Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

16 bit ms-dos subsystem error

Started by Whit3436 , Apr 08 2013 02:25 AM

  • Please log in to reply

#1
Whit3436
Posted 08 April 2013 - 02:25 AM

Whit3436

    Member

  • Member
  • PipPip
  • 11 posts
Each time I boot my PC running Win 7 32 bit I obtain an error message:

16 bit MS-DOS subsystem
taskeng.exe
The NTVDM CPU has encountered an illegal instruction.
CS:055a IP:010e OP:8f19 de 8f 19 Choose close to terminate the application.

I have run the usual spyware, malware applications without success.

Hijackthis run in safe mode:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:26:03, on 08/04/13
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whitakersopticians.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - (no file)
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RegTool] C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Relcon Auto Copy.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .csd: C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll
O12 - Plugin for .esd: C:\Program Files\Gemalto\eSigner4\plugin\NXPlugIn.dll
O12 - Plugin for .i4t: C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll
O15 - Trusted Zone: http://www.samsungsetup.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...ols/pcmatic.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.c...stem/iCloud.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...rl.cab?lmi=1007
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AFD Registration Service (afdReg) - AFD Computers - C:\Postcode\AFDService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSL Share Memory (GslShmSrvc) - Gemalto - C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OCP Daemon (OCPDaemon) - Ocuco Ltd. - C:\Reltem\OCPDaemon.exe
O23 - Service: OCP Client Service (OCPService) - Ocuco Ltd. - c:\programs\focus\ocp\OCPClient.EXE
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 9790 bytes

Please help
  • 0

Advertisements

#2
crooleeck
Posted 08 April 2013 - 09:33 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi Whit3436 and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:
  • Please watch this topic. Part of the fix may require you to being Safe Mode, which will not allow you to access the internet, or my instructions! Please save or print following instrucions.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
  • You must reply within 3 days or your topic will be closed
  • Please right click on every tool and choose Run as Administrator

We no longer use HJT as it does not show enough information to deal with current infections.

Whit3436, can you boot computer in normal mode? If no, please boot in safemode with networking.

Step 1:
Posted ImageOTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

  • Download OTL to your desktop.
  • Double click on the OTL icon to run it.
    Posted Image
    Make sure all other windows are closed and to let it run uninterrupted.
  • Select: options:
    • All users.
    • 64-bit scan if appears.
    • Under Extra registry select Use SafeList
    • LOP Check
    • Purity Check
      Posted Image
  • Under the Custom Scan box paste this in:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    taskeng.exe
    /md5stop
    CREATERESTOREPOINT

  • Click the Run scan button.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
Posted Image
  • 0

#3
Whit3436
Posted 08 April 2013 - 11:11 AM

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Many thanks for helping me with this problem. I am able to boot windows normally. I include the required information:

OTL Extras logfile created on: 08/04/13 17:44:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JBW\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

3.24 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.67% Memory free
6.48 Gb Paging File | 5.16 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 833.75 Gb Total Space | 746.98 Gb Free Space | 89.59% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 92.49 Gb Free Space | 94.71% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: JBW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDA131A-040C-4AD9-8BD2-AAC7170626E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C5F34CB-83C1-4759-867B-E242D7F945B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{27495F43-5244-4903-85F3-1CA5175C632C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3308FE71-7F29-4463-9F17-B4B8982C1FD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{43292086-5FD8-4A4D-8BDE-7DF6692A9777}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C927D5D-CEA3-45FC-B993-8A8F622D5976}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AF6941D-2D9F-4230-B24F-914B39371875}" = rport=139 | protocol=6 | dir=out | app=system |
"{77C9E85E-6FBA-4533-AE71-6E813BAC8BD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A07C55-FF2D-4FAE-8427-F0C8E8D29103}" = lport=445 | protocol=6 | dir=in | app=system |
"{9437FA0E-A56E-4091-8DA7-1E14C66146EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2A32799-4483-4A17-AFCD-F1A01C25C558}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8AFD15A-9585-4A23-97E8-011E279676FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{DEB8E856-BC65-4A10-9981-960DF01FCF64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F4839E94-D6F3-445D-8FBC-5BBAC1CA38E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3110F2-56B7-4641-80AD-3D9128D1F9D3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{16F24433-7C28-4BC7-9C7B-212D5A4EEEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EAE00C0-343E-45EB-8400-FB4F76C32D39}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{215623D2-2EC0-4079-8640-35D42224ECA4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2189342B-82D7-479A-BE0A-662A39DBFFC1}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45E6BC5E-89B8-4780-8324-449B799503CD}" = protocol=1 | dir=out | [email protected],-28544 |
"{5B09C823-682E-45E4-9CC7-B886C2DEAA75}" = protocol=6 | dir=in | app=c:\users\jbw\appdata\local\temp\ins1434\setup\bin\maininst.exe |
"{61236F9E-AC4C-4FEA-BB35-0AF0768E9270}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{64789202-5A63-4D08-A3A9-96CEA25D0668}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{6F7C8197-04E6-4B26-93EA-8AE5A9B68FEB}" = protocol=17 | dir=in | app=c:\users\jbw\appdata\local\temp\ins1434\setup\bin\maininst.exe |
"{B01E3899-5C72-4570-B636-F214F85D80F3}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{B258A8A3-24E5-452D-9BBB-458CC14B1E5A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B382C34F-F345-4C66-86E0-E4D8AF6E5E45}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B87B8064-E543-4FC9-A423-8A8FD422866C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D485C3FF-5473-4681-8B17-E1A1F3BA2742}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA190892-40B9-471A-9F06-98640F651167}" = protocol=58 | dir=out | [email protected],-28546 |
"{DBD43989-8E2C-4AB2-8EE2-2C88CC2EC561}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E86F44FC-F0DE-4715-812E-766CA37E71E8}" = protocol=1 | dir=in | [email protected],-28543 |
"{EA3924D0-5F5B-49C6-B78A-00110B9204B7}" = protocol=58 | dir=in | [email protected],-28545 |
"{EA6A4029-2A2B-4C43-929B-500CB6C6E963}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EDEB2244-40C2-4B13-9361-8CF5E71E6D04}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"TCP Query User{074DCA81-DA5E-4497-B844-4537A2D4C62A}C:\bbm2\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"TCP Query User{340FB712-ADA3-4483-958E-657CDECC1428}C:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{9C1A7B9F-6395-4D01-B415-58E0D656E35B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B98227E7-AADB-41BF-BB1C-4753FCA30D38}C:\bbm2\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"TCP Query User{F92CE454-D61F-461C-8CD4-38A267B77214}C:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
"UDP Query User{36C63A26-E945-4C07-A3F5-C9A6BC587C5B}C:\bbm2\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"UDP Query User{5BE25432-E500-4AED-8540-08D9EF801EE4}C:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{6552AC54-8580-41C1-9042-8B57B09FF865}C:\bbm2\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"UDP Query User{981AC934-D791-4F81-BEFB-CAB4837B3C6C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BEB611DB-7612-40A3-A258-3FEDC117AB79}C:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BB0B797-0AA6-4502-8A38-CADE642B2A83}" = Payroll for Windows
"{1BF84DA0-739B-4377-924E-CFE971C3D1BE}" = Payroll for Windows
"{1E1645F2-8392-48DD-9B4C-7ACEF84D0093}" = Payroll for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDDF4C1-065C-4991-A671-595AA27E1DC0}" = Payroll for Windows
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack for Acronis True Image Home 2011
"{2F278454-2DC0-4DD6-A6C4-169D04E04AF3}" = Payroll for Windows
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.574
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEC07EB-2F06-40E3-B65F-1D3C76DE2614}" = Payroll for Windows
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EAF5FBB-866D-48B7-B14C-9C8D6EE657A0}" = Sage 50 Payroll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59AB7E85-011F-461C-82BA-EFBFE50FFD39}" = Payroll for Windows
"{5FE92453-1E04-4385-9D3B-D9B3F02F556A}" = Payroll for Windows
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{66B35780-9D34-4586-B60A-AEFBFD53976E}" = Classic Client 6.2 Patch2
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C67FEB0-2239-4067-93FC-786DBD50C42D}" = Sage 50 Payroll
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7750CBEE-F699-4BC6-8BE1-CDCAC1869948}" = Sage Payroll for Windows
"{7A72BB89-4DF0-4E3A-9600-B4902E413013}" = Payroll for Windows
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BFFB061-871B-42FA-A82D-0F01BB12C2B4}" = Payroll for Windows
"{8F79B3FC-63E7-4D22-A9A8-D594577F44D1}" = Payroll for Windows
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC7EBFD-FC6A-4457-ADCC-AD38109DE07B}" = Sage 50 Payroll
"{9E72092A-D367-4901-9D61-03C60A450C5C}" = Payroll for Windows
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A8817A8C-7D1F-4135-91AD-AFE21E1B357F}" = Payroll for Windows
"{A8C26AA6-E114-43F0-AEB0-CC3C39DB31C6}" = Payroll for Windows
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B02B8634-14E4-4AA8-B712-210524D15A5A}" = Payroll for Windows
"{B2D9AFFC-4404-45A8-96E1-745272128B3D}" = Sage 50 Payroll
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B623097F-94D1-4271-8656-55459D41B5D2}" = Payroll for Windows
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB0F2F68-0805-47DD-A99D-E74264048BD6}" = Payroll for Windows
"{BD1C084C-9F03-4D52-B9AD-9AD15DF5D6D9}" = Payroll for Windows
"{C96C56FE-03C4-4CE6-AAFF-2642B09BB72B}" = eSigner 4.2 Corp Gold
"{CCF300E5-E44B-43FA-BF8E-9E83EFD7413C}" = Payroll for Windows
"{E496E82A-526D-47D3-9366-9FAF0A135A8F}" = Sage Instant Accounts
"{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0
"{EDD98960-C99E-4B6C-803A-270F49AA83C6}" = Sage 50 Payroll
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA586006-3667-4F43-97E7-98E2A39A41A6}" = Payroll for Windows
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AFD Postcode" = AFD Postcode
"CNXT_MODEM_USB_ACF" = USB ACF Modem
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{E496E82A-526D-47D3-9366-9FAF0A135A8F}" = Sage Instant Accounts V12.00
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"Samsung CLP-320 Series" = Maintenance Samsung CLP-320 Series
"SetIP" = SetIP
"ST6UNST #1" = Focus Install CD
"ST6UNST #2" = Relcon Utilities
"WNLT" = IB Updater Service

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.139]: [00005956]: Initialize TwdsMain
Class failed!

Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.186]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.186]: [00005956]: Initialize TwdsMain
Class failed!

Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.326]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.326]: [00005956]: Initialize TwdsMain
Class failed!

Error - 06/04/13 04:43:36 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:36.934]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 06/04/13 04:43:36 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:36.934]: [00005956]: Initialize TwdsMain
Class failed!

Error - 06/04/13 04:43:37 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:37.106]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 06/04/13 04:43:37 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:37.106]: [00005956]: Initialize TwdsMain
Class failed!

Error - 08/04/13 04:51:23 | Computer Name = Server | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 08/04/13 03:27:02 | Computer Name = Server | Source = DCOM | ID = 10005
Description =

Error - 08/04/13 03:27:02 | Computer Name = Server | Source = DCOM | ID = 10005
Description =

Error - 08/04/13 03:27:02 | Computer Name = Server | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 08/04/13 03:27:40 | Computer Name = Server | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 08/04/13 03:27:42 | Computer Name = Server | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 08/04/13 03:29:59 | Computer Name = Server | Source = Service Control Manager | ID = 7000
Description = The DES2 Service for Energy Saving. service failed to start due to
the following error: %%2

Error - 08/04/13 03:30:20 | Computer Name = Server | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 08/04/13 03:32:22 | Computer Name = Server | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 08/04/13 03:32:22 | Computer Name = Server | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 08/04/13 12:43:39 | Computer Name = Server | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on cannot be read.


< End of report >

OTL logfile created on: 08/04/13 17:44:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JBW\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

3.24 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.67% Memory free
6.48 Gb Paging File | 5.16 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 833.75 Gb Total Space | 746.98 Gb Free Space | 89.59% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 92.49 Gb Free Space | 94.71% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: JBW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/08 17:16:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JBW\Desktop\OTL.exe
PRC - [2013/01/29 15:29:00 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/01 15:48:03 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/01 15:47:25 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/10/02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/26 08:45:55 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/08/21 15:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/08/21 15:43:58 | 000,105,120 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/07/05 15:11:14 | 000,008,192 | ---- | M] (Microsoft) -- C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
PRC - [2012/07/02 14:17:42 | 000,943,104 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
PRC - [2011/11/14 17:33:52 | 000,667,200 | ---- | M] (AFD Computers) -- C:\Postcode\AFDService.exe
PRC - [2011/09/22 23:00:14 | 005,551,288 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/09/22 16:00:56 | 002,537,096 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2011/07/06 13:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/05/19 09:59:20 | 015,323,648 | ---- | M] (Ocuco Ltd.) -- c:\Programs\Focus\ocp\OCPClient.exe
PRC - [2011/05/12 23:28:26 | 000,085,504 | ---- | M] (Gemalto) -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
PRC - [2011/03/01 11:54:38 | 005,513,728 | ---- | M] (Ocuco Ltd.) -- C:\Reltem\OCPDaemon.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/09 13:20:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/09 13:20:34 | 000,284,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/01 22:36:02 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 22:35:58 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/15 08:57:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/15 08:57:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/11 09:46:59 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8512de7f67e0dedb9389e0cd471af0e7\IAStorUtil.ni.dll
MOD - [2013/01/11 09:46:59 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3f84870783e405d3c07cc8d8846f0750\IAStorCommon.ni.dll
MOD - [2013/01/11 09:41:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 09:41:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 09:40:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 09:40:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll
MOD - [2013/01/11 09:40:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 09:40:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 09:40:33 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/07/02 14:17:42 | 000,943,104 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
MOD - [2011/09/22 23:00:00 | 011,216,504 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011/07/06 13:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2013/01/29 15:29:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/01 15:48:03 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/01 15:47:25 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/26 08:45:55 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/09/10 07:48:07 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/21 15:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/07/05 15:11:14 | 000,008,192 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe -- (Sage AutoUpdate Manager Service)
SRV - [2011/11/14 17:33:52 | 000,667,200 | ---- | M] (AFD Computers) [Auto | Running] -- C:\Postcode\AFDService.exe -- (afdReg)
SRV - [2011/05/19 09:59:20 | 015,323,648 | ---- | M] (Ocuco Ltd.) [Auto | Running] -- c:\programs\focus\ocp\OCPClient.EXE -- (OCPService)
SRV - [2011/05/12 23:28:26 | 000,085,504 | ---- | M] (Gemalto) [Auto | Running] -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe -- (GslShmSrvc)
SRV - [2011/05/05 19:49:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/01 11:54:38 | 005,513,728 | ---- | M] (Ocuco Ltd.) [Auto | Running] -- C:\Reltem\OCPDaemon.exe -- (OCPDaemon)
SRV - [2011/02/09 13:20:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/01 22:35:58 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 06:06:34 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\ACFXAU32.dll -- (AcfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/01 15:47:26 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/10 22:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/26 08:45:57 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/09/26 08:45:51 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2012/09/26 08:45:50 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/09/26 08:32:51 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/09/17 08:41:44 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/02/25 13:24:38 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/02/24 09:32:34 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/11/03 04:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/03 04:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/10/26 16:19:02 | 000,136,704 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/10/26 16:19:00 | 000,058,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/09/10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/09/02 08:02:14 | 000,087,424 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFVA32.sys -- (acfva)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/08 18:34:18 | 000,090,752 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GPinPad.sys -- (GPinPad)
DRV - [2009/04/29 06:06:28 | 000,028,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFDCP32.sys -- (dgcfltr)
DRV - [2009/04/29 06:06:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.sys -- (XAudio)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007/03/15 10:52:34 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFSDK32.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitakersopticians.co.uk/
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{42E8D86C-31B0-43b8-B41C-DE4A4575FA9E}: "URL" = http://www.google.co...2788:4067623346
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...GGHP_en-GBGB430
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{743D8795-FFD1-4f98-A0DC-86E6800A90B8}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{8C1DC94F-A678-412d-B8B7-75EB957D7C3C}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@gemalto.com/eSigner4x: C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/03/01 08:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013/03/01 08:49:04 | 000,000,000 | ---D | M]

[2012/10/27 11:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/03/25 09:20:45 | 000,446,020 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - Reg Error: Value error. File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RegTool] C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O12 - Plugin for: .csd - C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
O12 - Plugin for: .esd - C:\Program Files\Gemalto\eSigner4\plugin\NXPlugIn.dll (Gemalto)
O12 - Plugin for: .i4t - C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: bacs.co.uk ([paymentservices] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([ams] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([ibank1.bib] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([www.iceb] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.net ([cashmanagement] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclayswealth.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: fpsdca.co.uk ([paymentservices] https in Trusted sites)
O15 - HKLM\..Trusted Domains: tradeonlineservices.com ([europe] https in Trusted sites)
O15 - HKLM\..Trusted Domains: voca.com ([iplservices] https in Trusted sites)
O15 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..Trusted Domains: nhs.net ([web] https in Trusted sites)
O15 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.120.234.26 62.6.40.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B86EAF7-9FBE-42CE-9B30-FEA7D2C6E2EF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A016AF20-47C2-4FC4-B1C4-EDAEB88EBE5A}: DhcpNameServer = 213.120.234.26 62.6.40.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C096A644-6631-41CA-A896-2536B8FFED1B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/08 17:16:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JBW\Desktop\OTL.exe
[2013/04/08 08:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/26 02:21:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/25 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\JBW\AppData\Local\PSU
[2013/03/23 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\JBW\Desktop\Telephone Bills
[2013/03/13 18:32:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/13 18:32:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/13 18:32:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/13 18:32:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/13 18:32:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/13 18:32:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/13 18:32:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/13 18:32:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/11 18:32:24 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 18:32:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 18:32:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

========== Files - Modified Within 30 Days ==========

[2013/04/08 17:45:36 | 000,631,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/08 17:45:36 | 000,111,480 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/08 17:45:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/08 17:16:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JBW\Desktop\OTL.exe
[2013/04/08 16:08:03 | 000,017,980 | ---- | M] () -- C:\Windows\Sage.ini
[2013/04/08 11:39:07 | 000,012,004 | ---- | M] () -- C:\Windows\postcode.ini
[2013/04/08 11:16:06 | 000,004,619 | ---- | M] () -- C:\ DRS Appointments.rtf
[2013/04/08 10:21:12 | 000,001,268 | ---- | M] () -- C:\Windows\System32\SGLCH32.USR
[2013/04/08 09:21:06 | 000,002,510 | ---- | M] () -- C:\Users\JBW\Desktop\sysnet.exe boot-startup error [RESOLVED] - Geeks to Go Forums.url
[2013/04/08 08:45:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 08:37:24 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 08:37:24 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 08:30:05 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/04/08 08:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/08 08:29:34 | 2610,470,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 10:05:50 | 000,018,636 | ---- | M] () -- C:\ 1st Retinal Invoice.rtf
[2013/04/02 14:59:58 | 000,000,728 | ---- | M] () -- C:\Windows\SGREP32.INI
[2013/04/02 12:02:15 | 000,000,000 | ---- | M] () -- C:\Windows\map.ini
[2013/04/02 12:01:56 | 000,000,034 | RHS- | M] () -- C:\Windows\afdpc.flg
[2013/04/02 11:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/03/25 19:03:34 | 400,026,731 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/25 18:19:57 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2013/03/25 15:47:04 | 000,000,530 | ---- | M] () -- C:\SAL2503.CSV
[2013/03/25 09:20:45 | 000,446,020 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/20 18:09:45 | 000,004,102 | ---- | M] () -- C:\Users\JBW\Desktop\How to Repair a Corrupt Windows 7 Installation PCWorld.url
[2013/03/15 09:13:02 | 000,000,376 | ---- | M] () -- C:\Users\JBW\Desktop\The Dispensing Project Practice Building.url
[2013/03/15 09:02:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/15 09:02:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/14 09:15:25 | 000,001,137 | ---- | M] () -- C:\Users\JBW\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/03/13 16:37:56 | 000,000,054 | ---- | M] () -- C:\Windows\Payroll.ini
[2013/03/13 16:37:53 | 000,000,585 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/03/13 16:37:53 | 000,000,365 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013/03/11 18:32:05 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/11 18:32:03 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/03/11 18:32:03 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/11 18:32:03 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 18:32:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 18:32:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2013/04/08 07:57:55 | 000,002,510 | ---- | C] () -- C:\Users\JBW\Desktop\sysnet.exe boot-startup error [RESOLVED] - Geeks to Go Forums.url
[2013/04/04 14:19:01 | 000,004,619 | ---- | C] () -- C:\ DRS Appointments.rtf
[2013/03/25 15:47:04 | 000,000,530 | ---- | C] () -- C:\SAL2503.CSV
[2013/03/20 18:09:45 | 000,004,102 | ---- | C] () -- C:\Users\JBW\Desktop\How to Repair a Corrupt Windows 7 Installation PCWorld.url
[2013/03/15 09:13:02 | 000,000,376 | ---- | C] () -- C:\Users\JBW\Desktop\The Dispensing Project Practice Building.url
[2013/03/13 16:37:54 | 001,758,970 | ---- | C] () -- C:\Users\Public\Desktop\Sage 50 Payroll Year End guide.pdf
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2012/11/03 10:09:51 | 000,000,493 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/01 22:36:12 | 000,263,318 | ---- | C] () -- C:\Users\JBW\AppData\Local\census.cache
[2012/11/01 22:35:34 | 000,129,136 | ---- | C] () -- C:\Users\JBW\AppData\Local\ars.cache
[2012/11/01 21:57:44 | 000,000,036 | ---- | C] () -- C:\Users\JBW\AppData\Local\housecall.guid.cache
[2012/10/27 11:51:46 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012/09/21 15:10:48 | 000,000,569 | ---- | C] () -- C:\Windows\System32\TdQVDMu.exe
[2012/09/14 15:34:06 | 000,368,640 | ---- | C] () -- C:\Windows\System32\SGCDlg32.dll
[2012/09/14 15:34:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGStat32.dll
[2012/09/14 15:33:50 | 000,372,736 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2012/09/14 15:33:34 | 000,303,104 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2012/09/14 15:33:28 | 000,012,288 | ---- | C] ( ) -- C:\Windows\System32\Interop.SGSTDREGLib.dll
[2012/09/14 15:33:14 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2012/09/14 15:33:08 | 000,290,816 | ---- | C] () -- C:\Windows\System32\SGSchemeXML.dll
[2012/09/14 15:32:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2012/09/14 15:32:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2012/09/14 15:32:32 | 000,294,912 | ---- | C] () -- C:\Windows\System32\SGTBar32.dll
[2012/09/14 15:32:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2012/09/14 15:32:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SGAppBar.dll
[2012/09/14 15:32:20 | 000,008,192 | ---- | C] ( ) -- C:\Windows\System32\Interop.SGREGISTERLib.dll
[2012/09/14 15:31:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2012/09/14 15:31:48 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2012/09/14 15:31:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGLogo32.dll
[2012/09/14 15:31:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2012/09/14 15:31:40 | 000,262,144 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2012/09/14 15:31:34 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2012/09/14 15:31:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SG3D32.dll
[2012/09/14 15:31:06 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2012/09/14 15:30:46 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2012/04/13 08:38:00 | 000,058,944 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/02/24 09:24:43 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012/01/24 11:09:54 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2011/12/17 12:56:36 | 000,007,606 | ---- | C] () -- C:\Users\JBW\AppData\Local\Resmon.ResmonCfg
[2011/12/09 16:02:45 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011/12/09 16:02:45 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/12/09 16:02:45 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011/12/09 16:02:45 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011/12/08 12:57:00 | 000,000,062 | ---- | C] () -- C:\Windows\TmfLogo.INI
[2011/11/09 14:58:12 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/06/29 13:10:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/06/29 13:10:19 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/06/29 13:10:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/06/21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011/06/09 08:29:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/18 09:18:44 | 000,245,312 | ---- | C] () -- C:\Windows\System32\pcode32.dll
[2011/05/16 10:39:40 | 000,000,054 | ---- | C] () -- C:\Windows\Payroll.ini
[2011/05/13 09:41:35 | 000,000,000 | ---- | C] () -- C:\Windows\map.ini
[2011/05/13 09:39:33 | 000,000,029 | ---- | C] () -- C:\Windows\CHANGE.INI
[2011/05/13 09:39:19 | 000,012,004 | ---- | C] () -- C:\Windows\postcode.ini
[2011/05/13 09:39:18 | 000,066,332 | ---- | C] () -- C:\Windows\System32\zlib16.dll
[2011/05/13 09:39:17 | 000,651,328 | ---- | C] () -- C:\Windows\System32\change32.dll
[2011/05/13 09:39:17 | 000,165,376 | ---- | C] () -- C:\Windows\System32\postcode.dll
[2011/05/13 09:39:17 | 000,100,928 | ---- | C] () -- C:\Windows\System32\afdutl32.dll
[2011/05/13 09:39:17 | 000,077,568 | ---- | C] () -- C:\Windows\System32\afdutl16.dll
[2011/05/12 20:54:02 | 000,038,430 | ---- | C] () -- C:\Users\JBW\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/05/12 18:57:43 | 000,000,728 | ---- | C] () -- C:\Windows\SGREP32.INI
[2011/05/12 07:02:24 | 000,000,312 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/12 07:02:24 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/12 06:53:22 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/10 11:38:59 | 000,000,000 | ---- | C] () -- C:\Users\JBW\AppData\Local\{6729FD7D-2249-4C84-B932-94D56C532A02}
[2011/05/10 08:13:04 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/10 08:13:04 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2011/05/06 21:59:35 | 000,000,071 | ---- | C] () -- C:\Windows\System32\RelCPath.dll
[2011/05/05 20:12:25 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/05/05 17:04:47 | 000,032,256 | ---- | C] () -- C:\Windows\System32\_RegTLB.dll
[2011/05/05 16:40:56 | 000,000,365 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/05 16:12:38 | 000,000,585 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/05 07:28:32 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2011/05/05 07:28:32 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2011/05/05 07:08:24 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/05 07:05:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/05/15 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\1387BAB6-D4A0-47E6-88E2-04DE48B888E2
[2011/05/15 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\47C40ABB-3E53-466D-AD36-FC30B2F1A4F8
[2012/03/08 19:43:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\6D8A3940-41F5-4878-B752-62F645E62197
[2012/03/08 18:06:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\7CD02EB4-5780-4EAD-996C-C98F393E7A7C
[2011/06/13 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\8961EC84-40FC-4B46-B7EB-A3E89624DADB
[2011/10/08 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\90F8AAED-62B2-40B4-B165-A86818CFE75D
[2012/03/08 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\92B92703-1344-485F-A62A-B9E3E0690B1A
[2011/11/04 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Acronis
[2011/07/09 09:06:23 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\B05A9F4D-2DE1-4052-A78D-42AC35E689A6
[2012/03/08 19:43:06 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\B782AE1A-F024-4264-BA94-2E8F3F006AC3
[2012/02/25 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\BFFF3BBE-6BE4-4FCF-9BA1-8D5F016A4175
[2011/10/08 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\C6152BD8-A9F0-4666-A4BB-3A719D35CE58
[2011/06/30 07:39:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\ControlCenter4
[2012/02/25 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\DF6AC55D-4A3A-4B3B-B117-82F24CFA57E0
[2012/09/26 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\F4A5F31E-3E28-423C-8D5C-64734A7567EF
[2011/12/24 11:52:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\GetRightToGo
[2012/09/01 08:37:00 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\NTI
[2012/06/18 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\ntr
[2011/06/30 07:58:33 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Nuance
[2011/11/16 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Product_RM
[2011/12/22 09:22:08 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Registry Mechanic
[2012/03/15 15:03:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Sage
[2011/11/09 09:09:43 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Zeon

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 13:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/12/18 15:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DOC >
[2011/10/31 09:22:30 | 000,043,520 | ---- | M] () MD5=68FF5C26D2D01CA2394E03624E141104 -- C:\Work Tasks\Website OLD\Old Webpages\Services.doc
[2011/10/31 09:22:30 | 000,043,520 | ---- | M] () MD5=68FF5C26D2D01CA2394E03624E141104 -- C:\Work Tasks\Website\Services.doc
[2011/12/20 09:47:40 | 000,022,528 | ---- | M] () MD5=FC1C4C27FAEE7DF52BA0E77A6CD2715B -- C:\Work Tasks\Website OLD\Website files\Services.doc
[2011/12/20 09:47:40 | 000,022,528 | ---- | M] () MD5=FC1C4C27FAEE7DF52BA0E77A6CD2715B -- C:\Work Tasks\Website\Page Text\Services.doc

< MD5 for: SERVICES.EXE >
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TASKENG.EXE >
[2010/11/02 05:24:43 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=41C52AF44FB96BDDB1EFB25D2D943BBA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe
[2010/11/20 13:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\System32\taskeng.exe
[2010/11/20 13:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe
[2009/07/14 02:14:42 | 000,190,464 | ---- | M] (Microsoft Corporation) MD5=DE5DACEBD4C89834EC6D2C41C8643CDA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe
[2010/11/02 05:34:44 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=F8952E80B7F778DA2F7AA8393CA2D30E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#4
crooleeck
Posted 08 April 2013 - 01:38 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1:
Uninstall adware toolbars.
Please go to Start Menu -> Control Panel -> Programs and Features and remove following programs:
  • IB Updater Service
  • Incredibar Toolbar on IE


I'm also recommending uninstall PC Tools Registry Mechanic 11.1 - this kind of software may causing system errors.

Step 2:
OTL fix:
Please copy following script:

:otl
SRV - File not found [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2013/01/29 15:29:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/03/01 08:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013/03/01 08:49:04 | 000,000,000 | ---D | M]
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EDEB2244-40C2-4B13-9361-8CF5E71E6D04}"=-
"{B382C34F-F345-4C66-86E0-E4D8AF6E5E45}"=-
"{B258A8A3-24E5-452D-9BBB-458CC14B1E5A}"=-
"{61236F9E-AC4C-4FEA-BB35-0AF0768E9270}"=-

:files
c:\windows\system32\dmwu.exe
C:\Program Files\IB Updater

:commands
[emptytemp]

Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.

Step 3:
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
  • Download GMER to your desktop.
  • Run randomly named exe file
    Posted Image
  • Wait to finish pre-scan. If any rootkit activity has been detected:
    Posted Image
  • Click No
  • Then press Copy button, open notepad, paste and save as pregmer.txt on your desktop. Don't try to fix it. They may be false positives! Do full scan.
  • Unselect Quick scan.
  • Select C:\
    Posted Image
  • Note: If your system partition is not C, select right partition.
  • Press Scan button.
  • This scan may take long, be patient and wait for finish:
    Posted Image
  • Then press Copy button, open notepad, paste and save as gmer.txt on your desktop.
  • Post all gmer logs.

Step 5:
Could you take a screenshot with The NTVDM CPU has encountered an illegal instruction error?
In your next post I want to see:
  • OTL removal log
  • JRT removal log
  • GMER logs.
  • Screenshot

  • 0

#5
Whit3436
Posted 10 April 2013 - 02:30 AM

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Crooleeck

Find attached the requested files. I had to run GMER in Safe Mode as it gave error: "btdf8bob.exe has stopped working. A problem caused the program to stop working..."This was followed by BSOD. It worked ok in safe mode. It wouldn't permit me to upload the screenshot (you aren't permitted to upload this kind of file) - any ideas?

Many thanks

Attached Files


  • 0

#6
crooleeck
Posted 10 April 2013 - 12:24 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Whit3436, about screenshot: you need to use outside service like ImageShack to upload photos and post link for it. Please also post all next logs. It's easier to me analyze them in forum.

GMER is failing, so we will use another tool:

Step 1:
  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

    Posted Image
  • Click Exit to close program

  • 0

#7
Whit3436
Posted 11 April 2013 - 01:02 AM

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi crooleeck

Let me know if I am not supplying the correct info

Many thanks

Whit3436

Attached Thumbnails

  • Screenshot.jpg

Attached Files


  • 0

#8
crooleeck
Posted 11 April 2013 - 01:21 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1: Start the System Configuration Utility

1.Click Start, click Run, type msconfig, and then click OK.
2.The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options

1.In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2.Click to clear the Process SYSTEM.INI File check box.
3.Click to clear the Process WIN.INI File check box.
4.Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5.Click the Services tab.
6.Click to select the Hide All Microsoft Services check box.
7.Click Disable All, and then click OK.
8.When you are prompted, click Restart to restart the computer.
  • 0

#9
Whit3436
Posted 12 April 2013 - 01:36 AM

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Crooleeck

I am unable to find the SYSTEM.INI File check box, WIN.INI File check box, Use Original BOOT.INI in the Win 7 System Configuration Utility dialog box. I did everything else as recommended and the error still appears.

Interestingly, if I don't select Services - Windows Event log the error does not appear. This may be relevant.

Many thanks

Whit3436
  • 0

#10
crooleeck
Posted 14 April 2013 - 07:26 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
OK, I need ask you for one more log.

If you use Internet Explorer, please download by clicking on this link Silent Runner's save it to your Desktop

If you use FireFox right-click on the above link and choose "Save Link As" and save it to your Desktop..
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done! , you can then attach this text file log to your next message.

NOTE: If you receive any warning messages from your antivirus or antispyware programs about a script trying to be run , please choose to allow the script to run.
  • 0

Advertisements

#11
Whit3436
Posted 15 April 2013 - 01:15 AM

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Find attached the Silent Runners log.

Many thanks

Whit3436

Attached Files


  • 0

#12
crooleeck
Posted 16 April 2013 - 04:02 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Whit3436, please be patient, I'll post in next 24 hours ;) terribly sorry for delay.
  • 0

#13
crooleeck
Posted 17 April 2013 - 01:20 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1:
OTL fix:
Please copy following script:

:processes
KILLALLPROCESSES

:files
schtasks /delete /tn TdQVDMu /c
C:\Windows\system32\TdQVDMu.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Relcon Auto Copy.exe

:commands
[reboot]

Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.
  • 0

#14
Whit3436
Posted 18 April 2013 - 12:29 PM

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks crooleck
I don't know how you did it, but that seems to have fixed the error. Find attached the logfile.
Whit3436

Attached Files


  • 0

#15
crooleeck
Posted 18 April 2013 - 02:31 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Whit3436, I'm happy to hear that. Could you run Silent Runners again?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP