Jump to content

hhcapsquare

Honorary Members
 View Profile  See their activity

  • Posts

    32

  • Joined

  • Last visited

 Content Type 

Everything posted by hhcapsquare

  1. hhcapsquare
    Seems like so far so good
  2. hhcapsquare
    Hi Jeff, After resetting my router, the popup seems not to appear anymore after I have restarted my notebook. It has so far been > 24 hours since the previous occurance. Does that mean the problem is resolved?
  3. hhcapsquare
    here's the log file. mbam-log-2012-11-27 (18-30-25).txt
  4. hhcapsquare
    Here's the file. I've zipped it since I can't seem to attach the original file. MBR.zip
  5. hhcapsquare
    Hi Jeff, I've reset the router and set a new password to it. However, the popup still occurs..
  6. hhcapsquare
    Hi Jeff, I've logon to the internet via my friend's house today and there seems to be no occurance of the popups during my four hours+ connection there. Seems like the popups only occur when I'm connected to my home network.
  7. hhcapsquare
    Hi Jeff, Here's the log file. Seems to be showing no detection as well. TDSSKiller.2.8.15.0_25.11.2012_11.45.53_log.txt
  8. hhcapsquare
    Here's the log file. The scan seems to be not detecting anything. TDSSKiller.2.8.15.0_25.11.2012_08.06.39_log.txt
  9. hhcapsquare
    The popup is still occuring
  10. hhcapsquare
    Hi Jeff, Here's the log. OTL 241112 (2).Txt
  11. hhcapsquare
    Here's the log file. OTL 241112.Txt
  12. hhcapsquare
    Unfortunately, it is still occuring
  13. hhcapsquare
    I've run the tool and restarted.
  14. hhcapsquare
    Hi Jeff, I've performed the scan. Please find the log file as per attached. FRST.txt
  15. hhcapsquare
    Hi Jeff, I'm unable to access from Advance Boot Options as it prompted me for the Windows installation disc, which I do not have with me at the moment. Is there any alternative without the WIndows installation disc? Else, I would have to get it from my office tomorrow.
  16. hhcapsquare
    Here's the log file Result.txt
  17. hhcapsquare
    The attached is the report RKreport1_S_11192012_02d2216.txt
  18. hhcapsquare
    Hi Jeff, The popup occurred again
  19. hhcapsquare
    Hi Jeff, I have attached the new log after the restart along with this post. So far, there's no occurance of popup. OTL 191112.Txt
  20. hhcapsquare
    The following are the links to the result pages: C:\windows\System32\drivers\wdfgifi.sys: https://www.virustotal.com/file/e488809104131b3e79baa13556e5a41487aea1f62e8d9995b2377dca3e067fd1/analysis/1353194326/ C:\windows\System32\drivers\wdfghdi.sys: https://www.virustotal.com/file/21caaa5492b6a5ff5bbd22e65fd9b0a7d89078157b3c1973cc6e84dea24e8d6e/analysis/1353194601/ C:\windows\System32\drivers\wdfghgc.sys: https://www.virustotal.com/file/c5e1c2a523d5f723735d6247d20f5f8a5364944f3c94555303c4a350ded2b2ff/analysis/1353194718/
  21. hhcapsquare
    The popup just occurred again. The screen capture has been included in this post.
  22. hhcapsquare
    Hi Jeff, So far today, there seems to be no popup incidents. The last time it occured was yesterday night. I have included a screen shot of the TrendMicro Web Reputation log along with this post for your reference.
  23. hhcapsquare
    Most of the time, it was when using Internet Explorer. However, there were times when the popup occurs without any browsers opened. Yes, if the proxy settings were removed, I can set it back later.
  24. hhcapsquare
    This is from Extras.txt: OTL Extras logfile created on: 16/11/2012 12:07:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\183131\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.54% Memory free 5.89 Gb Paging File | 3.91 Gb Available in Paging File | 66.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 225.75 Gb Total Space | 179.44 Gb Free Space | 79.49% Space Free | Partition Type: NTFS Drive D: | 222.65 Gb Total Space | 175.67 Gb Free Space | 78.90% Space Free | Partition Type: NTFS Drive E: | 12.06 Gb Total Space | 1.77 Gb Free Space | 14.71% Space Free | Partition Type: NTFS Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.62% Space Free | Partition Type: FAT32 Computer Name: RHB-183131-CAPS | User Name: 183131 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{082D16CF-C944-4B7B-836B-497DCB9777B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{0F62C7ED-CFE1-43EE-BE4C-D56925A97C54}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1466D998-DB95-49C7-8717-108842420519}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{16176EBC-4CC6-4D92-B83E-872E9505416F}" = lport=21112 | protocol=6 | dir=in | name=trend micro officescan listener | "{E968F456-9B5A-4E06-BAD6-E09F3CBA77D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0863D124-669B-4366-A893-0C5B649641BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{873C86F4-D54D-4647-BDDA-5DF7E8176241}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{AD7F44A0-D772-4963-9A16-B307B03E41F9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "TCP Query User{80924B0C-096B-41C0-9061-078CA2EA3E5E}C:\program files\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "UDP Query User{D6BA6130-4908-4E5F-BE85-0B4767011A11}C:\program files\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E500_series" = Canon E500 series MP Drivers "{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver "{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb "{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0 "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager "{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0 "{44B93048-09ED-4368-A03E-C3115D61737B}" = Privacy Manager for HP ProtectTools "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager "{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload "{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup "{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings "{54FD3A78-58D4-41F0-97E0-13804DDE016E}" = Validity Fingerprint Sensor Driver "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery "{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation "{623C51BB-CEC4-4942-B225-1A4003AC2576}" = Embedded Security for HP ProtectTools "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010 "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7 "{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials "{EF03482D-A92C-4304-A342-FA6BEF8028EE}" = HP ProtectTools Security Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Canon E500 series On-screen Manual" = Canon E500 series On-screen Manual "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CutePDF Writer Installation" = CutePDF Writer 2.8 "DivX Setup" = DivX Setup "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Google Chrome" = Google Chrome "HPProtectTools" = HP ProtectTools Security Manager "ImgBurn" = ImgBurn "InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US) "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "mtn3270" = Mocha W32 TN3270 "Office14.STANDARD" = Microsoft Office Standard 2010 "OfficeScanNT" = Trend Micro OfficeScan Client "PDF Complete" = PDF Complete Special Edition "PowerArchiver" = PowerArchiver "PROSet" = Intel® Network Connections Drivers "RealPlayer 15.0" = RealPlayer "Recuva" = Recuva "Sunplus SPUVCb" = HP HD Webcam [Fixed] "SynTPDeinstKey" = Synaptics Pointing Device Driver "SZCCID" = Alcor Micro Smart Card Reader Driver "VIP Access SDK" = VIP Access SDK (1.0.0.50) "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30/10/2012 23:40:21 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 01/11/2012 02:37:59 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000 Description = Faulting application name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19 Faulting module name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x000d953d Faulting process id: 0x1f8c Faulting application start time: 0x01cdb7fb683137fc Faulting application path: C:\Program Files\PowerArchiver\POWERARC.EXE Faulting module path: C:\Program Files\PowerArchiver\POWERARC.EXE Report Id: acbe7b6d-23ee-11e2-a3c2-a0b3cc22aa5c Error - 01/11/2012 04:22:07 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 01/11/2012 06:18:42 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 01/11/2012 21:39:35 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000 Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7 Faulting module name: hxmedpltfm.dll, version: 15.0.5.109, time stamp: 0x4fe36f3b Exception code: 0xc0000005 Fault offset: 0x0001ca71 Faulting process id: 0x1508 Faulting application start time: 0x01cdb88932567a1f Faulting application path: C:\windows\Explorer.EXE Faulting module path: C:\Program Files\Real\RealPlayer\common\hxmedpltfm.dll Report Id: 27f6f714-248e-11e2-a394-a0b3cc22aa5c Error - 04/11/2012 09:15:48 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 06/11/2012 03:25:57 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000 Description = Faulting application name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19 Faulting module name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x000d953d Faulting process id: 0x1cfc Faulting application start time: 0x01cdbbeff4454c27 Faulting application path: C:\Program Files\PowerArchiver\POWERARC.EXE Faulting module path: C:\Program Files\PowerArchiver\POWERARC.EXE Report Id: 34a5ed42-27e3-11e2-bc0f-a0b3cc22aa5c Error - 06/11/2012 22:33:31 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 08/11/2012 00:33:14 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 08/11/2012 22:46:23 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Hewlett-Packard Events ] Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal, System.Threading.StackCrawlMark ByRef) Error - 27/09/2012 17:36:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.ServiceModel.Channels.ServiceChannel.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort() at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.ServiceModel.Channels.ServiceChannel.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort() at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System.ServiceModel Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void OnAbort() Error - 27/09/2012 17:36:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000 Description = HP Error ID: -2147024882HPSF.exe at System.ServiceModel.Channels.ServiceChannel.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort() at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.ServiceModel.Channels.ServiceChannel.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort() at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort() at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection() at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication() at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System.ServiceModel Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void OnAbort() [ HP Connection Manager Events ] Error - 14/11/2012 21:55:51 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/15 09:55:51.299|00001B34|Error |CBluetooth::StateChanged|Fire_StateChanged failed [hr:0x800706BA] Error - 15/11/2012 09:12:56 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/15 21:12:56.510|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 09:13:24 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/15 21:13:24.410|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 09:13:27 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/15 21:13:27.499|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 09:13:33 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/15 21:13:33.552|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 11:52:07 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/15 23:52:07.195|00001B48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 11:52:14 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/15 23:52:14.184|00001B48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 22:30:50 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/16 10:30:50.086|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 22:30:51 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/16 10:30:51.599|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/11/2012 22:31:00 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5 Description = 2012/11/16 10:31:00.288|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ HP Software Framework Events ] Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5 Description = 2012/11/16 10:34:47.710|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5 Description = 2012/11/16 10:34:47.720|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5 Description = 2012/11/16 10:34:47.730|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5 Description = 2012/11/16 10:34:47.739|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5 Description = 2012/11/16 10:34:47.747|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5 Description = 2012/11/16 10:34:47.758|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/11/2012 22:35:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5 Description = 2012/11/16 10:35:22.735|00001700|Error |[CaslWmi]CommandALS::GetALSInfoFromBIOS{hpCasl.enReturnCode(System.Nullable`1[[system.Boolean, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&,System.Nullable`1[[system.Boolean, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&)}|Error 0xe_BIOS_HARDWARE_ERROR from BIOS WMI call Read/03h while getting ALS state Error - 15/11/2012 22:35:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5 Description = 2012/11/16 10:35:22.913|00001700|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/11/2012 22:35:26 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5 Description = 2012/11/16 10:35:26.556|00001A6C|Error |[CaslWmi]CommandALS::GetALSInfoFromBIOS{hpCasl.enReturnCode(System.Nullable`1[[system.Boolean, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&,System.Nullable`1[[system.Boolean, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&)}|Error 0xe_BIOS_HARDWARE_ERROR from BIOS WMI call Read/03h while getting ALS state Error - 15/11/2012 22:35:26 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5 Description = 2012/11/16 10:35:26.731|00001A6C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ System Events ] Error - 13/10/2012 23:09:39 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain PORTALDOM due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 13/10/2012 23:10:10 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 13/10/2012 23:10:11 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 13/10/2012 23:48:24 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 13/10/2012 23:48:25 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 14/10/2012 03:17:40 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain PORTALDOM due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 14/10/2012 09:51:50 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain PORTALDOM due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 14/10/2012 09:52:25 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 14/10/2012 09:52:28 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 14/10/2012 20:32:52 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain PORTALDOM due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. < End of report >
  25. hhcapsquare
    This is from OTL.txt: OTL logfile created on: 16/11/2012 12:07:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\183131\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.54% Memory free 5.89 Gb Paging File | 3.91 Gb Available in Paging File | 66.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 225.75 Gb Total Space | 179.44 Gb Free Space | 79.49% Space Free | Partition Type: NTFS Drive D: | 222.65 Gb Total Space | 175.67 Gb Free Space | 78.90% Space Free | Partition Type: NTFS Drive E: | 12.06 Gb Total Space | 1.77 Gb Free Space | 14.71% Space Free | Partition Type: NTFS Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.62% Space Free | Partition Type: FAT32 Computer Name: RHB-183131-CAPS | User Name: 183131 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\183131\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe () PRC - C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.) PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation) PRC - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) PRC - C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.) PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) PRC - C:\Program Files\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.) PRC - c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) PRC - c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG) PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG) PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.) PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) PRC - C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll () MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll () MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll () MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll () MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll () MOD - C:\Windows\System32\IccLibDll.dll () MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL () MOD - C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe () MOD - c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Program Files\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (tmlisten) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) SRV - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe () SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation) SRV - (ntrtscan) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.) SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (TmPfw) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.) SRV - (TmProxy) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) SRV - (hpCMSrv) -- c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Company) SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe (Hewlett-Packard Company) SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (IFXSpMgtSrv) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG) SRV - (PersonalSecureDriveService) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG) SRV - (IFXTCS) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG) SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) SRV - (RoxMediaDB12OEM) -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (jhi_service) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (uArcCapture) -- C:\Windows\System32\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\183131\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation) DRV - (TmFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys (Trend Micro Inc.) DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys (Trend Micro Inc.) DRV - (VSApiNt) -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys (Trend Micro Inc.) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (MfeEpeOpal) -- C:\windows\System32\drivers\MfeEpeOpal.sys (McAfee, Inc.) DRV - (MfeEpePc) -- C:\windows\System32\drivers\MfeEpePc.sys (McAfee, Inc.) DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider) DRV - (SPUVCbv) -- C:\Windows\System32\drivers\SPUVCBv.sys (Sunplus Technology) DRV - (johci) -- C:\Windows\System32\drivers\johci.sys (JMicron Technology Corp.) DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Company) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ARCVCAM) -- C:\Windows\System32\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.) DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.) DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation) DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/ IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{8B3D2273-DB7B-43A9-8AC5-B30E4D63ED5C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=HQ&apn_dtid=YYYYYYYYMY&apn_uid=4811d176-6324-4ec6-aa8c-56c43413f30c&apn_sauid=5BFCC708-9D83-44E1-A69E-58B3E84C5C7C IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.myoneportal.*;myoneportal.*;172.*;im.rhbbank.*;esshr.*;*.intranet.*;<local> IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.26.21.99:8088 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/09 05:22:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/09 05:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/09 05:22:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/25 20:53:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/19 23:22:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/09/27 23:45:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/25 12:24:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 22:28:56 | 000,000,000 | ---D | M] [2012/07/25 12:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\183131\AppData\Roaming\mozilla\Extensions [2012/11/16 10:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\183131\AppData\Roaming\mozilla\Firefox\Profiles\04ljxpa6.default\extensions [2012/07/25 12:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/02/09 04:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/09 01:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/09 01:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - Extension: Angry Birds = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Cut the Rope = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012/11/15 21:22:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe () O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iFXSPMGT] c:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG) O4 - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe () O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://172.26.4.127/officescan/console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://172.26.4.127/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://172.26.4.127/officescan/console/html/root/AtxEnc.cab (Encrypt Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = portaldom.ent.intranet.rhbbank.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D34E04-C517-4A3C-A04C-542171A8A9C3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD31D77A-2FE8-49A4-B086-C66F32FAC30D}: DhcpNameServer = 172.29.16.5 172.26.4.50 172.17.1.35 10.31.148.133 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Company) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/16 11:41:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\183131\Desktop\OTL.exe [2012/11/15 21:24:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/15 21:24:15 | 000,000,000 | ---D | C] -- C:\Users\183131\AppData\Local\temp [2012/11/14 21:43:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/11/14 21:43:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/11/14 21:43:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/11/14 21:10:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/14 21:10:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/11/14 21:04:39 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\183131\Desktop\ComboFix.exe [2012/11/14 13:18:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\183131\Desktop\aswMBR.exe [2012/11/10 09:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/11/10 09:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/11/10 09:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy ========== Files - Modified Within 30 Days ========== [2012/11/16 12:16:08 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/16 11:41:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\183131\Desktop\OTL.exe [2012/11/16 10:39:55 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/16 10:39:55 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/16 10:33:31 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/16 10:32:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/16 10:32:22 | 3160,780,800 | -HS- | M] () -- C:\hiberfil.sys [2012/11/16 09:32:03 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor183131.job [2012/11/15 23:45:42 | 000,541,569 | ---- | M] () -- C:\Users\183131\Desktop\adwcleaner.exe [2012/11/15 21:22:20 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012/11/15 09:54:51 | 000,676,146 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/11/15 09:54:51 | 000,126,312 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/11/14 21:05:16 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\183131\Desktop\ComboFix.exe [2012/11/14 20:38:09 | 000,000,512 | ---- | M] () -- C:\Users\183131\Desktop\MBR.dat [2012/11/14 13:59:01 | 000,009,953 | ---- | M] () -- C:\windows\cfgall.ini [2012/11/14 13:24:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\183131\Desktop\aswMBR.exe [2012/11/14 08:19:53 | 000,003,530 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/11/08 13:18:15 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/11/06 13:48:01 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRHB-183131-CAPS$.job [2012/10/19 20:04:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ========== Files Created - No Company Name ========== [2012/11/15 23:45:15 | 000,541,569 | ---- | C] () -- C:\Users\183131\Desktop\adwcleaner.exe [2012/11/14 21:43:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/11/14 21:43:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/11/14 21:43:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/11/14 21:43:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/11/14 21:43:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/11/14 20:38:09 | 000,000,512 | ---- | C] () -- C:\Users\183131\Desktop\MBR.dat [2012/11/01 08:41:49 | 000,000,324 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleFor183131.job [2012/09/27 23:52:21 | 000,148,128 | ---- | C] () -- C:\windows\System32\Presets.bin [2012/09/27 23:52:20 | 000,077,796 | ---- | C] () -- C:\windows\System32\B-31C3.ini [2012/09/27 23:52:20 | 000,076,693 | ---- | C] () -- C:\windows\System32\B-31C2.ini [2012/09/27 23:52:20 | 000,000,149 | ---- | C] () -- C:\windows\System32\IDTNGUI.exe.config [2012/09/27 23:52:19 | 000,032,578 | ---- | C] () -- C:\windows\System32\2011_BEATS_Speaker_M.ini [2012/09/27 23:50:11 | 001,048,576 | ---- | C] () -- C:\windows\System32\syndata.bin [2012/09/27 23:47:35 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin [2012/09/27 23:47:32 | 000,217,536 | ---- | C] () -- C:\windows\System32\igfcg600m.bin [2012/09/27 23:47:32 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll [2012/09/27 23:47:31 | 000,056,832 | ---- | C] () -- C:\windows\System32\igdde32.dll [2012/09/27 23:47:30 | 013,903,872 | ---- | C] () -- C:\windows\System32\ig4icd32.dll [2012/07/29 21:39:54 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe [2012/07/25 12:23:13 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll [2012/07/25 12:20:37 | 000,009,953 | ---- | C] () -- C:\windows\cfgall.ini [2012/07/25 11:23:05 | 000,003,530 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/07/05 18:48:40 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfgifi.sys [2012/07/05 18:44:50 | 000,075,620 | ---- | C] () -- C:\windows\System32\B-31A0.ini [2012/07/05 18:44:50 | 000,075,599 | ---- | C] () -- C:\windows\System32\B-32A1.ini [2012/07/05 18:44:50 | 000,075,557 | ---- | C] () -- C:\windows\System32\B-31C1.ini [2012/07/05 18:44:50 | 000,075,548 | ---- | C] () -- C:\windows\System32\B-31C0.ini [2012/07/05 18:44:50 | 000,075,539 | ---- | C] () -- C:\windows\System32\B-31E0.ini [2012/07/05 18:44:50 | 000,075,535 | ---- | C] () -- C:\windows\System32\B-31D0.ini [2012/07/05 18:44:50 | 000,075,524 | ---- | C] () -- C:\windows\System32\B-31F0.ini [2012/07/05 18:44:50 | 000,075,141 | ---- | C] () -- C:\windows\System32\B-41A0.ini [2012/07/05 18:44:50 | 000,074,025 | ---- | C] () -- C:\windows\System32\B-24A1.ini [2012/07/05 18:44:50 | 000,073,992 | ---- | C] () -- C:\windows\System32\B-23C0.ini [2012/07/05 18:44:50 | 000,073,950 | ---- | C] () -- C:\windows\System32\B-24A0.ini [2012/07/05 18:44:50 | 000,004,080 | ---- | C] () -- C:\windows\System32\stwrt.ini [2012/07/05 18:44:49 | 000,075,612 | ---- | C] () -- C:\windows\System32\B-21C0.ini [2012/07/05 18:44:49 | 000,075,610 | ---- | C] () -- C:\windows\System32\B-21D1.ini [2012/07/05 18:44:49 | 000,075,595 | ---- | C] () -- C:\windows\System32\B-21D0.ini [2012/07/05 18:44:49 | 000,075,591 | ---- | C] () -- C:\windows\System32\B-21B1.ini [2012/07/05 18:44:49 | 000,075,582 | ---- | C] () -- C:\windows\System32\B-21B0.ini [2012/07/05 18:44:49 | 000,075,559 | ---- | C] () -- C:\windows\System32\B-21C1.ini [2012/07/05 18:44:49 | 000,074,026 | ---- | C] () -- C:\windows\System32\B-23B1.ini [2012/07/05 18:44:49 | 000,074,013 | ---- | C] () -- C:\windows\System32\B-23A1.ini [2012/07/05 18:44:49 | 000,074,005 | ---- | C] () -- C:\windows\System32\B-23A0.ini [2012/07/05 18:44:49 | 000,073,993 | ---- | C] () -- C:\windows\System32\B-23B0.ini [2012/07/05 18:44:49 | 000,073,276 | ---- | C] () -- C:\windows\System32\B-02C.ini [2012/07/05 18:44:49 | 000,032,578 | ---- | C] () -- C:\windows\System32\2011_SRS_Speaker_L.ini [2012/07/05 18:34:37 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe [2012/07/05 18:34:37 | 000,074,616 | ---- | C] () -- C:\windows\SPRemove.exe [2012/07/05 18:34:37 | 000,014,409 | ---- | C] () -- C:\windows\TWAIN2080.ini [2012/07/05 18:34:37 | 000,003,926 | ---- | C] () -- C:\windows\Dext_12.ini [2012/07/05 18:34:37 | 000,003,892 | ---- | C] () -- C:\windows\Dext_27.ini [2012/07/05 18:34:37 | 000,003,884 | ---- | C] () -- C:\windows\Dext_25.ini [2012/07/05 18:34:37 | 000,003,882 | ---- | C] () -- C:\windows\Dext_21.ini [2012/07/05 18:34:37 | 000,003,820 | ---- | C] () -- C:\windows\Dext_11.ini [2012/07/05 18:34:37 | 000,003,802 | ---- | C] () -- C:\windows\Dext_14.ini [2012/07/05 18:34:37 | 000,003,802 | ---- | C] () -- C:\windows\Dext_05.ini [2012/07/05 18:34:37 | 000,003,704 | ---- | C] () -- C:\windows\Dext_10.ini [2012/07/05 18:34:37 | 000,003,700 | ---- | C] () -- C:\windows\Dext_16.ini [2012/07/05 18:34:37 | 000,003,682 | ---- | C] () -- C:\windows\Dext_08.ini [2012/07/05 18:34:37 | 000,003,672 | ---- | C] () -- C:\windows\Dext_31.ini [2012/07/05 18:34:37 | 000,003,648 | ---- | C] () -- C:\windows\Dext_36.ini [2012/07/05 18:34:37 | 000,003,624 | ---- | C] () -- C:\windows\Dext_1046.ini [2012/07/05 18:34:37 | 000,003,622 | ---- | C] () -- C:\windows\Dext_20.ini [2012/07/05 18:34:37 | 000,003,588 | ---- | C] () -- C:\windows\Dext_06.ini [2012/07/05 18:34:37 | 000,003,586 | ---- | C] () -- C:\windows\Dext_22.ini [2012/07/05 18:34:37 | 000,003,550 | ---- | C] () -- C:\windows\Dext_19.ini [2012/07/05 18:34:37 | 000,003,550 | ---- | C] () -- C:\windows\Dext_07.ini [2012/07/05 18:34:37 | 000,003,522 | ---- | C] () -- C:\windows\Dext_02.ini [2012/07/05 18:34:37 | 000,003,492 | ---- | C] () -- C:\windows\Dext_24.ini [2012/07/05 18:34:37 | 000,003,450 | ---- | C] () -- C:\windows\Dext_29.ini [2012/07/05 18:34:37 | 000,003,416 | ---- | C] () -- C:\windows\Dext_01.ini [2012/07/05 18:34:37 | 000,003,342 | ---- | C] () -- C:\windows\Dext_30.ini [2012/07/05 18:34:37 | 000,003,220 | ---- | C] () -- C:\windows\Dext_09.ini [2012/07/05 18:34:37 | 000,003,174 | ---- | C] () -- C:\windows\Dext_13.ini [2012/07/05 18:34:37 | 000,003,023 | ---- | C] () -- C:\windows\Remove.ini [2012/07/05 18:34:37 | 000,002,850 | ---- | C] () -- C:\windows\Dext_04.ini [2012/07/05 18:34:37 | 000,002,750 | ---- | C] () -- C:\windows\Dext_17.ini [2012/07/05 18:34:37 | 000,002,674 | ---- | C] () -- C:\windows\Dext_18.ini [2012/07/05 18:34:37 | 000,002,638 | ---- | C] () -- C:\windows\Dext_2052.ini [2012/07/05 18:32:06 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll [2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign [2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign [2011/11/10 15:02:22 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign [2011/11/10 15:02:20 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign [2011/11/10 15:02:18 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPClback.dll.hpsign [2011/11/10 14:58:14 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPLic.dll.hpsign [2011/08/24 14:55:30 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign [2011/08/23 10:10:44 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign [2011/05/30 21:58:34 | 000,185,168 | ---- | C] () -- C:\windows\System32\PassThroughOTP.dll [2011/05/30 21:58:34 | 000,000,256 | ---- | C] () -- C:\windows\System32\PassThroughOTP.dll.hpsign [2011/03/09 05:24:40 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfghdi.sys [2011/03/09 05:18:05 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini [2011/03/09 05:13:33 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfghgc.sys [2011/02/26 06:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll [2011/02/04 07:09:24 | 000,366,176 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll [2011/01/30 07:49:32 | 000,017,232 | ---- | C] () -- C:\windows\System32\CoHpCasl.exe [2011/01/27 10:49:50 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin [2011/01/27 10:15:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config [2011/01/27 10:11:46 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll [2011/01/11 11:03:08 | 086,271,980 | ---- | C] () -- C:\windows\System32\BioTrustFace.dat ========== ZeroAccess Check ========== [2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/10/14 13:00:39 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Canon [2012/07/25 11:56:54 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\DigitalPersona [2012/10/14 13:38:14 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\ImgBurn [2012/07/25 11:57:11 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Infineon [2012/07/25 11:57:34 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Synaptics [2012/07/25 03:58:01 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\DigitalPersona [2012/07/25 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\Infineon [2012/07/25 04:03:44 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2010/10/29 09:31:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2010/10/29 02:56:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010/10/29 02:56:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2010/10/29 09:31:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe [2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/10/29 09:31:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2010/10/29 09:31:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe [2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.