Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Programs Not Updating, Microsoft Security Essentials Removed.

Started by Tthai1028 , May 31 2012 06:06 PM

  • Please log in to reply

#1
Tthai1028
Posted 31 May 2012 - 06:06 PM

Tthai1028

    New Member

  • Member
  • Pip
  • 1 posts
I believe that my laptop has a virus because of the many problems that I have faced. I ruled out the possible cause of a laptop malfunction because even after uninstalling and reinstalling Microsoft Security Essentials. The program would just be shut down/removed, and many other programs such as java or adobe will not update or install. There has also been problems with some FN commands involving certain buttons not responding. Also Windows Malicious Tool thing keeps popping up everytime I start up the laptop even though I had already gone through it but when I press to run it, the laptop freezes.


OTL logfile created on: 5/31/2012 4:57:57 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Thong\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type
= NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date
Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.97 Gb Available Physical Memory |
66.78% Memory free
11.90 Gb Paging File | 9.79 Gb Available in Paging File | 82.32%
Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% =
C:\Program Files (x86)
Drive C: | 684.44 Gb Total Space | 471.62 Gb Free Space | 68.91% Space
Free | Partition Type: NTFS
Drive D: | 13.90 Gb Total Space | 1.55 Gb Free Space | 11.16% Space
Free | Partition Type: NTFS

Computer Name: THONG-HP | User Name: Thong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company
Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 16:57:46 | 000,595,968 | ---- | M] (OldTimer Tools)
-- C:\Users\Thong\Downloads\OTL.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems
Incorporated) -- C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/22 08:06:42 | 000,740,216 | ---- | M] (BitTorrent,
Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/03/11 11:28:38 | 001,502,776 | ---- | M] (Hewlett-Packard
Development Company, L.P.) -- C:\Program Files
(x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/03/08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) --
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/28 15:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard
Company) -- C:\Program Files
(x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) --
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/17 22:48:12 | 000,642,888 | ---- | M] (HP) --
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/17 22:47:58 | 000,142,664 | ---- | M] (HP) --
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard
Development Company, L.P.) -- C:\Program Files
(x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel
Corporation) -- C:\Program Files
(x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage
Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage
Technology\IAStorIcon.exe
PRC - [2010/11/23 11:26:48 | 002,656,280 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Intel® Management
Engine Components\UNS\UNS.exe
PRC - [2010/11/23 11:26:44 | 000,325,656 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Intel® Management
Engine Components\LMS\LMS.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard
Development Company, L.P.) -- C:\Program Files
(x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard
Development Company, L.P.) -- C:\Program Files
(x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () --
\\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () --
\\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () --
\\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () --
\\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/22 18:56:50 | 000,441,880 | ---- | M] () --
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 18:56:49 | 003,922,456 | ---- | M] () --
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 18:55:35 | 000,553,496 | ---- | M] () --
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 18:55:33 | 000,117,784 | ---- | M] () --
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 18:55:24 | 000,134,696 | ---- | M] () --
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 18:55:23 | 000,250,408 | ---- | M] () --
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 18:55:21 | 002,375,720 | ---- | M] () --
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/11 13:31:31 | 000,475,648 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\9781fa053a605fae45d9ef57126760f6\IAStorUtil.ni.dll
MOD - [2012/05/11 13:31:31 | 000,014,336 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MOD - [2012/05/11 09:45:29 | 000,771,584 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 09:44:46 | 012,433,408 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 09:44:34 | 001,590,784 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 09:44:04 | 003,347,968 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 09:43:54 | 005,452,800 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 09:43:46 | 000,971,264 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 09:43:44 | 007,967,232 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 09:43:38 | 011,492,864 | ---- | M] () --
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () --
\\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program
Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program
Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M]
(Microsoft Corporation) [On_Demand | Stopped] -- c:\Program
Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/02/14 22:23:52 | 000,296,448 | ---- | M]
(IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe
-- (STacSV)
SRV:64bit: - [2011/02/04 16:34:20 | 001,515,792 | ---- | M]
(Intel® Corporation) [Auto | Running] -- C:\Program
Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/02/04 16:24:24 | 000,340,240 | ---- | M] ()
[On_Demand | Stopped] -- C:\Program
Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/02/04 16:19:50 | 000,836,880 | ---- | M]
(Intel® Corporation) [Auto | Running] -- C:\Program Files\Common
Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/11/20 20:24:42 | 000,084,992 | ---- | M]
(Microsoft Corporation) [Disabled | Stopped] --
C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M]
(Hewlett-Packard Company) [Auto | Running] -- C:\Program
Files\Hewlett-Packard\HP Client Services\HPClientServices.exe --
(HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M]
(Microsoft Corporation) [Disabled | Stopped] -- C:\Program
Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/12 16:24:30 | 000,030,520 | ---- | M]
(Hewlett-Packard Company) [Auto | Running] --
C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/13 18:41:27 | 000,097,792 | ---- | M]
(Microsoft Corporation) [Disabled | Stopped] --
C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M]
(Microsoft Corporation) [Disabled | Stopped] --
C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 18:39:46 | 000,006,656 | ---- | M]
(Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\ANC.dll
-- (wstcodec)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M]
(Andrea Electronics Corporation) [Auto | Running] -- C:\Program
Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems
Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/04 12:15:48 | 002,375,168 | ---- | M] (Realsil
Microelectronics Inc.) [Auto | Running] -- C:\Program Files
(x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft
Corporation.) [On_Demand | Stopped] -- C:\Program Files
(x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/28 15:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard
Company) [Auto | Running] -- C:\Program Files
(x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft
Corporation) [Auto | Running] -- C:\Program Files
(x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) [Auto |
Running] -- C:\Program Files (x86)\HP SimplePass
2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel
Corporation) [Auto | Running] -- C:\Program Files
(x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel
Corporation) [On_Demand | Running] -- C:\Program Files
(x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel
Corporation) [Auto | Running] -- C:\Program Files
(x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel
Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel®
Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
Intel®
SRV - [2010/11/23 11:26:48 | 002,656,280 | ---- | M] (Intel
Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel®
Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/11/23 11:26:44 | 000,325,656 | ---- | M] (Intel
Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel®
Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard
Development Company, L.P.) [Auto | Running] -- C:\Program Files
(x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent,
Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent
Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft
Corporation) [Auto | Stopped] --
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --
(clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 18:15:41 | 000,075,264 | ---- | M] (Microsoft
Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll --
(RemoteAccess)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft
Corporation) [Disabled | Stopped] --
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --
(clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft
Corporation) [Disabled | Stopped] --
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe --
(clr_optimization_v2.0.50727_64)
SRV - [2009/05/21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard
Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital
Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M]
(Microsoft Corporation) [Recognizer | Boot | Unknown] --
C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/24 23:23:28 | 000,098,616 | ---- | M]
(DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped]
-- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG
Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/10/28 22:50:33 | 000,270,912 | ---- | M] (DT
Soft Ltd) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device
Detection Driver (USB)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M]
(Advanced Micro Devices) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M]
(Advanced Micro Devices) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 11:40:20 | 008,591,872 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/02/22 04:54:22 | 000,351,864 | ---- | M]
(Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/02/15 12:37:10 | 000,335,464 | ---- | M]
(Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/14 22:23:52 | 000,520,192 | ---- | M]
(IDT, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/25 12:48:04 | 000,077,424 | ---- | M]
(Atheros Communications, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 02:22:48 | 000,059,904 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 01:56:06 | 000,274,944 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M]
(Intel Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/07 18:42:34 | 012,262,688 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:55 | 000,328,192 | ---- | M]
(Microsoft Corporation) [File_System | Disabled | Stopped] --
C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M]
(Hewlett-Packard Company) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M]
(Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M]
(Intel® Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/12 16:24:30 | 000,043,320 | ---- | M]
(Hewlett-Packard Company) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/08/12 16:24:30 | 000,030,008 | ---- | M]
(Hewlett-Packard Company) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M]
(CyberLink Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M]
(AMD Technologies Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M]
(LSI Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M]
(Microsoft Corporation) [Kernel | Disabled | Stopped] --
C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M]
(Promise Technology) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:10:33 | 000,021,504 | ---- | M]
(Microsoft Corporation) [Kernel | Disabled | Stopped] --
C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M]
(Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 16:19:47 | 000,092,160 | ---- | M]
(Microsoft Corporation) [File_System | Disabled | Stopped] --
C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M]
(Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M]
(Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M]
(Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M]
(NVIDIA Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M]
(Broadcom Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M]
(Broadcom Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M]
(Broadcom Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M]
(Broadcom Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M]
(Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft
Corporation) [File_System | On_Demand | Stopped] --
C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: -
HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...rc=IE-SearchBox
IE:64bit: -
HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" =
http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: -
HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" =
http://search.yahoo....psg&type=HPNTDF
IE:64bit: -
HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" =
http://en.wikipedia....h={searchTerms}
IE:64bit: -
HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" =
http://rover.ebay.co...w={searchTerms}
IE:64bit: -
HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" =
http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:
"URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}:
"URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}:
"URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}:
"URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}:
"URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}:
"URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}:
"URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.condui...&ctid=CT2786678
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo!
Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}:
"URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}:
"URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}:
"URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}:
"URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}:
"URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}:
"URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}:
"URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems,
Inc.)
FF:64bit: -
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not
found
FF:64bit: -
HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll (
Microsoft Corporation)
FF:64bit: -
HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:
C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer:
C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
(Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program
Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems,
Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled
File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll (
Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109:
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:
C:\Program Files (x86)\Pando Networks\Media
Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
Update;version=3: C:\Program Files
(x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google
Update;version=9: C:\Program Files
(x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5:
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0:
C:\Program Files (x86)\WildTangent
Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files
(x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google
Update;version=3:
C:\Users\Thong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
(Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google
Update;version=9:
C:\Users\Thong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
(Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin:
C:\Program Files (x86)\Pando Networks\Media
Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url =
{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url =
{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) =
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) =
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) =
C:\Users\Thong\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files
(x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) =
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files
(x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) =
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) =
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files
(x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files
(x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files
(x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files
(x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) =
C:\Program Files (x86)\WildTangent
Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program
Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) =
C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Shockwave for Director (Enabled) =
C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files
(x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Website Logon =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: uTorrentBar =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.0.1.4_0\
CHR - Extension: YouTube =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail =
C:\Users\Thong\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/07 09:33:12 | 000,001,398 | RHS- | M]) -
C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (TrueSuite Website Log On) -
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP
SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (&Yahoo! Toolbar Helper) -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files
(x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} -
C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit
Ltd.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} -
C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon
Incorporated)
O2 - BHO: (TrueSuite Website Log On) -
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP
SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) -
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) -
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files
(x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft
Corporation.)
O2 - BHO: (SingleInstance Class) -
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files
(x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) -
{30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files
(x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) -
{8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files
(x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) -
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files
(x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files
(x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files
(x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds]
C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray]
C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common
Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft
Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence]
C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program
Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files
(x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems
Incorporated)
O4 - HKLM..\Run: [AmdAgent] C:\Windows\Temp\temp13.exe File not found
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files
(x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard
Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files
(x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard
Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On
Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel®
Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [Update]
C:\Users\Thong\AppData\Roaming\HP\HP\ulbzyvwiq.dll (TODO: <Company
name>)
O4 - HKCU..\Run: [uTorrent] C:\Program Files
(x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files
(x86)\AWS\WeatherBug\Weather.exe 1 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 -
C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote
Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files
(x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn
Ave. Mountain View, CA 94041)
O9 - Extra Button: Skype Click to Call -
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call -
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O9 - Extra Button: @C:\Program Files
(x86)\Evernote\Evernote\Resource.dll,-101 -
{A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files
(x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn
Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files
(x86)\Evernote\Evernote\Resource.dll,-101 -
{A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files
(x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn
Ave. Mountain View, CA 94041)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 -
mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 -
mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -
%SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -
%SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D}
http://content.syste...ri_4.4.26.0.cab
(SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD7A6CA3-EA93-4052-A9B4-0A03254772D1}:
DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data
{91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype
Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -
C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit -
(c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe
(Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet -
(SystemPropertiesPerformance.exe) -
C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft
Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -
C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -
C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -
C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck -
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No
CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{aa49ab26-a16e-11e0-b45f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aa49ab26-a16e-11e0-b45f-806e6f6e6963}\Shell\AutoRun\command
- "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wstcodec - C:\Windows\SysNative\ANC.dll (Oak
Technology Inc.)

========== Files/Folders - Created Within 30 Days
==========

[2012/05/28 22:54:30 | 000,000,000 | ---D | C] --
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/27 11:01:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/25 21:08:57 | 000,000,000 | ---D | C] --
C:\Windows\SysNative\MpEngineStore
[2012/05/23 18:58:46 | 000,000,000 | ---D | C] -- C:\n6ohAnkRWcbXe8E
[2012/05/23 18:58:46 | 000,000,000 | ---D | C] --
C:\Users\Thong\AppData\Roaming\MicroST
[2012/05/11 17:10:10 | 000,000,000 | ---D | C] --
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft
Silverlight
[2012/05/11 17:09:09 | 000,000,000 | ---D | C] -- C:\Program
Files\Microsoft Silverlight
[2012/05/11 17:09:09 | 000,000,000 | ---D | C] -- C:\Program Files
(x86)\Microsoft Silverlight
[2012/05/08 13:00:38 | 000,000,000 | ---D | C] --
C:\Users\Thong\AppData\Local\{BE2AABB8-C294-46EB-AED9-F979628B140A}
[2012/05/06 22:01:45 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/10/27 21:14:12 | 001,382,304 | ---- | C] (DownVision
) --
C:\Users\Thong\AppData\Local\setup.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/31 16:53:31 | 000,000,892 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/31 16:53:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/31 16:53:12 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/31 00:05:00 | 000,000,908 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3994412671-1633873188-2548024250-1000UA.job
[2012/05/31 00:03:01 | 000,000,896 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/30 23:05:00 | 000,000,856 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3994412671-1633873188-2548024250-1000Core.job
[2012/05/30 15:20:48 | 000,032,064 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 15:20:48 | 000,032,064 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 10:12:56 | 466,383,675 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/29 22:52:31 | 000,729,880 | ---- | M] () --
C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/29 22:52:31 | 000,626,540 | ---- | M] () --
C:\Windows\SysNative\perfh009.dat
[2012/05/29 22:52:31 | 000,107,784 | ---- | M] () --
C:\Windows\SysNative\perfc009.dat
[2012/05/23 18:06:52 | 000,002,401 | ---- | M] () --
C:\Users\Thong\Desktop\Google Chrome.lnk
[2012/05/11 09:34:03 | 000,000,129 | ---- | M] () --
C:\Windows\SysNative\MRT.INI
[2012/05/10 21:40:19 | 000,000,000 | -HS- | M] () --
C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/07 09:33:12 | 000,001,398 | RHS- | M] () --
C:\Windows\SysNative\drivers\etc\hosts
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/27 11:01:49 | 466,383,675 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/13 14:40:59 | 000,001,915 | ---- | C] () --
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft
Security Essentials.lnk
[2012/05/11 09:34:03 | 000,000,129 | ---- | C] () --
C:\Windows\SysNative\MRT.INI
[2012/05/06 22:02:50 | 000,000,000 | -HS- | C] () --
C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/07 23:12:46 | 000,744,030 | ---- | C] () --
C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/09 21:49:49 | 000,206,475 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/10/27 21:14:01 | 000,459,088 | ---- | C] () --
C:\Users\Thong\AppData\Local\promo.exe
[2011/10/05 20:00:56 | 000,000,262 | ---- | C] () --
C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/01/07 18:40:40 | 000,960,940 | ---- | C] () --
C:\Windows\SysWow64\igkrng600.bin
[2011/01/07 18:40:40 | 000,207,376 | ---- | C] () --
C:\Windows\SysWow64\igfcg600m.bin
[2011/01/07 18:40:40 | 000,145,804 | ---- | C] () --
C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/07/08 21:21:11 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\.minecraft
[2011/07/12 17:26:56 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\333000 Games
[2012/04/27 09:29:32 | 000,000,000 | -H-D | M] --
C:\Users\Thong\AppData\Roaming\AEB0BA4F
[2012/03/29 18:27:08 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\DAEMON Tools Lite
[2011/07/07 18:13:52 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\funkitron
[2011/12/10 17:30:50 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\GetRightToGo
[2011/07/08 22:07:29 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\LolClient
[2012/05/23 18:58:46 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\MicroST
[2011/07/07 16:35:54 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\Namco
[2011/08/26 20:42:45 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\OpenOffice.org
[2011/11/11 18:37:48 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\SystemRequirementsLab
[2012/02/11 12:35:34 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\ThemeManager
[2012/05/31 17:00:28 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\uTorrent
[2012/02/11 12:37:11 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\WeatherBug
[2012/01/17 18:34:48 | 000,000,000 | ---D | M] --
C:\Users\Thong\AppData\Roaming\Windows Live Writer
[2012/05/22 13:15:43 | 000,032,626 | ---- | M] () --
C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points
- Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP