15:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/03/30 18:45:23 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/02/13 11:55:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/05 12:57:18 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/06/28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:64bit: - [2007/06/28 12:46:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342}
IE:64bit: - HKLM\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342}
IE - HKLM\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342}
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ARSH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/03 13:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/05/03 13:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 01:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 14:42:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 01:53:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 14:42:56 | 000,000,000 | ---D | M]
[2010/12/26 16:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Extensions
[2012/07/04 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions
[2012/03/29 19:41:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/20 12:26:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/26 22:55:02 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\FasterFox_Lite@BigRedBrent
[2011/05/06 16:16:27 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\tineye@ideeinc.com
[2011/12/27 00:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/19 22:40:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/12/26 20:52:06 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012/07/04 21:14:44 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\ARSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VEWC7UE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/23 15:31:02 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\ARSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VEWC7UE.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI
[2012/06/17 01:53:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/15 16:25:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/15 16:25:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://google.ca/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.ca/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ARSH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: The Champions 3D = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagfaoglpicblgbdiflhhgibpmknpga\2.8.6_0\
CHR - Extension: Virtual Keyboard = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Anti-Banner = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2012/05/17 12:29:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\Run: [F.lux] C:\Users\ARSH\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\Run: [Facebook Update] C:\Users\ARSH\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ARSH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 64.59.144.19 64.59.150.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12ECA67A-87FE-4C4F-8044-481E66C95625}: DhcpNameServer = 192.168.1.1 64.59.144.19 64.59.150.135
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/13 23:13:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe
[2012/07/11 12:25:42 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{E0C1D213-68B6-454C-9D17-07EAC816F8AD}
[2012/07/11 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{17EC516B-D92D-4B6C-BA00-56961D737026}
[2012/07/10 23:57:01 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2012/07/10 23:56:58 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\Apps
[2012/07/10 17:45:53 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{D2752F5C-1B86-4752-9FC8-475BB80F0A78}
[2012/07/10 17:44:24 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{F39C2D4F-6257-42A8-8D0A-C3F8097D0B05}
[2012/07/10 17:42:47 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{BB04CC52-3722-4CF6-B467-CAB04A8284D8}
[2012/07/10 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{4E0606F8-0F90-45CB-92A8-83AD8DF3DFD8}
[2012/07/08 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{8AF3B168-EA08-4C03-9DD6-3575A3C584FD}
[2012/07/08 16:10:52 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{E470499B-08B6-4888-8D11-43D906550D9E}
[2012/07/08 16:10:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ARSH\Desktop\aswMBR.exe
[2012/07/07 12:44:08 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{B4FA0685-2A71-46FB-9DFF-D223A3160A33}
[2012/07/07 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{A5136444-6FB4-45EB-9A55-35D3CAD89017}
[2012/07/02 23:45:20 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9CB7E8C2-3FB8-4E0F-B42C-462821B6AF56}
[2012/07/02 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{BF6F3D72-150A-4518-97BE-9EFC61B10D9C}
[2012/06/30 16:50:34 | 000,000,000 | ---D | C] -- C:\Users\ARSH\Documents\EpicBot
[2012/06/29 14:25:29 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\EpicBot
[2012/06/29 14:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
[2012/06/29 14:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpicBot
[2012/06/27 23:13:12 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{2100597C-3481-4A11-8445-D7C3EF65DE4B}
[2012/06/27 23:12:54 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9396706C-6F52-4BF4-89B2-0A66695F030D}
[2012/06/23 23:09:57 | 000,000,000 | R--D | C] -- C:\Users\ARSH\Dropbox
[2012/06/23 23:05:23 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/23 23:02:43 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Dropbox
[2012/06/23 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\ARSH\jagexcache2
[2012/06/23 17:10:55 | 000,000,000 | ---D | C] -- C:\Users\ARSH\jagexcache1
[2012/06/23 16:12:59 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2012/06/23 16:12:53 | 000,000,000 | ---D | C] -- C:\Users\ARSH\jagexcache
[2012/06/22 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{869EA663-EB4E-4DD5-95D8-62AC7B3AF523}
[2012/06/22 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{EEAEC77B-F42A-4DF9-85DB-703EFB403514}
[2012/06/22 22:29:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/21 21:11:12 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{1F95DD5B-0612-4B11-96F3-5E814A6FD2B7}
[2012/06/21 19:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/21 19:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/06/21 19:48:28 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{45A37833-6E81-4895-B09F-E6D02DFB900F}
[2012/06/21 19:47:03 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9A9BC192-B31D-45FF-99D4-9F16935EE826}
[2012/06/21 13:19:57 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{374FDC5F-5FB3-46BE-BA51-4C207BFD2F05}
[2012/06/21 13:19:04 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{8790C494-A925-4589-B433-6CB2A0A87255}
[2012/06/20 21:21:06 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{6CE9EACE-A8E2-42EA-893A-6DB1C5707A95}
[2012/06/20 21:20:37 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{80BBE79C-327C-48D4-873F-A2DB4F093256}
[2012/06/20 20:24:14 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{12E6AB38-8128-48C6-BA99-8E226BEADA9B}
[2012/06/20 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{7FF6835E-3D3A-44F5-9BB1-1D0007995B44}
[2012/06/20 12:29:30 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{C2E50F82-8FC5-4CAF-A63F-04F6EC587E26}
[2012/06/20 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{9BCDB067-7034-4261-B6D0-A4DFAFF405FB}
[2012/06/20 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{227D225E-D4CE-4605-BD08-DCCC45835FED}
[2012/06/20 00:08:38 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{1082E08A-770B-427D-8ED5-45436CF401C4}
[2012/06/19 22:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/19 22:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/19 22:36:30 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{54D5CB23-7FF5-48E6-9ACF-85561C028D24}
[2012/06/17 01:52:12 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{B464F029-14E9-4544-B199-916C9EAB93A9}
[2012/06/16 11:56:01 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{CDBB5CC1-25B7-434D-98A0-C2F6962934E4}
[2011/08/16 19:08:54 | 563,640,952 | ---- | C] (Z8Games.com ) -- C:\Users\ARSH\CrossFire_Setup_v1071.exe
========== Files - Modified Within 30 Days ==========
[2012/07/13 23:18:43 | 000,000,024 | ---- | M] () -- C:\Users\ARSH\random.dat
[2012/07/13 23:18:42 | 000,000,024 | ---- | M] () -- C:\Users\ARSH\jagexappletviewer.preferences
[2012/07/13 23:15:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
[2012/07/13 23:14:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe
[2012/07/13 23:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
[2012/07/13 22:12:48 | 000,000,043 | ---- | M] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE.dat
[2012/07/13 22:12:23 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
[2012/07/13 22:12:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 14:18:16 | 000,080,384 | ---- | M] () -- C:\Users\ARSH\Desktop\MBRCheck.exe
[2012/07/13 12:02:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
[2012/07/11 11:31:07 | 000,002,391 | ---- | M] () -- C:\Users\ARSH\Desktop\Google Chrome.lnk
[2012/07/10 19:09:48 | 000,000,512 | ---- | M] () -- C:\Users\ARSH\Desktop\MBR.dat
[2012/07/10 18:11:47 | 000,559,424 | ---- | M] () -- C:\Users\ARSH\Desktop\flux-setup.exe
[2012/07/10 17:31:49 | 005,394,081 | ---- | M] () -- C:\Users\ARSH\Desktop\Bhai Jasbir Singh Poanta Sahib Wale.mp3
[2012/07/09 22:30:21 | 002,880,470 | ---- | M] () -- C:\Users\ARSH\Desktop\Batman Instrumental Beat.mp3
[2012/07/09 10:31:10 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForARSH.job
[2012/07/08 16:11:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ARSH\Desktop\aswMBR.exe
[2012/07/05 14:19:20 | 000,000,044 | ---- | M] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE1.dat
[2012/07/05 12:33:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 12:33:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 14:52:08 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 14:25:12 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\EpicBot.lnk
[2012/06/23 23:09:57 | 000,001,037 | ---- | M] () -- C:\Users\ARSH\Desktop\Dropbox.lnk
[2012/06/23 23:05:37 | 000,001,047 | ---- | M] () -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/23 21:46:56 | 000,000,129 | ---- | M] () -- C:\Users\ARSH\jagex_runescape_preferences2.dat
[2012/06/23 21:45:52 | 000,000,046 | ---- | M] () -- C:\Users\ARSH\jagex_runescape_preferences.dat
[2012/06/23 21:45:51 | 000,000,044 | ---- | M] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE2.dat
[2012/06/23 17:10:03 | 000,725,696 | ---- | M] () -- C:\Users\ARSH\Desktop\RSBot-4018.jar
[2012/06/23 16:12:59 | 000,002,046 | ---- | M] () -- C:\Users\ARSH\Desktop\RuneScape.lnk
[2012/06/20 18:41:36 | 000,007,623 | ---- | M] () -- C:\Users\ARSH\AppData\Local\resmon.resmoncfg
[2012/06/19 22:39:17 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/16 20:55:12 | 000,493,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/16 12:18:30 | 000,791,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 12:18:30 | 000,656,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 12:18:30 | 000,123,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
========== Files Created - No Company Name ==========
[2012/07/13 14:18:13 | 000,080,384 | ---- | C] () -- C:\Users\ARSH\Desktop\MBRCheck.exe
[2012/07/10 18:11:43 | 000,559,424 | ---- | C] () -- C:\Users\ARSH\Desktop\flux-setup.exe
[2012/07/10 17:31:32 | 005,394,081 | ---- | C] () -- C:\Users\ARSH\Desktop\Bhai Jasbir Singh Poanta Sahib Wale.mp3
[2012/07/09 22:30:08 | 002,880,470 | ---- | C] () -- C:\Users\ARSH\Desktop\Batman Instrumental Beat.mp3
[2012/07/08 16:21:32 | 000,000,512 | ---- | C] () -- C:\Users\ARSH\Desktop\MBR.dat
[2012/06/29 14:25:12 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\EpicBot.lnk
[2012/06/23 23:09:57 | 000,001,037 | ---- | C] () -- C:\Users\ARSH\Desktop\Dropbox.lnk
[2012/06/23 23:05:37 | 000,001,047 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/23 21:45:51 | 000,000,044 | ---- | C] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE2.dat
[2012/06/23 17:10:55 | 000,000,044 | ---- | C] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE1.dat
[2012/06/23 17:10:27 | 000,725,696 | ---- | C] () -- C:\Users\ARSH\Desktop\RSBot-4018.jar
[2012/06/23 16:14:21 | 000,000,024 | ---- | C] () -- C:\Users\ARSH\jagexappletviewer.preferences
[2012/06/23 16:12:59 | 000,002,076 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2012/06/23 16:12:59 | 000,002,046 | ---- | C] () -- C:\Users\ARSH\Desktop\RuneScape.lnk
[2012/06/19 22:39:17 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/17 12:13:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/17 12:13:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/17 12:13:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/17 12:13:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/17 12:13:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 21:07:00 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/26 20:53:07 | 000,017,408 | ---- | C] () -- C:\Users\ARSH\AppData\Local\WebpageIcons.db
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/11/19 16:37:45 | 000,000,024 | ---- | C] () -- C:\Users\ARSH\random.dat
[2011/11/16 21:55:30 | 000,771,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 12:44:47 | 000,000,043 | ---- | C] () -- C:\Users\ARSH\jagex_cl_runescape_LIVE.dat
[2011/09/12 18:02:11 | 000,000,300 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\RSBuddy_tylerty97821.ini
[2011/08/16 22:03:11 | 000,001,092 | ---- | C] () -- C:\Users\ARSH\My Documents - Shortcut.lnk
[2011/08/06 23:17:51 | 000,007,623 | ---- | C] () -- C:\Users\ARSH\AppData\Local\resmon.resmoncfg
[2011/07/16 19:01:48 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/07/16 19:01:48 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2011/07/11 21:18:56 | 000,009,728 | ---- | C] () -- C:\Users\ARSH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 19:36:05 | 001,332,295 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\UserTile.png
[2011/04/16 18:47:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/08 23:33:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/08 23:33:11 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/19 13:48:43 | 000,000,600 | ---- | C] () -- C:\Users\ARSH\AppData\Local\PUTTY.RND
[2011/03/18 21:33:08 | 000,000,129 | ---- | C] () -- C:\Users\ARSH\jagex_runescape_preferences2.dat
[2011/03/18 21:03:42 | 000,000,474 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/15 19:29:27 | 000,000,036 | ---- | C] () -- C:\Users\ARSH\AppData\Local\housecall.guid.cache
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/07 11:33:57 | 000,001,854 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 18:37:23 | 000,000,135 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\RSBot_Accounts.ini
[2010/12/31 17:32:06 | 000,000,000 | ---- | C] () -- C:\Users\ARSH\jagex__preferences3.dat
[2010/12/26 17:19:00 | 000,000,046 | ---- | C] () -- C:\Users\ARSH\jagex_runescape_preferences.dat
[2010/09/20 01:38:20 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/09/20 01:33:30 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/09/20 01:33:30 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
========== LOP Check ==========
[2011/01/23 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\.jagex_cache_22
[2011/06/11 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\2K Sports
[2011/07/17 15:20:59 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Audacity
[2010/12/28 23:49:06 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\BatteryCare
[2011/07/12 16:15:31 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2012/07/10 17:42:59 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Dropbox
[2012/06/29 14:25:48 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\EpicBot
[2011/05/01 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\GrabPro
[2011/11/29 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ImgBurn
[2011/07/31 00:05:14 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\IObit
[2011/03/17 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Leadertech
[2012/03/08 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ManyCam
[2011/04/06 21:05:33 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\My Games
[2011/05/01 12:00:08 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Orbit
[2011/06/22 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Pokemon Lab
[2011/07/26 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\proDAD
[2011/05/01 11:49:04 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ProgSense
[2011/06/11 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\QuickScan
[2012/06/12 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Samsung
[2011/08/16 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\SystemRequirementsLab
[2011/08/14 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\TeamViewer
[2012/06/12 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Temp
[2011/03/31 22:47:29 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\The Creative Assembly
[2011/10/18 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/07/13 16:01:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Windows Live Writer
[2012/07/13 22:12:23 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
[2012/07/13 23:15:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
[2012/03/26 10:17:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
-
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G62 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 190):
0x0305D000 \SystemRoot\system32\ntoskrnl.exe
0x03014000 \SystemRoot\system32\hal.dll
0x00BC8000 \SystemRoot\system32\kdcom.dll
0x00C95000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CD9000 \SystemRoot\system32\PSHED.dll
0x00CED000 \SystemRoot\system32\CLFS.SYS
0x00E82000 \SystemRoot\system32\CI.dll
0x00F42000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FE6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01017000 \SystemRoot\System32\Drivers\sptd.sys
0x01174000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0117D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011AC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011B6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x011C3000 \SystemRoot\system32\DRIVERS\pci.sys
0x01224000 \SystemRoot\system32\DRIVERS\kl1.sys
0x01983000 \SystemRoot\System32\drivers\partmgr.sys
0x01998000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x019A1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x019AD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D4B000 \SystemRoot\System32\drivers\volmgrx.sys
0x019C2000 \SystemRoot\System32\drivers\mountmgr.sys
0x01A11000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01C1B000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01C24000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01C4E000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01C59000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01C69000 \SystemRoot\system32\drivers\amdxata.sys
0x01C74000 \SystemRoot\system32\drivers\fltmgr.sys
0x01CC0000 \SystemRoot\system32\drivers\fileinfo.sys
0x01E27000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01CD4000 \SystemRoot\System32\Drivers\msrpc.sys
0x01FC9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01D32000 \SystemRoot\System32\Drivers\cng.sys
0x01FE3000 \SystemRoot\System32\drivers\pcw.sys
0x01FF4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0205B000 \SystemRoot\system32\drivers\ndis.sys
0x0214D000 \SystemRoot\system32\drivers\NETIO.SYS
0x021AD000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02200000 \SystemRoot\System32\drivers\tcpip.sys
0x02000000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01DA5000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0204A000 \SystemRoot\System32\Drivers\spldr.sys
0x00DA7000 \SystemRoot\System32\drivers\rdyboost.sys
0x021D8000 \SystemRoot\System32\Drivers\mup.sys
0x021EA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01E00000 \SystemRoot\system32\DRIVERS\disk.sys
0x00C3A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00E57000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0447A000 \SystemRoot\system32\DRIVERS\klif.sys
0x0451D000 \SystemRoot\System32\Drivers\Null.SYS
0x04526000 \SystemRoot\System32\Drivers\Beep.SYS
0x0452D000 \SystemRoot\System32\drivers\vga.sys
0x0453B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04560000 \SystemRoot\System32\drivers\watchdog.sys
0x04570000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04579000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04582000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0458B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04596000 \SystemRoot\System32\Drivers\Npfs.SYS
0x045A7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x045C5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x045D2000 \SystemRoot\system32\DRIVERS\kl2.sys
0x04A1B000 \SystemRoot\system32\drivers\afd.sys
0x04AA4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04AE9000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04AF4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04AFD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04B23000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04B39000 \SystemRoot\system32\DRIVERS\klim6.sys
0x04B42000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04B51000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04B6C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04B80000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04BD1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04BDD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04BE8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x04A00000 \SystemRoot\System32\drivers\discache.sys
0x045D9000 \SystemRoot\System32\Drivers\dfsc.sys
0x04400000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04411000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A0F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0527F000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x05CA2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05D96000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05DDC000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05DED000 \SystemRoot\system32\drivers\usbehci.sys
0x05200000 \SystemRoot\system32\drivers\USBPORT.SYS
0x05256000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04C46000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x04D6F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04D7C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04C1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04E78000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04ECB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04ECD000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x04ED7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04EE6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04EF3000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x04F1A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04F23000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04F39000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04F49000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04F5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04F83000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04F8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04FBE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04FD9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04E00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04E1A000 \SystemRoot\system32\DRIVERS\VClone.sys
0x04E29000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04E2B000 \SystemRoot\system32\DRIVERS\ks.sys
0x04C2D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x060FA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06154000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06E5F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x070A2000 \SystemRoot\system32\drivers\portcls.sys
0x070DF000 \SystemRoot\system32\drivers\drmk.sys
0x07101000 \SystemRoot\system32\drivers\ksthunk.sys
0x07107000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x0714E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x000C0000 \SystemRoot\System32\win32k.sys
0x07192000 \SystemRoot\System32\drivers\Dxapi.sys
0x0719E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x071BB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x00730000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x06E00000 \SystemRoot\system32\drivers\luafv.sys
0x06E23000 \SystemRoot\system32\drivers\WudfPf.sys
0x06E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06169000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x061BC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x061CF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06000000 \SystemRoot\system32\drivers\HTTP.sys
0x060C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x061E7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04437000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0327E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x032CC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x032EF000 \SystemRoot\system32\drivers\peauth.sys
0x03395000 \SystemRoot\System32\Drivers\secdrv.SYS
0x033A0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x033CD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CF2000 \SystemRoot\System32\DRIVERS\srv.sys
0x07C3F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07C4D000 \??\C:\Users\ARSH\AppData\Local\Temp\aswMBR.sys
0x0CADC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x76F80000 \Windows\System32\ntdll.dll
0x480A0000 \Windows\System32\smss.exe
0xFF2A0000 \Windows\System32\apisetschema.dll
0xFF080000 \Windows\System32\ole32.dll
0xFF010000 \Windows\System32\gdi32.dll
0xFEF30000 \Windows\System32\advapi32.dll
0xFEF20000 \Windows\System32\lpk.dll
0xFEDA0000 \Windows\System32\urlmon.dll
0xFEC70000 \Windows\System32\wininet.dll
0xFEC20000 \Windows\System32\ws2_32.dll
0xFEBD0000 \Windows\System32\Wldap32.dll
0xFEAC0000 \Windows\System32\msctf.dll
0x76E80000 \Windows\System32\user32.dll
0xFE9E0000 \Windows\System32\oleaut32.dll
0xFE960000 \Windows\System32\difxapi.dll
0x76D60000 \Windows\System32\kernel32.dll
0xFE940000 \Windows\System32\sechost.dll
0x77150000 \Windows\System32\normaliz.dll
0xFE930000 \Windows\System32\nsi.dll
0xFE900000 \Windows\System32\imm32.dll
0xFE8E0000 \Windows\System32\imagehlp.dll
0xFDB50000 \Windows\System32\shell32.dll
0x77140000 \Windows\System32\psapi.dll
0xFDA80000 \Windows\System32\usp10.dll
0xFD9E0000 \Windows\System32\msvcrt.dll
0xFD800000 \Windows\System32\setupapi.dll
0xFD5A0000 \Windows\System32\iertutil.dll
0xFD500000 \Windows\System32\comdlg32.dll
0xFD480000 \Windows\System32\shlwapi.dll
0xFD350000 \Windows\System32\rpcrt4.dll
0xFD2B0000 \Windows\System32\clbcatq.dll
0xFD290000 \Windows\System32\devobj.dll
0xFD220000 \Windows\System32\KernelBase.dll
0xFD1E0000 \Windows\System32\wintrust.dll
0xFD1A0000 \Windows\System32\cfgmgr32.dll
0xFD100000 \Windows\System32\comctl32.dll
0xFCF90000 \Windows\System32\crypt32.dll
0xFCF80000 \Windows\System32\msasn1.dll
Processes (total 77):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
572 csrss.exe
636 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\winlogon.exe
960 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
596 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\spoolsv.exe
1444 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\svchost.exe
1576 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1600 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1632 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
1812 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1856 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1904 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1932 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1964 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
1312 C:\Windows\System32\svchost.exe
2064 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2264 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2608 C:\Windows\System32\svchost.exe
2652 C:\Windows\System32\SearchIndexer.exe
3604 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
3680 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
3732 C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
3776 C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
3868 WmiPrvSE.exe
3920 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
3968 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3132 C:\Program Files\Windows Media Player\wmpnetwk.exe
2012 C:\Windows\System32\taskhost.exe
3152 C:\Windows\System32\dwm.exe
3332 C:\Windows\explorer.exe
3316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2512 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
3368 C:\Windows\System32\igfxtray.exe
1164 C:\Windows\System32\hkcmd.exe
2560 C:\Windows\System32\igfxpers.exe
956 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2044 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1992 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
1648 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
4316 C:\Windows\System32\svchost.exe
1612 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
4676 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5524 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
7420 C:\Users\ARSH\AppData\Roaming\Dropbox\bin\Dropbox.exe
6932 WmiPrvSE.exe
4456 C:\Users\ARSH\AppData\Local\Apps\F.lux\flux.exe
6752 C:\Windows\HelpPane.exe
3432 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbws.exe
8436 C:\Windows\System32\wuauclt.exe
4556 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
8576 C:\Windows\System32\audiodg.exe
3204 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
7804 C:\Program Files (x86)\Skype\Phone\Skype.exe
6124 C:\Users\ARSH\jagexcache\jagexlauncher\bin\JagexLauncher.exe
3816 C:\Windows\System32\taskeng.exe
6832 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3212 C:\Windows\System32\SearchProtocolHost.exe
2528 C:\Windows\System32\SearchFilterHost.exe
8616 C:\Windows\System32\consent.exe
7872 dllhost.exe
3884 dllhost.exe
560 C:\Users\ARSH\Desktop\MBRCheck.exe
7356 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000046`71d00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-60A23T0, Rev: 02.01A02
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: F37A9776F0E98E38BD78E91425829D97888CEEFC
Done!
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 16:11:28
-----------------------------
16:11:29.019 OS Version: Windows x64 6.1.7600
16:11:29.020 Number of processors: 4 586 0x2505
16:11:29.022 ComputerName: ARSH-HP UserName: ARSH
16:11:32.304 Initialize success
16:11:56.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:11:56.245 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
16:11:56.270 Disk 0 MBR read successfully
16:11:56.275 Disk 0 MBR scan
16:11:56.281 Disk 0 unknown MBR code
16:11:56.301 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:11:56.331 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288341 MB offset 409600
16:11:56.367 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16600 MB offset 590931968
16:11:56.418 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
16:11:56.531 Disk 0 scanning C:\Windows\system32\drivers
16:12:36.595 Service scanning
16:13:09.198 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
16:13:09.569 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
16:13:10.594 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
16:13:11.177 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
16:13:40.373 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:14:07.092 Modules scanning
16:14:07.115 Disk 0 trace - called modules:
16:14:07.166 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
16:14:07.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0a060]
16:14:07.192 3 CLASSPNP.SYS[fffff88000c3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497f050]
16:14:07.205 Scan finished successfully
16:21:32.379 Disk 0 MBR has been saved successfully to "C:\Users\ARSH\Desktop\MBR.dat"
16:21:32.389 The log file has been saved successfully to "C:\Users\ARSH\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 19:03:29
-----------------------------
19:03:29.074 OS Version: Windows x64 6.1.7600
19:03:29.074 Number of processors: 4 586 0x2505
19:03:29.075 ComputerName: ARSH-HP UserName: ARSH
19:03:29.775 Initialize success
19:03:35.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:03:35.551 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
19:03:35.578 Disk 0 MBR read successfully
19:03:35.581 Disk 0 MBR scan
19:03:35.588 Disk 0 unknown MBR code
19:03:35.606 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:03:35.627 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288341 MB offset 409600
19:03:35.661 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16600 MB offset 590931968
19:03:35.679 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
19:03:35.746 Disk 0 scanning C:\Windows\system32\drivers
19:03:45.661 Service scanning
19:04:04.472 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
19:04:04.611 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
19:04:05.131 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
19:04:05.628 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
19:04:21.179 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:04:36.537 Modules scanning
19:04:36.548 Disk 0 trace - called modules:
19:04:36.572 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
19:04:36.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0a060]
19:04:36.590 3 CLASSPNP.SYS[fffff88000c3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497f050]
19:04:36.600 Scan finished successfully
19:09:01.038 Verifying
19:09:11.054 Disk 0 Windows 601 MBR fixed successfully
19:09:48.080 Disk 0 MBR has been saved successfully to "C:\Users\ARSH\Desktop\MBR.dat"
19:09:48.107 The log file has been saved successfully to "C:\Users\ARSH\Desktop\aswMBR.txt"
-
OTL servers are down so I cant download that
heres the other thing though
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 16:11:28
-----------------------------
16:11:29.019 OS Version: Windows x64 6.1.7600
16:11:29.020 Number of processors: 4 586 0x2505
16:11:29.022 ComputerName: ARSH-HP UserName: ARSH
16:11:32.304 Initialize success
16:11:56.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:11:56.245 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
16:11:56.270 Disk 0 MBR read successfully
16:11:56.275 Disk 0 MBR scan
16:11:56.281 Disk 0 unknown MBR code
16:11:56.301 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:11:56.331 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288341 MB offset 409600
16:11:56.367 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16600 MB offset 590931968
16:11:56.418 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
16:11:56.531 Disk 0 scanning C:\Windows\system32\drivers
16:12:36.595 Service scanning
16:13:09.198 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
16:13:09.569 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
16:13:10.594 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
16:13:11.177 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
16:13:40.373 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:14:07.092 Modules scanning
16:14:07.115 Disk 0 trace - called modules:
16:14:07.166 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
16:14:07.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0a060]
16:14:07.192 3 CLASSPNP.SYS[fffff88000c3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497f050]
16:14:07.205 Scan finished successfully
16:21:32.379 Disk 0 MBR has been saved successfully to "C:\Users\ARSH\Desktop\MBR.dat"
16:21:32.389 The log file has been saved successfully to "C:\Users\ARSH\Desktop\aswMBR.txt"
-
sorry ive been away from computer for a while
anyways i tried again and it froze again
-
I would like to see the log life. Please go to Logs tab, find it and post it in your next reply.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.30.07
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
ARSH :: ARSH-HP [administrator]
01/07/2012 2:43:00 PM
mbam-log-2012-07-01 (14-43-00).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 69545
Time elapsed: 8 minute(s), 8 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\$RECYCLE.BIN\S-1-5-21-4066962898-1214771355-913425146-1001\$RW4JICM.exe (PUP.BundleInstaller.IQ) -> Quarantined and deleted successfully.
(end)
-
Hello as93! My name is Maniac and I will be glad to help you solve your malware problem.
Please note:
- If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
- I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
- Make sure you read all of the instructions and fixes thoroughly before continuing with them.
- Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
- Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Please add in Kaspersky exclusions the following files:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
How to do that here:
http://support.kaspe...s?qid=208284473
About your full scan freezing, follow the instructions here:
Finally, reboot and try to perform a full system scan again. Let me know.
i tried again in safe mode, it froze at like 130k objects scanned but detected one thing, so i rebooted again into safe mode, and as soon as it detected that file i stopped the scan and deleted it, then rebooted.
now what?
- If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
-
-
my computers got really really slow in the last 2 weeks, i tried scanning with malwarebytes but the full scan freezes after a bit and then i have to wait 10 minutes for task manager to open then close it
same things happening with firefox. just randomly freezes then wont unfreeze until i end it from task manager
cant even virus scan either.. mbam quick scan comes out clean, full scan wont even finish.. wtf do i do?
-
faster now for sure. did I even have a virus?
-
combofix.txt
ComboFix 12-05-17.05 - ARSH 17/05/2012 12:16:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3894.2458 [GMT -7:00]
Running from: c:\users\ARSH\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20111116.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 19:27 . 2012-05-17 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-15 20:34 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2139039-72A6-44E4-9CA1-A20A2F1B2D06}\mpengine.dll
2012-05-14 18:52 . 2012-05-14 18:52 -------- d-----w- C:\_OTL
2012-05-14 03:32 . 2012-05-14 03:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-14 03:32 . 2012-05-14 03:32 -------- d-----w- c:\program files (x86)\Oracle
2012-05-14 03:31 . 2012-05-14 03:30 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-10 07:07 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 07:07 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 07:07 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 07:07 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 07:07 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-10 07:07 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-10 07:07 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 07:07 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 07:07 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-10 07:07 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-10 07:06 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 07:06 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 07:06 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 07:06 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:06 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 07:06 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 07:06 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:06 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-04-26 17:38 . 2012-04-26 17:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 17:37 . 2012-04-26 17:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 17:37 . 2012-04-26 17:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-21 10:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-21 10:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-21 10:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-21 10:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-21 10:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-21 10:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-21 10:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 01:47 . 2010-07-13 12:57 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56 . 2011-01-05 05:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 17:18 . 2010-12-26 21:08 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-28 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-28 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-28 3508624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GPU-Z;GPU-Z;c:\users\ARSH\AppData\Local\Temp\GPU-Z.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\nmwcdcx64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\ARSH\AppData\Local\Temp\0051FFB.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
- c:\users\ARSH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 04:55]
.
2012-05-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
- c:\users\ARSH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-19 04:55]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
- c:\users\ARSH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-28 04:26]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
- c:\users\ARSH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-28 04:26]
.
2012-05-10 c:\windows\Tasks\HPCeeScheduleForARSH.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 64.59.144.18 64.59.144.19
FF - ProfilePath - c:\users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.ca
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\ARSH\AppData\Local\Temp\0051FFB.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2012-05-17 12:37:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 19:37
.
Pre-Run: 217,931,640,832 bytes free
Post-Run: 217,608,527,872 bytes free
.
- - End Of File - - 550D8ACE9ABEDF2BE3B7306ABAD1CBF8 -
Here you go
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found.
HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{858CF64C-4891-438E-BF47-C56141E859E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{858CF64C-4891-438E-BF47-C56141E859E3}\ not found.
Registry key HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\searchplugins\askcom.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Users\ARSH\AppData\Roaming\56498018 moved successfully.
C:\Users\ARSH\AppData\Local\3db081a9 moved successfully.
C:\ProgramData\84e2a78c moved successfully.
C:\Users\ARSH\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\ARSH\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\ARSH\AppData\Roaming\BitTorrent folder moved successfully.
C:\Users\ARSH\AppData\Roaming\FrostWire folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ARSH
->Temp folder emptied: 3180701 bytes
->Temporary Internet Files folder emptied: 12705825 bytes
->Java cache emptied: 6399725 bytes
->FireFox cache emptied: 1109747879 bytes
->Google Chrome cache emptied: 482893050 bytes
->Flash cache emptied: 8184755 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 4278856 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53897212 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67825 bytes
RecycleBin emptied: 48762148 bytes
Total Files Cleaned = 1,651.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_115255
Files\Folders moved on Reboot...
C:\Users\ARSH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\kls6660.tmp moved successfully.
Registry entries deleted on Reboot... -
please disregard the last post above
-
I think it will probably be easier to read without the code, but i cant edit/delete my last post so I will just re copy it without code tag
mbam log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.13.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ARSH :: ARSH-HP [administrator]
13/05/2012 12:06:48 PM
mbam-log-2012-05-13 (12-06-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205712
Time elapsed: 3 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
my bad.
here is the mbam log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.13.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ARSH :: ARSH-HP [administrator]
13/05/2012 12:06:48 PM
mbam-log-2012-05-13 (12-06-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205712
Time elapsed: 3 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)here is the OTL.txt file
OTL logfile created on: 5/13/2012 12:07:45 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\ARSH\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.80 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.93% Memory free
7.60 Gb Paging File | 5.31 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.58 Gb Total Space | 207.50 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 16.21 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Computer Name: ARSH-HP | User Name: ARSH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/05/13 12:07:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe
PRC - [2012/04/26 10:37:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/04/26 10:37:58 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/17 18:01:12 | 000,034,088 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:[b]64bit:[/b] - [2010/04/19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:[b]64bit:[/b] - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/26 10:37:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/12/07 21:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:[b]64bit:[/b] - [2011/12/07 21:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:[b]64bit:[/b] - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011/04/20 15:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2011/03/30 18:45:23 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:[b]64bit:[/b] - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:[b]64bit:[/b] - [2011/02/13 11:55:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/01/15 09:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010/04/22 18:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/03/05 12:57:18 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:[b]64bit:[/b] - [2010/02/04 20:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:[b]64bit:[/b] - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:[/b] - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:[b]64bit:[/b] - [2007/06/28 12:47:14 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdx64.sys -- (nmwcdx64)
DRV:[b]64bit:[/b] - [2007/06/28 12:46:18 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdcx64.sys -- (nmwcdcx64)
DRV:[b]64bit:[/b] - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342}
IE - HKLM\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102868&gct=hp
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes,DefaultScope = {687E1D5F-F1B5-4027-B01C-436A88D71342}
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{687E1D5F-F1B5-4027-B01C-436A88D71342}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{858CF64C-4891-438E-BF47-C56141E859E3}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102868&src=crm&q={searchTerms}&locale=&apn_ptnrs=5I&apn_dtid=YYYYYYCLCA&apn_uid=d377163f-45ef-4d3c-bbf3-d1225eab88da&apn_sauid=2E4F9A7D-64B5-4E4F-9AE2-103276B8D42B&
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{A6B8A590-160D-47FC-8672-5E5FEA48CBF7}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{A90DE9D9-2519-49EA-A4C0-C4A385021D94}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\SearchScopes\{D8150A1C-AE3C-41D9-82C7-6EF3EACF1716}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ARSH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/03 13:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/05/03 13:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/26 10:37:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 14:42:56 | 000,000,000 | ---D | M]
[2010/12/26 16:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Extensions
[2012/05/11 12:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions
[2012/03/29 19:41:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/11 12:29:14 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/29 14:07:24 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\FasterFox_Lite@BigRedBrent
[2011/05/06 16:16:27 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\extensions\tineye@ideeinc.com
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\ARSH\AppData\Roaming\Mozilla\Firefox\Profiles\2vewc7ue.default\searchplugins\askcom.xml
[2011/12/27 00:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/21 16:19:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/12/26 20:52:06 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012/01/05 16:05:25 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ARSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VEWC7UE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/23 15:31:02 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\ARSH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2VEWC7UE.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI
[2012/04/26 10:37:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/15 16:25:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/15 16:25:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ARSH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ARSH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: The Champions 3D = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoagfaoglpicblgbdiflhhgibpmknpga\2.8.6_0\
CHR - Extension: Virtual Keyboard = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Anti-Banner = C:\Users\ARSH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:[b]64bit:[/b] - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 64.59.144.18 64.59.144.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12ECA67A-87FE-4C4F-8044-481E66C95625}: DhcpNameServer = 192.168.1.1 64.59.144.18 64.59.144.19
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{35d29171-502f-11e0-a181-643150562a7f}\Shell - "" = AutoRun
O33 - MountPoints2\{35d29171-502f-11e0-a181-643150562a7f}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{bd817ffa-5190-11e0-95ba-643150562a7f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd817ffa-5190-11e0-95ba-643150562a7f}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{bd817ffb-5190-11e0-95ba-643150562a7f}\Shell - "" = AutoRun
O33 - MountPoints2\{bd817ffb-5190-11e0-95ba-643150562a7f}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{e2d1a76c-c83f-11e0-9ee8-643150562a7f}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d1a76c-c83f-11e0-9ee8-643150562a7f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4066962898-1214771355-913425146-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/05/13 12:07:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe
[2012/05/13 11:09:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ARSH\Desktop\dds.com
[2012/04/30 19:12:50 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{697B6A82-98D7-42D3-9E90-A35B1C062491}
[2012/04/26 10:57:16 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{410861BF-B0A9-46AF-8E9B-37D512452735}
[2012/04/26 10:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/26 10:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/22 20:31:46 | 000,000,000 | ---D | C] -- C:\Users\ARSH\AppData\Local\{3BBBC3FE-E689-4039-8BFA-F697E3A98799}
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/05/13 12:07:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ARSH\Desktop\OTL.exe
[2012/05/13 12:03:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/13 11:09:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ARSH\Desktop\dds.com
[2012/05/13 11:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
[2012/05/13 10:46:41 | 000,785,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/13 10:46:41 | 000,669,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/13 10:46:41 | 000,127,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/13 10:43:23 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
[2012/05/12 22:34:14 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
[2012/05/12 12:02:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
[2012/05/10 10:27:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 10:27:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 10:16:55 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForARSH.job
[2012/05/10 10:16:42 | 000,493,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 10:15:45 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 12:18:11 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 22:03:52 | 000,002,391 | ---- | M] () -- C:\Users\ARSH\Desktop\Google Chrome.lnk
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/05/07 11:06:31 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForARSH.job
[2012/04/02 21:07:00 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/16 19:49:02 | 000,008,679 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\56498018
[2012/01/16 19:49:02 | 000,008,637 | ---- | C] () -- C:\Users\ARSH\AppData\Local\3db081a9
[2012/01/16 19:49:02 | 000,008,625 | ---- | C] () -- C:\ProgramData\84e2a78c
[2011/12/26 20:53:07 | 000,017,408 | ---- | C] () -- C:\Users\ARSH\AppData\Local\WebpageIcons.db
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/11/16 21:55:30 | 000,771,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/12 18:02:11 | 000,000,300 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\RSBuddy_tylerty97821.ini
[2011/08/06 23:17:51 | 000,007,622 | ---- | C] () -- C:\Users\ARSH\AppData\Local\resmon.resmoncfg
[2011/07/16 19:01:48 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/07/16 19:01:48 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2011/07/11 21:18:56 | 000,009,728 | ---- | C] () -- C:\Users\ARSH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/04 19:36:05 | 001,332,295 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\UserTile.png
[2011/04/16 18:47:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/08 23:33:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/08 23:33:11 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/19 13:48:43 | 000,000,600 | ---- | C] () -- C:\Users\ARSH\AppData\Local\PUTTY.RND
[2011/03/18 21:03:42 | 000,000,474 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/15 19:29:27 | 000,000,036 | ---- | C] () -- C:\Users\ARSH\AppData\Local\housecall.guid.cache
[2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/07 11:33:57 | 000,001,854 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 18:37:23 | 000,000,135 | ---- | C] () -- C:\Users\ARSH\AppData\Roaming\RSBot_Accounts.ini
[2010/09/20 01:38:20 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/09/20 01:33:30 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/09/20 01:33:30 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/13 06:37:00 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/13 05:37:01 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[color=#E56717]========== LOP Check ==========[/color]
[2011/01/23 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\.jagex_cache_22
[2011/06/11 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\2K Sports
[2011/07/17 15:20:59 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Audacity
[2010/12/28 23:49:06 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\BatteryCare
[2012/05/13 12:05:01 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\BitTorrent
[2011/07/12 16:15:31 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2011/10/27 23:35:29 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\FrostWire
[2011/05/01 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\GrabPro
[2011/11/29 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ImgBurn
[2011/07/31 00:05:14 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\IObit
[2011/03/17 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Leadertech
[2012/03/08 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ManyCam
[2011/04/06 21:05:33 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\My Games
[2011/05/01 12:00:08 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Orbit
[2011/06/22 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Pokemon Lab
[2011/07/26 14:35:02 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\proDAD
[2011/05/01 11:49:04 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\ProgSense
[2011/06/11 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\QuickScan
[2012/01/05 21:36:32 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Samsung
[2011/08/16 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\SystemRequirementsLab
[2011/08/14 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\TeamViewer
[2012/01/05 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Temp
[2011/03/31 22:47:29 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\The Creative Assembly
[2011/10/18 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/07/13 16:01:47 | 000,000,000 | ---D | M] -- C:\Users\ARSH\AppData\Roaming\Windows Live Writer
[2012/05/12 22:34:14 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001Core.job
[2012/05/13 10:43:23 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4066962898-1214771355-913425146-1001UA.job
[2012/03/26 10:17:40 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
< End of report >and here is the extras.txt file
OTL Extras logfile created on: 5/13/2012 12:07:45 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\ARSH\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.80 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.93% Memory free
7.60 Gb Paging File | 5.31 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.58 Gb Total Space | 207.50 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 16.21 Gb Total Space | 2.34 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Computer Name: ARSH-HP | User Name: ARSH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0537961C-07F6-4582-9CEA-E350078118AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10889A73-0152-4AED-833D-5E9A3457A5C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{205376C4-F868-437E-A83B-656AFAF0B497}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3FF05F0E-9E4C-4777-B33E-D9BC67959E6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{470E9442-92F7-4A02-A12C-A0483B7D65D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47AF3C01-3B9F-4F05-998A-412229A9036C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{49BD2B18-D83B-4E3C-85EA-DE31A13DE112}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F92E240-ADC6-455D-867B-AB0C35D5C733}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59559315-8F89-446A-BD2F-1E7C7FA8AE37}" = rport=137 | protocol=17 | dir=out | app=system |
"{6192E3A2-2622-4F3B-BB85-019048EE0C16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64D2C199-F952-424B-A5A8-7A75D10D2B54}" = lport=10243 | protocol=6 | dir=in | app=system |
"{67115761-ACEA-475A-8314-3757E815FAC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FC3AB2B-6CDC-4B73-B766-036DF2AEE3AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{76F0CE04-EECF-4B8D-B109-EA88C672A35F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D4D5332-48E7-472B-8087-B118EC21A928}" = rport=139 | protocol=6 | dir=out | app=system |
"{89B06583-A00F-48A1-95FD-B0AD5902B080}" = rport=445 | protocol=6 | dir=out | app=system |
"{99B55064-991B-4F2A-BAD4-694248019CB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CCE8CDF-ED6C-4920-A3CE-31D7255F5519}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A262A880-C09A-41C8-A15D-08A35E61417C}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC3E3D22-2FAA-459A-BD3B-D4BB4C0F2E6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD1FA068-16AA-44B0-BCC2-F7F47CB1F4B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6629D52-5D41-415B-AA07-79668DE2DAE5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BA4BE3D7-43A8-4242-B530-8CDBD14A1D4C}" = lport=139 | protocol=6 | dir=in | app=system |
"{C04BD039-940D-4D67-BEA2-006BDCDE78D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1CE6B79-25E7-40D1-9465-9FB4C732B227}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F017C040-7D58-4068-BAA8-4BCC3066C3E7}" = rport=138 | protocol=17 | dir=out | app=system |
"{F21495C9-EE58-4E53-8F45-6D5506CB8181}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBEC931B-92F7-452C-A56D-6771BADA52BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EE7917-A6D6-4E5E-850C-975469902497}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{01757BCB-9394-4A6E-982D-46F845B4FF1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{02F567A7-1A75-4254-841C-3686CB9573C6}" = protocol=6 | dir=out | app=system |
"{06CE6030-D824-4A54-8300-2AA6BF4C8B24}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{0CF5DB25-7A53-4FCE-87EE-5C31DCC5F3D6}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{1CD713D5-2243-4599-85EF-42522FCE17E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20B59490-785D-41F5-880E-4ECF55C4C5A3}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{2535A5FF-F9BC-4789-AC8E-7D29B1285B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{25C746E4-47BA-4DEC-8ED3-0CBD2DB74096}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{278D2977-CDA6-49C6-9030-D9033A5FEEA8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29DE861E-F5A3-4F01-8430-BC1FD13CE0A2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{2CC60BD1-F4E4-404B-8466-2BB671D414EA}" = protocol=6 | dir=in | app=c:\users\arsh\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"{2E5C80AB-4FC3-4786-AF6A-E0766BB740C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33315616-93C8-42D9-AFB4-629A680EC5EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A5173C8-5455-49CD-BFD0-0DF57267FD8A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3FCB5A59-6FA9-453D-B319-4969E40CCF76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46A83AC3-FBC1-42CE-B6EF-A5A93E19F46C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E3602F8-41B3-43F2-9B19-CDA882E8E99C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{53552E79-1E8D-4677-B361-956C7BB20759}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5635D37D-CBAC-4FA2-9959-4CCCEEFEB1C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64D84BE4-632C-41DC-81AF-616678481C65}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{7A50864A-A5A6-408A-B10F-8A61D60815AB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7E45D4E3-4DE2-45B9-9196-863F37F68BBC}" = dir=in | app=c:\users\arsh\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{82FC7C22-9B8E-426F-9117-42B6C83BEE7D}" = protocol=17 | dir=in | app=c:\users\arsh\appdata\local\temp\7zipsfx.000\cf_downloader.exe |
"{8DD66DF1-AAA7-4FBE-BFB2-6EEC1161F698}" = protocol=17 | dir=in | app=c:\users\arsh\appdata\local\temp\7zipsfx.002\cf_downloader.exe |
"{8FEFE817-32D6-4BC2-96EC-E3D8AC1B08A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{994661D3-314D-454F-9335-AA41FAF254AE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9DA94286-F00C-482F-8C54-668122CFBC69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AAB9E439-583F-4CF6-B644-725AAA0B2DAE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{ACDDFCC9-F082-4577-B1AD-647C77D40830}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADC555C6-0C33-4763-BF65-EC28874B0BB4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AFA5944E-FBFB-41DB-8A18-76274B6B871C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B0EA4203-A6DD-4F05-9E92-16F92BF03CBB}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{B32EFAC1-7503-481D-B526-C5FF9AEDF3E1}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{B8A87E0B-ED64-4A8C-8E01-D92CBB33AFAD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BA1420CA-D705-41F1-982B-386D2EBA0CC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BAA04911-6C0D-4DA9-8E4A-42A05B727555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1193812-9AE6-4E12-9039-A3184E10ABE5}" = protocol=17 | dir=in | app=c:\users\arsh\appdata\local\temp\7zipsfx.001\cf_downloader.exe |
"{C29F7034-7048-402A-8E76-AE8B51F20851}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C5D32BFA-0BE4-41F8-9025-6AB490D97669}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7B45AA2-5AAC-4854-A390-51C8A40A4C31}" = protocol=6 | dir=in | app=c:\users\arsh\appdata\local\temp\7zipsfx.002\cf_downloader.exe |
"{CE38962F-9001-4987-A854-13C714F11C03}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CE4CD5A1-2FC7-47C5-B88A-F073A3AC4E30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D6E92662-22FF-441D-9368-418992570D02}" = protocol=6 | dir=in | app=c:\users\arsh\appdata\local\temp\7zipsfx.001\cf_downloader.exe |
"{E40EEBB1-E83D-4FC3-B9DF-C985839CBA2F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E8FFC4FF-4C16-42A2-B6AE-9BD0F6060045}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA1E0D0D-ACDA-4BCF-A064-E2429DBE1A0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F085C918-BE48-40F9-B29E-27B093C9DB2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5770C74-A232-4549-8444-E65DEA0EE3A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{4A63A9B6-FEE0-4A82-ABDA-5ADF3433F1DF}C:\program files (x86)\ea sports\nhl 09\nhl2009.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\nhl 09\nhl2009.exe |
"TCP Query User{7317D34F-6BC2-4CDA-9306-3748FB9097AD}C:\users\arsh\appdata\local\temp\pyl453.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\arsh\appdata\local\temp\pyl453.tmp\pyrun.exe |
"TCP Query User{94F7D02D-DFBB-40D3-9A51-1FA202ACF7CD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A7063663-5F3F-406E-9619-A1C062560D7B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{DCDB51C2-C030-439A-8FFD-C52C3C9975A5}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{EDC6839E-29B7-43EC-BEAA-5B8802EB2F8C}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"TCP Query User{F7B8E94F-3AD3-4A4B-A981-11F4B201544D}C:\program files (x86)\2k sports\mlb 2k10\mlb2k10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\mlb 2k10\mlb2k10.exe |
"TCP Query User{F91E6765-11B8-4265-9606-BDBC107860C9}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{0435E94E-7B9C-4D97-8BE9-DBA82B6D719E}C:\program files (x86)\2k sports\mlb 2k10\mlb2k10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\mlb 2k10\mlb2k10.exe |
"UDP Query User{05A889D0-652F-4AEA-99FE-403ADF7BC553}C:\users\arsh\appdata\local\temp\pyl453.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\arsh\appdata\local\temp\pyl453.tmp\pyrun.exe |
"UDP Query User{5F971135-EF0F-4C95-92A4-10FD5AD25D81}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{DED02308-E475-4262-B10D-7EB69121DE23}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E2F0FD40-5D12-4883-BE9A-34334CA5A757}C:\program files (x86)\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"UDP Query User{E2F8CAA9-6868-4BED-9485-C3DDEC2C0BD9}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{F26C2A58-7BFC-499A-B494-BFCA0FE1EA76}C:\program files (x86)\ea sports\nhl 09\nhl2009.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\nhl 09\nhl2009.exe |
"UDP Query User{FD7CBB54-971E-4E59-B86E-B4E96813FC3B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67711EE7-BC7C-4FF1-BBC1-733C38D93F7E}_is1" = Windows Movie Maker 6.0.6000.16386
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{738CA369-3B94-4E20-ADC8-994A1409F7DC}_is1" = ScreenSnapr version 3.0.0.3
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Cross Fire_is1" = Cross Fire En
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.91
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-4066962898-1214771355-913425146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report > -
Ok I uninstalled bittorrent and downloaded OTL and quick scanned that and malwarebytes
malwarebytes found nothing
-
Hi to the malwarebytes forum crew
My computer has been running a lot slower and freezing up when I have only a few things open, but it's not fragmented or anything, and I've scanned with both kaspersky and malwarebytes and it comes up with nothing
facebook also redirects to price grabber if that helps
someone help please, and thank you
computer really slow, everything freezing
in Resolved Malware Removal Logs
Posted
yeah, been working all day since and got no time to update this
anyways computer is running faster for sure, freezes maybe like once every few days which is a lot better than before, thanks brahs