hhcapsquare
-
Posts
32 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by hhcapsquare
-
-
Hi Jeff,
After resetting my router, the popup seems not to appear anymore after I have restarted my notebook. It has so far been > 24 hours since the previous occurance. Does that mean the problem is resolved?
-
here's the log file.
-
Here's the file. I've zipped it since I can't seem to attach the original file.
-
Hi Jeff,
I've reset the router and set a new password to it. However, the popup still occurs..
-
Hi Jeff,
I've logon to the internet via my friend's house today and there seems to be no occurance of the popups during my four hours+ connection there. Seems like the popups only occur when I'm connected to my home network.
-
Hi Jeff,
Here's the log file. Seems to be showing no detection as well.
-
Here's the log file. The scan seems to be not detecting anything.
-
The popup is still occuring
-
-
Here's the log file.
-
Unfortunately, it is still occuring
-
I've run the tool and restarted.
-
-
Hi Jeff,
I'm unable to access from Advance Boot Options as it prompted me for the Windows installation disc, which I do not have with me at the moment. Is there any alternative without the WIndows installation disc? Else, I would have to get it from my office tomorrow.
-
Here's the log file
-
The attached is the report
-
Hi Jeff,
The popup occurred again
-
Hi Jeff,
I have attached the new log after the restart along with this post. So far, there's no occurance of popup.
-
The following are the links to the result pages:
C:\windows\System32\drivers\wdfgifi.sys:
C:\windows\System32\drivers\wdfghdi.sys:
C:\windows\System32\drivers\wdfghgc.sys:
-
The popup just occurred again. The screen capture has been included in this post.
-
Hi Jeff,
So far today, there seems to be no popup incidents. The last time it occured was yesterday night. I have included a screen shot of the TrendMicro Web Reputation log along with this post for your reference.
-
Most of the time, it was when using Internet Explorer. However, there were times when the popup occurs without any browsers opened. Yes, if the proxy settings were removed, I can set it back later.
-
This is from Extras.txt:
OTL Extras logfile created on: 16/11/2012 12:07:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\183131\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.54% Memory free
5.89 Gb Paging File | 3.91 Gb Available in Paging File | 66.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.75 Gb Total Space | 179.44 Gb Free Space | 79.49% Space Free | Partition Type: NTFS
Drive D: | 222.65 Gb Total Space | 175.67 Gb Free Space | 78.90% Space Free | Partition Type: NTFS
Drive E: | 12.06 Gb Total Space | 1.77 Gb Free Space | 14.71% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.62% Space Free | Partition Type: FAT32
Computer Name: RHB-183131-CAPS | User Name: 183131 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082D16CF-C944-4B7B-836B-497DCB9777B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{0F62C7ED-CFE1-43EE-BE4C-D56925A97C54}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1466D998-DB95-49C7-8717-108842420519}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{16176EBC-4CC6-4D92-B83E-872E9505416F}" = lport=21112 | protocol=6 | dir=in | name=trend micro officescan listener |
"{E968F456-9B5A-4E06-BAD6-E09F3CBA77D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0863D124-669B-4366-A893-0C5B649641BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{873C86F4-D54D-4647-BDDA-5DF7E8176241}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AD7F44A0-D772-4963-9A16-B307B03E41F9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{80924B0C-096B-41C0-9061-078CA2EA3E5E}C:\program files\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"UDP Query User{D6BA6130-4908-4E5F-BE85-0B4767011A11}C:\program files\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E500_series" = Canon E500 series MP Drivers
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{44B93048-09ED-4368-A03E-C3115D61737B}" = Privacy Manager for HP ProtectTools
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{54FD3A78-58D4-41F0-97E0-13804DDE016E}" = Validity Fingerprint Sensor Driver
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{623C51BB-CEC4-4942-B225-1A4003AC2576}" = Embedded Security for HP ProtectTools
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{EF03482D-A92C-4304-A342-FA6BEF8028EE}" = HP ProtectTools Security Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Canon E500 series On-screen Manual" = Canon E500 series On-screen Manual
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Setup" = DivX Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"HPProtectTools" = HP ProtectTools Security Manager
"ImgBurn" = ImgBurn
"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"mtn3270" = Mocha W32 TN3270
"Office14.STANDARD" = Microsoft Office Standard 2010
"OfficeScanNT" = Trend Micro OfficeScan Client
"PDF Complete" = PDF Complete Special Edition
"PowerArchiver" = PowerArchiver
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK (1.0.0.50)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30/10/2012 23:40:21 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 01/11/2012 02:37:59 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000
Description = Faulting application name: POWERARC.EXE, version: 6.11.1.0, time stamp:
0x2a425e19 Faulting module name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19
Exception
code: 0xc0000005 Fault offset: 0x000d953d Faulting process id: 0x1f8c Faulting application
start time: 0x01cdb7fb683137fc Faulting application path: C:\Program Files\PowerArchiver\POWERARC.EXE
Faulting
module path: C:\Program Files\PowerArchiver\POWERARC.EXE Report Id: acbe7b6d-23ee-11e2-a3c2-a0b3cc22aa5c
Error - 01/11/2012 04:22:07 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 01/11/2012 06:18:42 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 01/11/2012 21:39:35 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: hxmedpltfm.dll, version: 15.0.5.109,
time stamp: 0x4fe36f3b Exception code: 0xc0000005 Fault offset: 0x0001ca71 Faulting
process id: 0x1508 Faulting application start time: 0x01cdb88932567a1f Faulting application
path: C:\windows\Explorer.EXE Faulting module path: C:\Program Files\Real\RealPlayer\common\hxmedpltfm.dll
Report
Id: 27f6f714-248e-11e2-a394-a0b3cc22aa5c
Error - 04/11/2012 09:15:48 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 06/11/2012 03:25:57 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000
Description = Faulting application name: POWERARC.EXE, version: 6.11.1.0, time stamp:
0x2a425e19 Faulting module name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19
Exception
code: 0xc0000005 Fault offset: 0x000d953d Faulting process id: 0x1cfc Faulting application
start time: 0x01cdbbeff4454c27 Faulting application path: C:\Program Files\PowerArchiver\POWERARC.EXE
Faulting
module path: C:\Program Files\PowerArchiver\POWERARC.EXE Report Id: 34a5ed42-27e3-11e2-bc0f-a0b3cc22aa5c
Error - 06/11/2012 22:33:31 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 08/11/2012 00:33:14 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 08/11/2012 22:46:23 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ Hewlett-Packard Events ]
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)
Error - 27/09/2012 17:36:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.ServiceModel.Channels.ServiceChannel.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()
at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.ServiceModel.Channels.ServiceChannel.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()
at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System.ServiceModel
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void OnAbort()
Error - 27/09/2012 17:36:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.ServiceModel.Channels.ServiceChannel.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()
at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.ServiceModel.Channels.ServiceChannel.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()
at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()
at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()
at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System.ServiceModel
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void OnAbort()
[ HP Connection Manager Events ]
Error - 14/11/2012 21:55:51 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/15 09:55:51.299|00001B34|Error |CBluetooth::StateChanged|Fire_StateChanged
failed [hr:0x800706BA]
Error - 15/11/2012 09:12:56 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/15 21:12:56.510|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 09:13:24 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/15 21:13:24.410|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 09:13:27 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/15 21:13:27.499|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 09:13:33 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/15 21:13:33.552|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 11:52:07 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/15 23:52:07.195|00001B48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 11:52:14 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/15 23:52:14.184|00001B48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 22:30:50 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/16 10:30:50.086|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 22:30:51 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/16 10:30:51.599|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 15/11/2012 22:31:00 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5
Description = 2012/11/16 10:31:00.288|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Software Framework Events ]
Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5
Description = 2012/11/16 10:34:47.710|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5
Description = 2012/11/16 10:34:47.720|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5
Description = 2012/11/16 10:34:47.730|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5
Description = 2012/11/16 10:34:47.739|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5
Description = 2012/11/16 10:34:47.747|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5
Description = 2012/11/16 10:34:47.758|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15/11/2012 22:35:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5
Description = 2012/11/16 10:35:22.735|00001700|Error |[CaslWmi]CommandALS::GetALSInfoFromBIOS{hpCasl.enReturnCode(System.Nullable`1[[system.Boolean,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&,System.Nullable`1[[system.Boolean,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&)}|Error
0xe_BIOS_HARDWARE_ERROR from BIOS WMI call Read/03h while getting ALS state
Error - 15/11/2012 22:35:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5
Description = 2012/11/16 10:35:22.913|00001700|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 15/11/2012 22:35:26 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5
Description = 2012/11/16 10:35:26.556|00001A6C|Error |[CaslWmi]CommandALS::GetALSInfoFromBIOS{hpCasl.enReturnCode(System.Nullable`1[[system.Boolean,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&,System.Nullable`1[[system.Boolean,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&)}|Error
0xe_BIOS_HARDWARE_ERROR from BIOS WMI call Read/03h while getting ALS state
Error - 15/11/2012 22:35:26 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5
Description = 2012/11/16 10:35:26.731|00001A6C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 13/10/2012 23:09:39 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain PORTALDOM due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.
Error - 13/10/2012 23:10:10 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
Error - 13/10/2012 23:10:11 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
Error - 13/10/2012 23:48:24 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 13/10/2012 23:48:25 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 14/10/2012 03:17:40 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain PORTALDOM due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.
Error - 14/10/2012 09:51:50 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain PORTALDOM due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.
Error - 14/10/2012 09:52:25 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
Error - 14/10/2012 09:52:28 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.
Error - 14/10/2012 20:32:52 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain PORTALDOM due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.
< End of report >
-
This is from OTL.txt:
OTL logfile created on: 16/11/2012 12:07:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\183131\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.54% Memory free
5.89 Gb Paging File | 3.91 Gb Available in Paging File | 66.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.75 Gb Total Space | 179.44 Gb Free Space | 79.49% Space Free | Partition Type: NTFS
Drive D: | 222.65 Gb Total Space | 175.67 Gb Free Space | 78.90% Space Free | Partition Type: NTFS
Drive E: | 12.06 Gb Total Space | 1.77 Gb Free Space | 14.71% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.62% Space Free | Partition Type: FAT32
Computer Name: RHB-183131-CAPS | User Name: 183131 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\183131\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
PRC - C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.)
PRC - c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG)
PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG)
PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)
PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL ()
MOD - C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe ()
MOD - c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (tmlisten) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.)
SRV - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV - (ntrtscan) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)
SRV - (hpCMSrv) -- c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe (Hewlett-Packard Company)
SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IFXSpMgtSrv) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG)
SRV - (PersonalSecureDriveService) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (IFXTCS) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (RoxMediaDB12OEM) -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (jhi_service) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (uArcCapture) -- C:\Windows\System32\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\183131\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (TmFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys (Trend Micro Inc.)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (MfeEpeOpal) -- C:\windows\System32\drivers\MfeEpeOpal.sys (McAfee, Inc.)
DRV - (MfeEpePc) -- C:\windows\System32\drivers\MfeEpePc.sys (McAfee, Inc.)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (SPUVCbv) -- C:\Windows\System32\drivers\SPUVCBv.sys (Sunplus Technology)
DRV - (johci) -- C:\Windows\System32\drivers\johci.sys (JMicron Technology Corp.)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Company)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ARCVCAM) -- C:\Windows\System32\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{8B3D2273-DB7B-43A9-8AC5-B30E4D63ED5C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=HQ&apn_dtid=YYYYYYYYMY&apn_uid=4811d176-6324-4ec6-aa8c-56c43413f30c&apn_sauid=5BFCC708-9D83-44E1-A69E-58B3E84C5C7C
IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.myoneportal.*;myoneportal.*;172.*;im.rhbbank.*;esshr.*;*.intranet.*;<local>
IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.26.21.99:8088
========== FireFox ==========
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/09 05:22:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/09 05:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/09 05:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/25 20:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/19 23:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/09/27 23:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/25 12:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 22:28:56 | 000,000,000 | ---D | M]
[2012/07/25 12:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\183131\AppData\Roaming\mozilla\Extensions
[2012/11/16 10:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\183131\AppData\Roaming\mozilla\Firefox\Profiles\04ljxpa6.default\extensions
[2012/07/25 12:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/09 04:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/09 01:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/09 01:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Angry Birds = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Cut the Rope = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2012/11/15 21:22:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe ()
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iFXSPMGT] c:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://172.26.4.127/officescan/console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://172.26.4.127/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://172.26.4.127/officescan/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = portaldom.ent.intranet.rhbbank.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D34E04-C517-4A3C-A04C-542171A8A9C3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD31D77A-2FE8-49A4-B086-C66F32FAC30D}: DhcpNameServer = 172.29.16.5 172.26.4.50 172.17.1.35 10.31.148.133
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Company)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/11/16 11:41:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\183131\Desktop\OTL.exe
[2012/11/15 21:24:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/15 21:24:15 | 000,000,000 | ---D | C] -- C:\Users\183131\AppData\Local\temp
[2012/11/14 21:43:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/14 21:43:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/14 21:43:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/14 21:10:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/14 21:10:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/14 21:04:39 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\183131\Desktop\ComboFix.exe
[2012/11/14 13:18:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\183131\Desktop\aswMBR.exe
[2012/11/10 09:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/10 09:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/10 09:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
========== Files - Modified Within 30 Days ==========
[2012/11/16 12:16:08 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 11:41:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\183131\Desktop\OTL.exe
[2012/11/16 10:39:55 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 10:39:55 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 10:33:31 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/16 10:32:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/16 10:32:22 | 3160,780,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 09:32:03 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor183131.job
[2012/11/15 23:45:42 | 000,541,569 | ---- | M] () -- C:\Users\183131\Desktop\adwcleaner.exe
[2012/11/15 21:22:20 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/11/15 09:54:51 | 000,676,146 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/15 09:54:51 | 000,126,312 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/14 21:05:16 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\183131\Desktop\ComboFix.exe
[2012/11/14 20:38:09 | 000,000,512 | ---- | M] () -- C:\Users\183131\Desktop\MBR.dat
[2012/11/14 13:59:01 | 000,009,953 | ---- | M] () -- C:\windows\cfgall.ini
[2012/11/14 13:24:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\183131\Desktop\aswMBR.exe
[2012/11/14 08:19:53 | 000,003,530 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/08 13:18:15 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/06 13:48:01 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRHB-183131-CAPS$.job
[2012/10/19 20:04:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ==========
[2012/11/15 23:45:15 | 000,541,569 | ---- | C] () -- C:\Users\183131\Desktop\adwcleaner.exe
[2012/11/14 21:43:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/14 21:43:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/14 21:43:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/14 21:43:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/14 21:43:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/14 20:38:09 | 000,000,512 | ---- | C] () -- C:\Users\183131\Desktop\MBR.dat
[2012/11/01 08:41:49 | 000,000,324 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleFor183131.job
[2012/09/27 23:52:21 | 000,148,128 | ---- | C] () -- C:\windows\System32\Presets.bin
[2012/09/27 23:52:20 | 000,077,796 | ---- | C] () -- C:\windows\System32\B-31C3.ini
[2012/09/27 23:52:20 | 000,076,693 | ---- | C] () -- C:\windows\System32\B-31C2.ini
[2012/09/27 23:52:20 | 000,000,149 | ---- | C] () -- C:\windows\System32\IDTNGUI.exe.config
[2012/09/27 23:52:19 | 000,032,578 | ---- | C] () -- C:\windows\System32\2011_BEATS_Speaker_M.ini
[2012/09/27 23:50:11 | 001,048,576 | ---- | C] () -- C:\windows\System32\syndata.bin
[2012/09/27 23:47:35 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin
[2012/09/27 23:47:32 | 000,217,536 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
[2012/09/27 23:47:32 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/09/27 23:47:31 | 000,056,832 | ---- | C] () -- C:\windows\System32\igdde32.dll
[2012/09/27 23:47:30 | 013,903,872 | ---- | C] () -- C:\windows\System32\ig4icd32.dll
[2012/07/29 21:39:54 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2012/07/25 12:23:13 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2012/07/25 12:20:37 | 000,009,953 | ---- | C] () -- C:\windows\cfgall.ini
[2012/07/25 11:23:05 | 000,003,530 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/05 18:48:40 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfgifi.sys
[2012/07/05 18:44:50 | 000,075,620 | ---- | C] () -- C:\windows\System32\B-31A0.ini
[2012/07/05 18:44:50 | 000,075,599 | ---- | C] () -- C:\windows\System32\B-32A1.ini
[2012/07/05 18:44:50 | 000,075,557 | ---- | C] () -- C:\windows\System32\B-31C1.ini
[2012/07/05 18:44:50 | 000,075,548 | ---- | C] () -- C:\windows\System32\B-31C0.ini
[2012/07/05 18:44:50 | 000,075,539 | ---- | C] () -- C:\windows\System32\B-31E0.ini
[2012/07/05 18:44:50 | 000,075,535 | ---- | C] () -- C:\windows\System32\B-31D0.ini
[2012/07/05 18:44:50 | 000,075,524 | ---- | C] () -- C:\windows\System32\B-31F0.ini
[2012/07/05 18:44:50 | 000,075,141 | ---- | C] () -- C:\windows\System32\B-41A0.ini
[2012/07/05 18:44:50 | 000,074,025 | ---- | C] () -- C:\windows\System32\B-24A1.ini
[2012/07/05 18:44:50 | 000,073,992 | ---- | C] () -- C:\windows\System32\B-23C0.ini
[2012/07/05 18:44:50 | 000,073,950 | ---- | C] () -- C:\windows\System32\B-24A0.ini
[2012/07/05 18:44:50 | 000,004,080 | ---- | C] () -- C:\windows\System32\stwrt.ini
[2012/07/05 18:44:49 | 000,075,612 | ---- | C] () -- C:\windows\System32\B-21C0.ini
[2012/07/05 18:44:49 | 000,075,610 | ---- | C] () -- C:\windows\System32\B-21D1.ini
[2012/07/05 18:44:49 | 000,075,595 | ---- | C] () -- C:\windows\System32\B-21D0.ini
[2012/07/05 18:44:49 | 000,075,591 | ---- | C] () -- C:\windows\System32\B-21B1.ini
[2012/07/05 18:44:49 | 000,075,582 | ---- | C] () -- C:\windows\System32\B-21B0.ini
[2012/07/05 18:44:49 | 000,075,559 | ---- | C] () -- C:\windows\System32\B-21C1.ini
[2012/07/05 18:44:49 | 000,074,026 | ---- | C] () -- C:\windows\System32\B-23B1.ini
[2012/07/05 18:44:49 | 000,074,013 | ---- | C] () -- C:\windows\System32\B-23A1.ini
[2012/07/05 18:44:49 | 000,074,005 | ---- | C] () -- C:\windows\System32\B-23A0.ini
[2012/07/05 18:44:49 | 000,073,993 | ---- | C] () -- C:\windows\System32\B-23B0.ini
[2012/07/05 18:44:49 | 000,073,276 | ---- | C] () -- C:\windows\System32\B-02C.ini
[2012/07/05 18:44:49 | 000,032,578 | ---- | C] () -- C:\windows\System32\2011_SRS_Speaker_L.ini
[2012/07/05 18:34:37 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe
[2012/07/05 18:34:37 | 000,074,616 | ---- | C] () -- C:\windows\SPRemove.exe
[2012/07/05 18:34:37 | 000,014,409 | ---- | C] () -- C:\windows\TWAIN2080.ini
[2012/07/05 18:34:37 | 000,003,926 | ---- | C] () -- C:\windows\Dext_12.ini
[2012/07/05 18:34:37 | 000,003,892 | ---- | C] () -- C:\windows\Dext_27.ini
[2012/07/05 18:34:37 | 000,003,884 | ---- | C] () -- C:\windows\Dext_25.ini
[2012/07/05 18:34:37 | 000,003,882 | ---- | C] () -- C:\windows\Dext_21.ini
[2012/07/05 18:34:37 | 000,003,820 | ---- | C] () -- C:\windows\Dext_11.ini
[2012/07/05 18:34:37 | 000,003,802 | ---- | C] () -- C:\windows\Dext_14.ini
[2012/07/05 18:34:37 | 000,003,802 | ---- | C] () -- C:\windows\Dext_05.ini
[2012/07/05 18:34:37 | 000,003,704 | ---- | C] () -- C:\windows\Dext_10.ini
[2012/07/05 18:34:37 | 000,003,700 | ---- | C] () -- C:\windows\Dext_16.ini
[2012/07/05 18:34:37 | 000,003,682 | ---- | C] () -- C:\windows\Dext_08.ini
[2012/07/05 18:34:37 | 000,003,672 | ---- | C] () -- C:\windows\Dext_31.ini
[2012/07/05 18:34:37 | 000,003,648 | ---- | C] () -- C:\windows\Dext_36.ini
[2012/07/05 18:34:37 | 000,003,624 | ---- | C] () -- C:\windows\Dext_1046.ini
[2012/07/05 18:34:37 | 000,003,622 | ---- | C] () -- C:\windows\Dext_20.ini
[2012/07/05 18:34:37 | 000,003,588 | ---- | C] () -- C:\windows\Dext_06.ini
[2012/07/05 18:34:37 | 000,003,586 | ---- | C] () -- C:\windows\Dext_22.ini
[2012/07/05 18:34:37 | 000,003,550 | ---- | C] () -- C:\windows\Dext_19.ini
[2012/07/05 18:34:37 | 000,003,550 | ---- | C] () -- C:\windows\Dext_07.ini
[2012/07/05 18:34:37 | 000,003,522 | ---- | C] () -- C:\windows\Dext_02.ini
[2012/07/05 18:34:37 | 000,003,492 | ---- | C] () -- C:\windows\Dext_24.ini
[2012/07/05 18:34:37 | 000,003,450 | ---- | C] () -- C:\windows\Dext_29.ini
[2012/07/05 18:34:37 | 000,003,416 | ---- | C] () -- C:\windows\Dext_01.ini
[2012/07/05 18:34:37 | 000,003,342 | ---- | C] () -- C:\windows\Dext_30.ini
[2012/07/05 18:34:37 | 000,003,220 | ---- | C] () -- C:\windows\Dext_09.ini
[2012/07/05 18:34:37 | 000,003,174 | ---- | C] () -- C:\windows\Dext_13.ini
[2012/07/05 18:34:37 | 000,003,023 | ---- | C] () -- C:\windows\Remove.ini
[2012/07/05 18:34:37 | 000,002,850 | ---- | C] () -- C:\windows\Dext_04.ini
[2012/07/05 18:34:37 | 000,002,750 | ---- | C] () -- C:\windows\Dext_17.ini
[2012/07/05 18:34:37 | 000,002,674 | ---- | C] () -- C:\windows\Dext_18.ini
[2012/07/05 18:34:37 | 000,002,638 | ---- | C] () -- C:\windows\Dext_2052.ini
[2012/07/05 18:32:06 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/11/10 15:02:22 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2011/11/10 15:02:20 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2011/11/10 15:02:18 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2011/11/10 14:58:14 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPLic.dll.hpsign
[2011/08/24 14:55:30 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2011/08/23 10:10:44 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2011/05/30 21:58:34 | 000,185,168 | ---- | C] () -- C:\windows\System32\PassThroughOTP.dll
[2011/05/30 21:58:34 | 000,000,256 | ---- | C] () -- C:\windows\System32\PassThroughOTP.dll.hpsign
[2011/03/09 05:24:40 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfghdi.sys
[2011/03/09 05:18:05 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2011/03/09 05:13:33 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfghgc.sys
[2011/02/26 06:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/02/04 07:09:24 | 000,366,176 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2011/01/30 07:49:32 | 000,017,232 | ---- | C] () -- C:\windows\System32\CoHpCasl.exe
[2011/01/27 10:49:50 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
[2011/01/27 10:15:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/01/27 10:11:46 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2011/01/11 11:03:08 | 086,271,980 | ---- | C] () -- C:\windows\System32\BioTrustFace.dat
========== ZeroAccess Check ==========
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/10/14 13:00:39 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Canon
[2012/07/25 11:56:54 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\DigitalPersona
[2012/10/14 13:38:14 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\ImgBurn
[2012/07/25 11:57:11 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Infineon
[2012/07/25 11:57:34 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Synaptics
[2012/07/25 03:58:01 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\DigitalPersona
[2012/07/25 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\Infineon
[2012/07/25 04:03:44 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\Synaptics
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/10/29 09:31:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/10/29 02:56:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/10/29 02:56:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/10/29 09:31:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/10/29 09:31:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/10/29 09:31:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< End of report >
I think I'm Infected
in Resolved Malware Removal Logs
Posted
Seems like so far so good