Jump to content

I think I'm Infected


Recommended Posts

Hi,

My laptop keeps getting popup from my TrendMicro OfficeScan antivirus saying it has blocked access to the URL http://202.71.99.194/wpad.dat although I have not open any such sites. I have done a full scan with TrendMicro OfficeScan, MalwareBytes, and Spybot but all three scans couldn't detect any infection. Is my laptop being infected with malwares?

Attached is the DDS log files for reference.

attach.txt

dds.txt

Link to post
Share on other sites

  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Also...are you aware that your system is set to run on a proxy server? Do you use this computer to access work/school?

Link to post
Share on other sites

Hi Jeff,

Thank you for taking time to help me resolve my issues. I have attached the aswMBR log file in this post.

I am using my laptop both at home and at work. The proxy setting is for my work environment.

The popup blocking by TrendMicro seems to only occur while I am connected at home. So far, it has not occur while I am connected to my office network in the past 2 days.

aswMBR.txt

Link to post
Share on other sites

Ok thanks for letting me know.

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    DDS::
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    Firefox::
    FF - ProfilePath - c:\users\183131\appdata\roaming\mozilla\firefox\profiles\04ljxpa6.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15788
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&apn_uid=4811d176-6324-4ec6-aa8c-56c43413f30c&apn_ptnrs=HQ&apn_sauid=5BFCC708-9D83-44E1-A69E-58B3E84C5C7C&apn_dtid=YYYYYYYYMY&&q=
    FF - ExtSQL: 2012-10-14 12:33; toolbar@ask.com; c:\users\183131\appdata\roaming\mozilla\firefox\profiles\04ljxpa6.default\extensions\toolbar@ask.com
    File::
    C:\Program Files\Ask.com\Updater\Updater.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Please post the new ComboFix log and let me know how your system is running. :)

Link to post
Share on other sites

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------

Link to post
Share on other sites

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Post the new log and let me know about the popup. :)

Link to post
Share on other sites

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Link to post
Share on other sites

This is from OTL.txt:

OTL logfile created on: 16/11/2012 12:07:28 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\183131\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.54% Memory free

5.89 Gb Paging File | 3.91 Gb Available in Paging File | 66.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 225.75 Gb Total Space | 179.44 Gb Free Space | 79.49% Space Free | Partition Type: NTFS

Drive D: | 222.65 Gb Total Space | 175.67 Gb Free Space | 78.90% Space Free | Partition Type: NTFS

Drive E: | 12.06 Gb Total Space | 1.77 Gb Free Space | 14.71% Space Free | Partition Type: NTFS

Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.62% Space Free | Partition Type: FAT32

Computer Name: RHB-183131-CAPS | User Name: 183131 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\183131\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)

PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.)

PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()

PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()

PRC - C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.)

PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)

PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)

PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

PRC - C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)

PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)

PRC - C:\Program Files\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.)

PRC - c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)

PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

PRC - c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG)

PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe (Infineon Technologies AG)

PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)

PRC - c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG)

PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)

PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe (Portrait Displays, Inc.)

PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)

PRC - C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

PRC - C:\Program Files\Intel\Services\IPT\jhi_service.exe (Intel Corporation)

PRC - C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe ()

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()

MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()

MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\83053c3eeb3255672d84c1ddc0ce8ef3\System.Speech.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll ()

MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll ()

MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll ()

MOD - C:\Windows\System32\IccLibDll.dll ()

MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL ()

MOD - C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

MOD - C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe ()

MOD - c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()

MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\Program Files\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (tmlisten) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.)

SRV - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()

SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV - (ntrtscan) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.)

SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)

SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (TmPfw) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)

SRV - (TmProxy) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)

SRV - (hpCMSrv) -- c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)

SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)

SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()

SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Company)

SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)

SRV - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe (Hewlett-Packard Company)

SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)

SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (IFXSpMgtSrv) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe (Infineon Technologies AG)

SRV - (PersonalSecureDriveService) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe (Infineon Technologies AG)

SRV - (IFXTCS) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe (Infineon Technologies AG)

SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)

SRV - (RoxMediaDB12OEM) -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)

SRV - (jhi_service) -- C:\Program Files\Intel\Services\IPT\jhi_service.exe (Intel Corporation)

SRV - (uArcCapture) -- C:\Windows\System32\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\183131\AppData\Local\Temp\catchme.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)

DRV - (TmFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys (Trend Micro Inc.)

DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys (Trend Micro Inc.)

DRV - (VSApiNt) -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys (Trend Micro Inc.)

DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (MfeEpeOpal) -- C:\windows\System32\drivers\MfeEpeOpal.sys (McAfee, Inc.)

DRV - (MfeEpePc) -- C:\windows\System32\drivers\MfeEpePc.sys (McAfee, Inc.)

DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV - (SPUVCbv) -- C:\Windows\System32\drivers\SPUVCBv.sys (Sunplus Technology)

DRV - (johci) -- C:\Windows\System32\drivers\johci.sys (JMicron Technology Corp.)

DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Company)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)

DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)

DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)

DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (ARCVCAM) -- C:\Windows\System32\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)

DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)

DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)

DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)

DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/

IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{8B3D2273-DB7B-43A9-8AC5-B30E4D63ED5C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=HQ&apn_dtid=YYYYYYYYMY&apn_uid=4811d176-6324-4ec6-aa8c-56c43413f30c&apn_sauid=5BFCC708-9D83-44E1-A69E-58B3E84C5C7C

IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.myoneportal.*;myoneportal.*;172.*;im.rhbbank.*;esshr.*;*.intranet.*;<local>

IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.26.21.99:8088

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/09 05:22:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/09 05:22:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/09 05:22:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/25 20:53:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/19 23:22:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/09/27 23:45:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/25 12:24:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/24 22:28:56 | 000,000,000 | ---D | M]

[2012/07/25 12:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\183131\AppData\Roaming\mozilla\Extensions

[2012/11/16 10:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\183131\AppData\Roaming\mozilla\Firefox\Profiles\04ljxpa6.default\extensions

[2012/07/25 12:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/09 04:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/02/09 01:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/09 01:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - Extension: Angry Birds = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: Cut the Rope = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\183131\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/11/15 21:22:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe ()

O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()

O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iFXSPMGT] c:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)

O4 - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://172.26.4.127/officescan/console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://172.26.4.127/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://172.26.4.127/officescan/console/html/root/AtxEnc.cab (Encrypt Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = portaldom.ent.intranet.rhbbank.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61D34E04-C517-4A3C-A04C-542171A8A9C3}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD31D77A-2FE8-49A4-B086-C66F32FAC30D}: DhcpNameServer = 172.29.16.5 172.26.4.50 172.17.1.35 10.31.148.133

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Company)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/16 11:41:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\183131\Desktop\OTL.exe

[2012/11/15 21:24:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/15 21:24:15 | 000,000,000 | ---D | C] -- C:\Users\183131\AppData\Local\temp

[2012/11/14 21:43:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/11/14 21:43:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/11/14 21:43:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/11/14 21:10:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/14 21:10:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012/11/14 21:04:39 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\183131\Desktop\ComboFix.exe

[2012/11/14 13:18:15 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\183131\Desktop\aswMBR.exe

[2012/11/10 09:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/11/10 09:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/11/10 09:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2012/11/16 12:16:08 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/16 11:41:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\183131\Desktop\OTL.exe

[2012/11/16 10:39:55 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/16 10:39:55 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/16 10:33:31 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/16 10:32:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/11/16 10:32:22 | 3160,780,800 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/16 09:32:03 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor183131.job

[2012/11/15 23:45:42 | 000,541,569 | ---- | M] () -- C:\Users\183131\Desktop\adwcleaner.exe

[2012/11/15 21:22:20 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts

[2012/11/15 09:54:51 | 000,676,146 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/11/15 09:54:51 | 000,126,312 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/11/14 21:05:16 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\183131\Desktop\ComboFix.exe

[2012/11/14 20:38:09 | 000,000,512 | ---- | M] () -- C:\Users\183131\Desktop\MBR.dat

[2012/11/14 13:59:01 | 000,009,953 | ---- | M] () -- C:\windows\cfgall.ini

[2012/11/14 13:24:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\183131\Desktop\aswMBR.exe

[2012/11/14 08:19:53 | 000,003,530 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/11/08 13:18:15 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/11/06 13:48:01 | 000,000,344 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRHB-183131-CAPS$.job

[2012/10/19 20:04:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/11/15 23:45:15 | 000,541,569 | ---- | C] () -- C:\Users\183131\Desktop\adwcleaner.exe

[2012/11/14 21:43:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/11/14 21:43:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/11/14 21:43:28 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/11/14 21:43:28 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/11/14 21:43:28 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/11/14 20:38:09 | 000,000,512 | ---- | C] () -- C:\Users\183131\Desktop\MBR.dat

[2012/11/01 08:41:49 | 000,000,324 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleFor183131.job

[2012/09/27 23:52:21 | 000,148,128 | ---- | C] () -- C:\windows\System32\Presets.bin

[2012/09/27 23:52:20 | 000,077,796 | ---- | C] () -- C:\windows\System32\B-31C3.ini

[2012/09/27 23:52:20 | 000,076,693 | ---- | C] () -- C:\windows\System32\B-31C2.ini

[2012/09/27 23:52:20 | 000,000,149 | ---- | C] () -- C:\windows\System32\IDTNGUI.exe.config

[2012/09/27 23:52:19 | 000,032,578 | ---- | C] () -- C:\windows\System32\2011_BEATS_Speaker_M.ini

[2012/09/27 23:50:11 | 001,048,576 | ---- | C] () -- C:\windows\System32\syndata.bin

[2012/09/27 23:47:35 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin

[2012/09/27 23:47:32 | 000,217,536 | ---- | C] () -- C:\windows\System32\igfcg600m.bin

[2012/09/27 23:47:32 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

[2012/09/27 23:47:31 | 000,056,832 | ---- | C] () -- C:\windows\System32\igdde32.dll

[2012/09/27 23:47:30 | 013,903,872 | ---- | C] () -- C:\windows\System32\ig4icd32.dll

[2012/07/29 21:39:54 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe

[2012/07/25 12:23:13 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll

[2012/07/25 12:20:37 | 000,009,953 | ---- | C] () -- C:\windows\cfgall.ini

[2012/07/25 11:23:05 | 000,003,530 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/07/05 18:48:40 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfgifi.sys

[2012/07/05 18:44:50 | 000,075,620 | ---- | C] () -- C:\windows\System32\B-31A0.ini

[2012/07/05 18:44:50 | 000,075,599 | ---- | C] () -- C:\windows\System32\B-32A1.ini

[2012/07/05 18:44:50 | 000,075,557 | ---- | C] () -- C:\windows\System32\B-31C1.ini

[2012/07/05 18:44:50 | 000,075,548 | ---- | C] () -- C:\windows\System32\B-31C0.ini

[2012/07/05 18:44:50 | 000,075,539 | ---- | C] () -- C:\windows\System32\B-31E0.ini

[2012/07/05 18:44:50 | 000,075,535 | ---- | C] () -- C:\windows\System32\B-31D0.ini

[2012/07/05 18:44:50 | 000,075,524 | ---- | C] () -- C:\windows\System32\B-31F0.ini

[2012/07/05 18:44:50 | 000,075,141 | ---- | C] () -- C:\windows\System32\B-41A0.ini

[2012/07/05 18:44:50 | 000,074,025 | ---- | C] () -- C:\windows\System32\B-24A1.ini

[2012/07/05 18:44:50 | 000,073,992 | ---- | C] () -- C:\windows\System32\B-23C0.ini

[2012/07/05 18:44:50 | 000,073,950 | ---- | C] () -- C:\windows\System32\B-24A0.ini

[2012/07/05 18:44:50 | 000,004,080 | ---- | C] () -- C:\windows\System32\stwrt.ini

[2012/07/05 18:44:49 | 000,075,612 | ---- | C] () -- C:\windows\System32\B-21C0.ini

[2012/07/05 18:44:49 | 000,075,610 | ---- | C] () -- C:\windows\System32\B-21D1.ini

[2012/07/05 18:44:49 | 000,075,595 | ---- | C] () -- C:\windows\System32\B-21D0.ini

[2012/07/05 18:44:49 | 000,075,591 | ---- | C] () -- C:\windows\System32\B-21B1.ini

[2012/07/05 18:44:49 | 000,075,582 | ---- | C] () -- C:\windows\System32\B-21B0.ini

[2012/07/05 18:44:49 | 000,075,559 | ---- | C] () -- C:\windows\System32\B-21C1.ini

[2012/07/05 18:44:49 | 000,074,026 | ---- | C] () -- C:\windows\System32\B-23B1.ini

[2012/07/05 18:44:49 | 000,074,013 | ---- | C] () -- C:\windows\System32\B-23A1.ini

[2012/07/05 18:44:49 | 000,074,005 | ---- | C] () -- C:\windows\System32\B-23A0.ini

[2012/07/05 18:44:49 | 000,073,993 | ---- | C] () -- C:\windows\System32\B-23B0.ini

[2012/07/05 18:44:49 | 000,073,276 | ---- | C] () -- C:\windows\System32\B-02C.ini

[2012/07/05 18:44:49 | 000,032,578 | ---- | C] () -- C:\windows\System32\2011_SRS_Speaker_L.ini

[2012/07/05 18:34:37 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe

[2012/07/05 18:34:37 | 000,074,616 | ---- | C] () -- C:\windows\SPRemove.exe

[2012/07/05 18:34:37 | 000,014,409 | ---- | C] () -- C:\windows\TWAIN2080.ini

[2012/07/05 18:34:37 | 000,003,926 | ---- | C] () -- C:\windows\Dext_12.ini

[2012/07/05 18:34:37 | 000,003,892 | ---- | C] () -- C:\windows\Dext_27.ini

[2012/07/05 18:34:37 | 000,003,884 | ---- | C] () -- C:\windows\Dext_25.ini

[2012/07/05 18:34:37 | 000,003,882 | ---- | C] () -- C:\windows\Dext_21.ini

[2012/07/05 18:34:37 | 000,003,820 | ---- | C] () -- C:\windows\Dext_11.ini

[2012/07/05 18:34:37 | 000,003,802 | ---- | C] () -- C:\windows\Dext_14.ini

[2012/07/05 18:34:37 | 000,003,802 | ---- | C] () -- C:\windows\Dext_05.ini

[2012/07/05 18:34:37 | 000,003,704 | ---- | C] () -- C:\windows\Dext_10.ini

[2012/07/05 18:34:37 | 000,003,700 | ---- | C] () -- C:\windows\Dext_16.ini

[2012/07/05 18:34:37 | 000,003,682 | ---- | C] () -- C:\windows\Dext_08.ini

[2012/07/05 18:34:37 | 000,003,672 | ---- | C] () -- C:\windows\Dext_31.ini

[2012/07/05 18:34:37 | 000,003,648 | ---- | C] () -- C:\windows\Dext_36.ini

[2012/07/05 18:34:37 | 000,003,624 | ---- | C] () -- C:\windows\Dext_1046.ini

[2012/07/05 18:34:37 | 000,003,622 | ---- | C] () -- C:\windows\Dext_20.ini

[2012/07/05 18:34:37 | 000,003,588 | ---- | C] () -- C:\windows\Dext_06.ini

[2012/07/05 18:34:37 | 000,003,586 | ---- | C] () -- C:\windows\Dext_22.ini

[2012/07/05 18:34:37 | 000,003,550 | ---- | C] () -- C:\windows\Dext_19.ini

[2012/07/05 18:34:37 | 000,003,550 | ---- | C] () -- C:\windows\Dext_07.ini

[2012/07/05 18:34:37 | 000,003,522 | ---- | C] () -- C:\windows\Dext_02.ini

[2012/07/05 18:34:37 | 000,003,492 | ---- | C] () -- C:\windows\Dext_24.ini

[2012/07/05 18:34:37 | 000,003,450 | ---- | C] () -- C:\windows\Dext_29.ini

[2012/07/05 18:34:37 | 000,003,416 | ---- | C] () -- C:\windows\Dext_01.ini

[2012/07/05 18:34:37 | 000,003,342 | ---- | C] () -- C:\windows\Dext_30.ini

[2012/07/05 18:34:37 | 000,003,220 | ---- | C] () -- C:\windows\Dext_09.ini

[2012/07/05 18:34:37 | 000,003,174 | ---- | C] () -- C:\windows\Dext_13.ini

[2012/07/05 18:34:37 | 000,003,023 | ---- | C] () -- C:\windows\Remove.ini

[2012/07/05 18:34:37 | 000,002,850 | ---- | C] () -- C:\windows\Dext_04.ini

[2012/07/05 18:34:37 | 000,002,750 | ---- | C] () -- C:\windows\Dext_17.ini

[2012/07/05 18:34:37 | 000,002,674 | ---- | C] () -- C:\windows\Dext_18.ini

[2012/07/05 18:34:37 | 000,002,638 | ---- | C] () -- C:\windows\Dext_2052.ini

[2012/07/05 18:32:06 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll

[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign

[2012/02/24 15:47:04 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign

[2011/11/10 15:02:22 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign

[2011/11/10 15:02:20 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign

[2011/11/10 15:02:18 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPClback.dll.hpsign

[2011/11/10 14:58:14 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPLic.dll.hpsign

[2011/08/24 14:55:30 | 000,000,256 | R--- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign

[2011/08/23 10:10:44 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign

[2011/05/30 21:58:34 | 000,185,168 | ---- | C] () -- C:\windows\System32\PassThroughOTP.dll

[2011/05/30 21:58:34 | 000,000,256 | ---- | C] () -- C:\windows\System32\PassThroughOTP.dll.hpsign

[2011/03/09 05:24:40 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfghdi.sys

[2011/03/09 05:18:05 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini

[2011/03/09 05:13:33 | 000,003,120 | ---- | C] () -- C:\windows\System32\drivers\wdfghgc.sys

[2011/02/26 06:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll

[2011/02/04 07:09:24 | 000,366,176 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll

[2011/01/30 07:49:32 | 000,017,232 | ---- | C] () -- C:\windows\System32\CoHpCasl.exe

[2011/01/27 10:49:50 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin

[2011/01/27 10:15:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

[2011/01/27 10:11:46 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll

[2011/01/11 11:03:08 | 086,271,980 | ---- | C] () -- C:\windows\System32\BioTrustFace.dat

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/14 13:00:39 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Canon

[2012/07/25 11:56:54 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\DigitalPersona

[2012/10/14 13:38:14 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\ImgBurn

[2012/07/25 11:57:11 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Infineon

[2012/07/25 11:57:34 | 000,000,000 | ---D | M] -- C:\Users\183131\AppData\Roaming\Synaptics

[2012/07/25 03:58:01 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\DigitalPersona

[2012/07/25 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\Infineon

[2012/07/25 04:03:44 | 000,000,000 | ---D | M] -- C:\Users\RHB-183131\AppData\Roaming\Synaptics

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2010/10/29 09:31:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe

[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2010/10/29 02:56:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2010/10/29 02:56:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2010/10/29 09:31:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe

[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe

[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe

[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/10/29 09:31:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010/10/29 09:31:55 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe

[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

Link to post
Share on other sites

This is from Extras.txt:

OTL Extras logfile created on: 16/11/2012 12:07:28 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\183131\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.54% Memory free

5.89 Gb Paging File | 3.91 Gb Available in Paging File | 66.49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 225.75 Gb Total Space | 179.44 Gb Free Space | 79.49% Space Free | Partition Type: NTFS

Drive D: | 222.65 Gb Total Space | 175.67 Gb Free Space | 78.90% Space Free | Partition Type: NTFS

Drive E: | 12.06 Gb Total Space | 1.77 Gb Free Space | 14.71% Space Free | Partition Type: NTFS

Drive F: | 4.98 Gb Total Space | 2.12 Gb Free Space | 42.62% Space Free | Partition Type: FAT32

Computer Name: RHB-183131-CAPS | User Name: 183131 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{082D16CF-C944-4B7B-836B-497DCB9777B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{0F62C7ED-CFE1-43EE-BE4C-D56925A97C54}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{1466D998-DB95-49C7-8717-108842420519}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{16176EBC-4CC6-4D92-B83E-872E9505416F}" = lport=21112 | protocol=6 | dir=in | name=trend micro officescan listener |

"{E968F456-9B5A-4E06-BAD6-E09F3CBA77D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0863D124-669B-4366-A893-0C5B649641BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{873C86F4-D54D-4647-BDDA-5DF7E8176241}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{AD7F44A0-D772-4963-9A16-B307B03E41F9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"TCP Query User{80924B0C-096B-41C0-9061-078CA2EA3E5E}C:\program files\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"UDP Query User{D6BA6130-4908-4E5F-BE85-0B4767011A11}C:\program files\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK

"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E500_series" = Canon E500 series MP Drivers

"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper

"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver

"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam

"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb

"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform

"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0

"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager

"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common

"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0

"{44B93048-09ED-4368-A03E-C3115D61737B}" = Privacy Manager for HP ProtectTools

"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager

"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery

"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE

"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions

"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload

"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup

"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings

"{54FD3A78-58D4-41F0-97E0-13804DDE016E}" = Validity Fingerprint Sensor Driver

"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools

"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common

"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery

"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation

"{623C51BB-CEC4-4942-B225-1A4003AC2576}" = Embedded Security for HP ProtectTools

"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform

"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support

"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}" = Drive Encryption For HP ProtectTools

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010

"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack

"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010

"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework

"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform

"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7

"{D3A775F2-2674-4452-8D80-1FC1446052EE}" = Face Recognition for HP ProtectTools

"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker

"{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials

"{EF03482D-A92C-4304-A342-FA6BEF8028EE}" = HP ProtectTools Security Manager

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Canon E500 series On-screen Manual" = Canon E500 series On-screen Manual

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DivX Setup" = DivX Setup

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Google Chrome" = Google Chrome

"HPProtectTools" = HP ProtectTools Security Manager

"ImgBurn" = ImgBurn

"InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}" = Theft Recovery for HP ProtectTools

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"mtn3270" = Mocha W32 TN3270

"Office14.STANDARD" = Microsoft Office Standard 2010

"OfficeScanNT" = Trend Micro OfficeScan Client

"PDF Complete" = PDF Complete Special Edition

"PowerArchiver" = PowerArchiver

"PROSet" = Intel® Network Connections Drivers

"RealPlayer 15.0" = RealPlayer

"Recuva" = Recuva

"Sunplus SPUVCb" = HP HD Webcam [Fixed]

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"SZCCID" = Alcor Micro Smart Card Reader Driver

"VIP Access SDK" = VIP Access SDK (1.0.0.50)

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-809447956-1472028839-2767360324-58023\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 30/10/2012 23:40:21 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Canon\mp

navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/11/2012 02:37:59 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000

Description = Faulting application name: POWERARC.EXE, version: 6.11.1.0, time stamp:

0x2a425e19 Faulting module name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19

Exception

code: 0xc0000005 Fault offset: 0x000d953d Faulting process id: 0x1f8c Faulting application

start time: 0x01cdb7fb683137fc Faulting application path: C:\Program Files\PowerArchiver\POWERARC.EXE

Faulting

module path: C:\Program Files\PowerArchiver\POWERARC.EXE Report Id: acbe7b6d-23ee-11e2-a3c2-a0b3cc22aa5c

Error - 01/11/2012 04:22:07 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Canon\mp

navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/11/2012 06:18:42 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Canon\mp

navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/11/2012 21:39:35 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,

time stamp: 0x4d6727a7 Faulting module name: hxmedpltfm.dll, version: 15.0.5.109,

time stamp: 0x4fe36f3b Exception code: 0xc0000005 Fault offset: 0x0001ca71 Faulting

process id: 0x1508 Faulting application start time: 0x01cdb88932567a1f Faulting application

path: C:\windows\Explorer.EXE Faulting module path: C:\Program Files\Real\RealPlayer\common\hxmedpltfm.dll

Report

Id: 27f6f714-248e-11e2-a394-a0b3cc22aa5c

Error - 04/11/2012 09:15:48 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Canon\mp

navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 06/11/2012 03:25:57 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Application Error | ID = 1000

Description = Faulting application name: POWERARC.EXE, version: 6.11.1.0, time stamp:

0x2a425e19 Faulting module name: POWERARC.EXE, version: 6.11.1.0, time stamp: 0x2a425e19

Exception

code: 0xc0000005 Fault offset: 0x000d953d Faulting process id: 0x1cfc Faulting application

start time: 0x01cdbbeff4454c27 Faulting application path: C:\Program Files\PowerArchiver\POWERARC.EXE

Faulting

module path: C:\Program Files\PowerArchiver\POWERARC.EXE Report Id: 34a5ed42-27e3-11e2-bc0f-a0b3cc22aa5c

Error - 06/11/2012 22:33:31 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Canon\mp

navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 08/11/2012 00:33:14 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Canon\mp

navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 08/11/2012 22:46:23 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Canon\mp

navigator ex 5.0\mpnmlif64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Hewlett-Packard Events ]

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:18 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal

principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at

System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo

startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,

System.Threading.StackCrawlMark ByRef)

Error - 27/09/2012 17:36:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.ServiceModel.Channels.ServiceChannel.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()

at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.ServiceModel.Channels.ServiceChannel.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()

at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System.ServiceModel

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void OnAbort()

Error - 27/09/2012 17:36:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2147024882HPSF.exe at System.ServiceModel.Channels.ServiceChannel.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()

at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception

of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.ServiceModel.Channels.ServiceChannel.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.Channels.ServiceChannelFactory.OnAbort()

at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at System.ServiceModel.ChannelFactory.OnAbort()

at System.ServiceModel.Channels.CommunicationObject.Abort() at HP.SupportFramework.Communicator.MessengerComm.MessengerPublisher.closeConnection()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: System.ServiceModel

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Format:

en-US RAM: 3014 Ram Utilization: 30 TargetSite: Void OnAbort()

[ HP Connection Manager Events ]

Error - 14/11/2012 21:55:51 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/15 09:55:51.299|00001B34|Error |CBluetooth::StateChanged|Fire_StateChanged

failed [hr:0x800706BA]

Error - 15/11/2012 09:12:56 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/15 21:12:56.510|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 09:13:24 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/15 21:13:24.410|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 09:13:27 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/15 21:13:27.499|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 09:13:33 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/15 21:13:33.552|000006A0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 11:52:07 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/15 23:52:07.195|00001B48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 11:52:14 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/15 23:52:14.184|00001B48|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 22:30:50 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/16 10:30:50.086|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 22:30:51 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/16 10:30:51.599|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

Error - 15/11/2012 22:31:00 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = hpCMSrv | ID = 5

Description = 2012/11/16 10:31:00.288|00000F28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged

failed [hr:0x800706BA]

[ HP Software Framework Events ]

Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5

Description = 2012/11/16 10:34:47.710|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5

Description = 2012/11/16 10:34:47.720|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5

Description = 2012/11/16 10:34:47.730|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5

Description = 2012/11/16 10:34:47.739|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5

Description = 2012/11/16 10:34:47.747|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 15/11/2012 22:34:47 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Casl | ID = 5

Description = 2012/11/16 10:34:47.758|00001AD8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 15/11/2012 22:35:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5

Description = 2012/11/16 10:35:22.735|00001700|Error |[CaslWmi]CommandALS::GetALSInfoFromBIOS{hpCasl.enReturnCode(System.Nullable`1[[system.Boolean,

mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&,System.Nullable`1[[system.Boolean,

mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&)}|Error

0xe_BIOS_HARDWARE_ERROR from BIOS WMI call Read/03h while getting ALS state

Error - 15/11/2012 22:35:22 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5

Description = 2012/11/16 10:35:22.913|00001700|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 15/11/2012 22:35:26 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5

Description = 2012/11/16 10:35:26.556|00001A6C|Error |[CaslWmi]CommandALS::GetALSInfoFromBIOS{hpCasl.enReturnCode(System.Nullable`1[[system.Boolean,

mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&,System.Nullable`1[[system.Boolean,

mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]&)}|Error

0xe_BIOS_HARDWARE_ERROR from BIOS WMI call Read/03h while getting ALS state

Error - 15/11/2012 22:35:26 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = CaslWmi | ID = 5

Description = 2012/11/16 10:35:26.731|00001A6C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]

Error - 13/10/2012 23:09:39 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain PORTALDOM due to the following: %%1311 This may lead to authentication

problems. Make sure that this computer is connected to the network. If the problem

persists, please contact your domain administrator. ADDITIONAL INFO If this computer

is a domain controller for the specified domain, it sets up the secure session to

the primary domain controller emulator in the specified domain. Otherwise, this

computer sets up the secure session to any domain controller in the specified domain.

Error - 13/10/2012 23:10:10 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 13/10/2012 23:10:11 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 13/10/2012 23:48:24 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 13/10/2012 23:48:25 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 14/10/2012 03:17:40 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain PORTALDOM due to the following: %%1311 This may lead to authentication

problems. Make sure that this computer is connected to the network. If the problem

persists, please contact your domain administrator. ADDITIONAL INFO If this computer

is a domain controller for the specified domain, it sets up the secure session to

the primary domain controller emulator in the specified domain. Otherwise, this

computer sets up the secure session to any domain controller in the specified domain.

Error - 14/10/2012 09:51:50 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain PORTALDOM due to the following: %%1311 This may lead to authentication

problems. Make sure that this computer is connected to the network. If the problem

persists, please contact your domain administrator. ADDITIONAL INFO If this computer

is a domain controller for the specified domain, it sets up the secure session to

the primary domain controller emulator in the specified domain. Otherwise, this

computer sets up the secure session to any domain controller in the specified domain.

Error - 14/10/2012 09:52:25 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 14/10/2012 09:52:28 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 14/10/2012 20:32:52 | Computer Name = RHB-183131-CAPS.portaldom.ent.intranet.rhbbank.com | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain PORTALDOM due to the following: %%1311 This may lead to authentication

problems. Make sure that this computer is connected to the network. If the problem

persists, please contact your domain administrator. ADDITIONAL INFO If this computer

is a domain controller for the specified domain, it sets up the secure session to

the primary domain controller emulator in the specified domain. Otherwise, this

computer sets up the secure session to any domain controller in the specified domain.

< End of report >

Link to post
Share on other sites

A quick question.....what browser are you using when you are getting the popups? Also....IF we were to remove the proxy settings would you be able to reestablish them on your own later?

Link to post
Share on other sites

Ok thank you for those....

Please go to: VirusTotal

On the page you'll find a "Choose File" button.

Click on the Choose File button.

In the Choose File to Upload window which opens, copy and paste these seperately into the File Name box.

C:\windows\System32\drivers\wdfgifi.sys

C:\windows\System32\drivers\wdfghdi.sys

C:\windows\System32\drivers\wdfghgc.sys

Next, click the Open button.

Then click the "Scan It!" button just below.

This will scan the file. Please be patient.

If you get a message saying File has already been analyzed: click Reanalyze file now

Once scanned, copy and paste the link to the results page in your next reply.

----------

Link to post
Share on other sites

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

----------

Run OTL.exe

  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\..\SearchScopes\{8B3D2273-DB7B-43A9-8AC5-B30E4D63ED5C}: "URL" = http://websearch.ask...9E-58B3E84C5C7C
    IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.myoneportal.*;myoneportal.*;172.*;im.rhbbank.*;esshr.*;*.intranet.*;<local>
    IE - HKU\S-1-5-21-809447956-1472028839-2767360324-58023\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.26.21.99:8088
    :Files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Post the new OTL log and let me know how your system is running. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.