Many thanks for helping me with this problem. I am able to boot windows normally. I include the required information:
OTL Extras logfile created on: 08/04/13 17:44:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JBW\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy
3.24 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.67% Memory free
6.48 Gb Paging File | 5.16 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 833.75 Gb Total Space | 746.98 Gb Free Space | 89.59% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 92.49 Gb Free Space | 94.71% Space Free | Partition Type: NTFS
Computer Name: SERVER | User Name: JBW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDA131A-040C-4AD9-8BD2-AAC7170626E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C5F34CB-83C1-4759-867B-E242D7F945B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{27495F43-5244-4903-85F3-1CA5175C632C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3308FE71-7F29-4463-9F17-B4B8982C1FD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{43292086-5FD8-4A4D-8BDE-7DF6692A9777}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C927D5D-CEA3-45FC-B993-8A8F622D5976}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AF6941D-2D9F-4230-B24F-914B39371875}" = rport=139 | protocol=6 | dir=out | app=system |
"{77C9E85E-6FBA-4533-AE71-6E813BAC8BD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A07C55-FF2D-4FAE-8427-F0C8E8D29103}" = lport=445 | protocol=6 | dir=in | app=system |
"{9437FA0E-A56E-4091-8DA7-1E14C66146EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2A32799-4483-4A17-AFCD-F1A01C25C558}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C8AFD15A-9585-4A23-97E8-011E279676FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{DEB8E856-BC65-4A10-9981-960DF01FCF64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{F4839E94-D6F3-445D-8FBC-5BBAC1CA38E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3110F2-56B7-4641-80AD-3D9128D1F9D3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{16F24433-7C28-4BC7-9C7B-212D5A4EEEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EAE00C0-343E-45EB-8400-FB4F76C32D39}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{215623D2-2EC0-4079-8640-35D42224ECA4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2189342B-82D7-479A-BE0A-662A39DBFFC1}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{45E6BC5E-89B8-4780-8324-449B799503CD}" = protocol=1 | dir=out |
[email protected],-28544 |
"{5B09C823-682E-45E4-9CC7-B886C2DEAA75}" = protocol=6 | dir=in | app=c:\users\jbw\appdata\local\temp\ins1434\setup\bin\maininst.exe |
"{61236F9E-AC4C-4FEA-BB35-0AF0768E9270}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{64789202-5A63-4D08-A3A9-96CEA25D0668}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{6F7C8197-04E6-4B26-93EA-8AE5A9B68FEB}" = protocol=17 | dir=in | app=c:\users\jbw\appdata\local\temp\ins1434\setup\bin\maininst.exe |
"{B01E3899-5C72-4570-B636-F214F85D80F3}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{B258A8A3-24E5-452D-9BBB-458CC14B1E5A}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B382C34F-F345-4C66-86E0-E4D8AF6E5E45}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B87B8064-E543-4FC9-A423-8A8FD422866C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D485C3FF-5473-4681-8B17-E1A1F3BA2742}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA190892-40B9-471A-9F06-98640F651167}" = protocol=58 | dir=out |
[email protected],-28546 |
"{DBD43989-8E2C-4AB2-8EE2-2C88CC2EC561}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E86F44FC-F0DE-4715-812E-766CA37E71E8}" = protocol=1 | dir=in |
[email protected],-28543 |
"{EA3924D0-5F5B-49C6-B78A-00110B9204B7}" = protocol=58 | dir=in |
[email protected],-28545 |
"{EA6A4029-2A2B-4C43-929B-500CB6C6E963}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EDEB2244-40C2-4B13-9361-8CF5E71E6D04}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"TCP Query User{074DCA81-DA5E-4497-B844-4537A2D4C62A}C:\bbm2\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"TCP Query User{340FB712-ADA3-4483-958E-657CDECC1428}C:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{9C1A7B9F-6395-4D01-B415-58E0D656E35B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B98227E7-AADB-41BF-BB1C-4753FCA30D38}C:\bbm2\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"TCP Query User{F92CE454-D61F-461C-8CD4-38A267B77214}C:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
"UDP Query User{36C63A26-E945-4C07-A3F5-C9A6BC587C5B}C:\bbm2\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"UDP Query User{5BE25432-E500-4AED-8540-08D9EF801EE4}C:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{6552AC54-8580-41C1-9042-8B57B09FF865}C:\bbm2\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\bbm2\w3dbsmgr.exe |
"UDP Query User{981AC934-D791-4F81-BEFB-CAB4837B3C6C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BEB611DB-7612-40A3-A258-3FEDC117AB79}C:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jbw\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BB0B797-0AA6-4502-8A38-CADE642B2A83}" = Payroll for Windows
"{1BF84DA0-739B-4377-924E-CFE971C3D1BE}" = Payroll for Windows
"{1E1645F2-8392-48DD-9B4C-7ACEF84D0093}" = Payroll for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDDF4C1-065C-4991-A671-595AA27E1DC0}" = Payroll for Windows
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack for Acronis True Image Home 2011
"{2F278454-2DC0-4DD6-A6C4-169D04E04AF3}" = Payroll for Windows
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.574
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEC07EB-2F06-40E3-B65F-1D3C76DE2614}" = Payroll for Windows
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EAF5FBB-866D-48B7-B14C-9C8D6EE657A0}" = Sage 50 Payroll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59AB7E85-011F-461C-82BA-EFBFE50FFD39}" = Payroll for Windows
"{5FE92453-1E04-4385-9D3B-D9B3F02F556A}" = Payroll for Windows
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{66B35780-9D34-4586-B60A-AEFBFD53976E}" = Classic Client 6.2 Patch2
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C67FEB0-2239-4067-93FC-786DBD50C42D}" = Sage 50 Payroll
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7750CBEE-F699-4BC6-8BE1-CDCAC1869948}" = Sage Payroll for Windows
"{7A72BB89-4DF0-4E3A-9600-B4902E413013}" = Payroll for Windows
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BFFB061-871B-42FA-A82D-0F01BB12C2B4}" = Payroll for Windows
"{8F79B3FC-63E7-4D22-A9A8-D594577F44D1}" = Payroll for Windows
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC7EBFD-FC6A-4457-ADCC-AD38109DE07B}" = Sage 50 Payroll
"{9E72092A-D367-4901-9D61-03C60A450C5C}" = Payroll for Windows
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A8817A8C-7D1F-4135-91AD-AFE21E1B357F}" = Payroll for Windows
"{A8C26AA6-E114-43F0-AEB0-CC3C39DB31C6}" = Payroll for Windows
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B02B8634-14E4-4AA8-B712-210524D15A5A}" = Payroll for Windows
"{B2D9AFFC-4404-45A8-96E1-745272128B3D}" = Sage 50 Payroll
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B623097F-94D1-4271-8656-55459D41B5D2}" = Payroll for Windows
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB0F2F68-0805-47DD-A99D-E74264048BD6}" = Payroll for Windows
"{BD1C084C-9F03-4D52-B9AD-9AD15DF5D6D9}" = Payroll for Windows
"{C96C56FE-03C4-4CE6-AAFF-2642B09BB72B}" = eSigner 4.2 Corp Gold
"{CCF300E5-E44B-43FA-BF8E-9E83EFD7413C}" = Payroll for Windows
"{E496E82A-526D-47D3-9366-9FAF0A135A8F}" = Sage Instant Accounts
"{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0
"{EDD98960-C99E-4B6C-803A-270F49AA83C6}" = Sage 50 Payroll
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA586006-3667-4F43-97E7-98E2A39A41A6}" = Payroll for Windows
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AFD Postcode" = AFD Postcode
"CNXT_MODEM_USB_ACF" = USB ACF Modem
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{E496E82A-526D-47D3-9366-9FAF0A135A8F}" = Sage Instant Accounts V12.00
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"Samsung CLP-320 Series" = Maintenance Samsung CLP-320 Series
"SetIP" = SetIP
"ST6UNST #1" = Focus Install CD
"ST6UNST #2" = Relcon Utilities
"WNLT" = IB Updater Service
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.139]: [00005956]: Initialize TwdsMain
Class failed!
Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.186]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.186]: [00005956]: Initialize TwdsMain
Class failed!
Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.326]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 06/04/13 04:43:00 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:00.326]: [00005956]: Initialize TwdsMain
Class failed!
Error - 06/04/13 04:43:36 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:36.934]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 06/04/13 04:43:36 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:36.934]: [00005956]: Initialize TwdsMain
Class failed!
Error - 06/04/13 04:43:37 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:37.106]: [00005956]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 06/04/13 04:43:37 | Computer Name = Server | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/04/06 09:43:37.106]: [00005956]: Initialize TwdsMain
Class failed!
Error - 08/04/13 04:51:23 | Computer Name = Server | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
[ System Events ]
Error - 08/04/13 03:27:02 | Computer Name = Server | Source = DCOM | ID = 10005
Description =
Error - 08/04/13 03:27:02 | Computer Name = Server | Source = DCOM | ID = 10005
Description =
Error - 08/04/13 03:27:02 | Computer Name = Server | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 08/04/13 03:27:40 | Computer Name = Server | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 08/04/13 03:27:42 | Computer Name = Server | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 08/04/13 03:29:59 | Computer Name = Server | Source = Service Control Manager | ID = 7000
Description = The DES2 Service for Energy Saving. service failed to start due to
the following error: %%2
Error - 08/04/13 03:30:20 | Computer Name = Server | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE
Error - 08/04/13 03:32:22 | Computer Name = Server | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 08/04/13 03:32:22 | Computer Name = Server | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069
Error - 08/04/13 12:43:39 | Computer Name = Server | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on cannot be read.
< End of report >
OTL logfile created on: 08/04/13 17:44:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JBW\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy
3.24 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.67% Memory free
6.48 Gb Paging File | 5.16 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 833.75 Gb Total Space | 746.98 Gb Free Space | 89.59% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 92.49 Gb Free Space | 94.71% Space Free | Partition Type: NTFS
Computer Name: SERVER | User Name: JBW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/04/08 17:16:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JBW\Desktop\OTL.exe
PRC - [2013/01/29 15:29:00 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/01 15:48:03 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/01 15:47:25 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/10/02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/26 08:45:55 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/08/21 15:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/08/21 15:43:58 | 000,105,120 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/07/05 15:11:14 | 000,008,192 | ---- | M] (Microsoft) -- C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
PRC - [2012/07/02 14:17:42 | 000,943,104 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
PRC - [2011/11/14 17:33:52 | 000,667,200 | ---- | M] (AFD Computers) -- C:\Postcode\AFDService.exe
PRC - [2011/09/22 23:00:14 | 005,551,288 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/09/22 16:00:56 | 002,537,096 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2011/07/06 13:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/05/19 09:59:20 | 015,323,648 | ---- | M] (Ocuco Ltd.) -- c:\Programs\Focus\ocp\OCPClient.exe
PRC - [2011/05/12 23:28:26 | 000,085,504 | ---- | M] (Gemalto) -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe
PRC - [2011/03/01 11:54:38 | 005,513,728 | ---- | M] (Ocuco Ltd.) -- C:\Reltem\OCPDaemon.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/09 13:20:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/09 13:20:34 | 000,284,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/01 22:36:02 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 22:35:58 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
========== Modules (No Company Name) ========== MOD - [2013/02/15 08:57:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/15 08:57:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/11 09:46:59 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8512de7f67e0dedb9389e0cd471af0e7\IAStorUtil.ni.dll
MOD - [2013/01/11 09:46:59 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3f84870783e405d3c07cc8d8846f0750\IAStorCommon.ni.dll
MOD - [2013/01/11 09:41:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 09:41:09 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 09:40:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 09:40:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll
MOD - [2013/01/11 09:40:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 09:40:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 09:40:33 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/07/02 14:17:42 | 000,943,104 | ---- | M] () -- C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe
MOD - [2011/09/22 23:00:00 | 011,216,504 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011/07/06 13:34:19 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2013/01/29 15:29:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/01 15:48:03 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/01 15:47:25 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/26 08:45:55 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/09/10 07:48:07 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/21 15:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/07/05 15:11:14 | 000,008,192 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe -- (Sage AutoUpdate Manager Service)
SRV - [2011/11/14 17:33:52 | 000,667,200 | ---- | M] (AFD Computers) [Auto | Running] -- C:\Postcode\AFDService.exe -- (afdReg)
SRV - [2011/05/19 09:59:20 | 015,323,648 | ---- | M] (Ocuco Ltd.) [Auto | Running] -- c:\programs\focus\ocp\OCPClient.EXE -- (OCPService)
SRV - [2011/05/12 23:28:26 | 000,085,504 | ---- | M] (Gemalto) [Auto | Running] -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe -- (GslShmSrvc)
SRV - [2011/05/05 19:49:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/01 11:54:38 | 005,513,728 | ---- | M] (Ocuco Ltd.) [Auto | Running] -- C:\Reltem\OCPDaemon.exe -- (OCPDaemon)
SRV - [2011/02/09 13:20:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/01 22:35:58 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 06:06:34 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\ACFXAU32.dll -- (AcfXAudioService)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/01 15:47:26 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/10 22:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/26 08:45:57 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/09/26 08:45:51 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2012/09/26 08:45:50 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/09/26 08:32:51 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/09/17 08:41:44 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/02/25 13:24:38 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/02/24 09:32:34 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/11/03 04:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/03 04:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/10/26 16:19:02 | 000,136,704 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/10/26 16:19:00 | 000,058,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/09/10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/09/02 08:02:14 | 000,087,424 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFVA32.sys -- (acfva)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/08 18:34:18 | 000,090,752 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GPinPad.sys -- (GPinPad)
DRV - [2009/04/29 06:06:28 | 000,028,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFDCP32.sys -- (dgcfltr)
DRV - [2009/04/29 06:06:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.sys -- (XAudio)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/14 09:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys -- (FLASHSYS)
DRV - [2007/03/15 10:52:34 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFSDK32.sys -- (mdmxsdk)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
https://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.whitakersopticians.co.uk/IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://uk.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{42E8D86C-31B0-43b8-B41C-DE4A4575FA9E}: "URL" =
http://www.google.co...2788:4067623346IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...GGHP_en-GBGB430IE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{743D8795-FFD1-4f98-A0DC-86E6800A90B8}: "URL" =
http://www.bing.com/...=SPLBR2&pc=SPLHIE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..\SearchScopes\{8C1DC94F-A678-412d-B8B7-75EB957D7C3C}: "URL" =
http://search.yahoo....cevm&type=STDVMIE - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@gemalto.com/eSigner4x: C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/03/01 08:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013/03/01 08:49:04 | 000,000,000 | ---D | M]
[2012/10/27 11:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2013/03/25 09:20:45 | 000,446,020 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - Reg Error: Value error. File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RegTool] C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O12 - Plugin for: .csd - C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
O12 - Plugin for: .esd - C:\Program Files\Gemalto\eSigner4\plugin\NXPlugIn.dll (Gemalto)
O12 - Plugin for: .i4t - C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: bacs.co.uk ([paymentservices] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([ams] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([ibank1.bib] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([www.iceb] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.net ([cashmanagement] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclayswealth.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: fpsdca.co.uk ([paymentservices] https in Trusted sites)
O15 - HKLM\..Trusted Domains: tradeonlineservices.com ([europe] https in Trusted sites)
O15 - HKLM\..Trusted Domains: voca.com ([iplservices] https in Trusted sites)
O15 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..Trusted Domains: nhs.net ([web] https in Trusted sites)
O15 - HKU\S-1-5-21-1566624508-482922642-3542228847-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73}
https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.120.234.26 62.6.40.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B86EAF7-9FBE-42CE-9B30-FEA7D2C6E2EF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A016AF20-47C2-4FC4-B1C4-EDAEB88EBE5A}: DhcpNameServer = 213.120.234.26 62.6.40.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C096A644-6631-41CA-A896-2536B8FFED1B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/04/08 17:16:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JBW\Desktop\OTL.exe
[2013/04/08 08:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/26 02:21:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/25 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\JBW\AppData\Local\PSU
[2013/03/23 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\JBW\Desktop\Telephone Bills
[2013/03/13 18:32:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/13 18:32:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/13 18:32:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/13 18:32:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/13 18:32:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/13 18:32:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/13 18:32:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/13 18:32:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/11 18:32:24 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 18:32:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 18:32:10 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
========== Files - Modified Within 30 Days ========== [2013/04/08 17:45:36 | 000,631,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/08 17:45:36 | 000,111,480 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/08 17:45:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/08 17:16:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JBW\Desktop\OTL.exe
[2013/04/08 16:08:03 | 000,017,980 | ---- | M] () -- C:\Windows\Sage.ini
[2013/04/08 11:39:07 | 000,012,004 | ---- | M] () -- C:\Windows\postcode.ini
[2013/04/08 11:16:06 | 000,004,619 | ---- | M] () -- C:\ DRS Appointments.rtf
[2013/04/08 10:21:12 | 000,001,268 | ---- | M] () -- C:\Windows\System32\SGLCH32.USR
[2013/04/08 09:21:06 | 000,002,510 | ---- | M] () -- C:\Users\JBW\Desktop\sysnet.exe boot-startup error [RESOLVED] - Geeks to Go Forums.url
[2013/04/08 08:45:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/08 08:37:24 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 08:37:24 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 08:30:05 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/04/08 08:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/08 08:29:34 | 2610,470,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 10:05:50 | 000,018,636 | ---- | M] () -- C:\ 1st Retinal Invoice.rtf
[2013/04/02 14:59:58 | 000,000,728 | ---- | M] () -- C:\Windows\SGREP32.INI
[2013/04/02 12:02:15 | 000,000,000 | ---- | M] () -- C:\Windows\map.ini
[2013/04/02 12:01:56 | 000,000,034 | RHS- | M] () -- C:\Windows\afdpc.flg
[2013/04/02 11:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/03/25 19:03:34 | 400,026,731 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/25 18:19:57 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2013/03/25 15:47:04 | 000,000,530 | ---- | M] () -- C:\SAL2503.CSV
[2013/03/25 09:20:45 | 000,446,020 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/20 18:09:45 | 000,004,102 | ---- | M] () -- C:\Users\JBW\Desktop\How to Repair a Corrupt Windows 7 Installation PCWorld.url
[2013/03/15 09:13:02 | 000,000,376 | ---- | M] () -- C:\Users\JBW\Desktop\The Dispensing Project Practice Building.url
[2013/03/15 09:02:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/15 09:02:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/14 09:15:25 | 000,001,137 | ---- | M] () -- C:\Users\JBW\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/03/13 16:37:56 | 000,000,054 | ---- | M] () -- C:\Windows\Payroll.ini
[2013/03/13 16:37:53 | 000,000,585 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/03/13 16:37:53 | 000,000,365 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013/03/11 18:32:05 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/11 18:32:03 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/03/11 18:32:03 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/11 18:32:03 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/11 18:32:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/11 18:32:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
========== Files Created - No Company Name ========== [2013/04/08 07:57:55 | 000,002,510 | ---- | C] () -- C:\Users\JBW\Desktop\sysnet.exe boot-startup error [RESOLVED] - Geeks to Go Forums.url
[2013/04/04 14:19:01 | 000,004,619 | ---- | C] () -- C:\ DRS Appointments.rtf
[2013/03/25 15:47:04 | 000,000,530 | ---- | C] () -- C:\SAL2503.CSV
[2013/03/20 18:09:45 | 000,004,102 | ---- | C] () -- C:\Users\JBW\Desktop\How to Repair a Corrupt Windows 7 Installation PCWorld.url
[2013/03/15 09:13:02 | 000,000,376 | ---- | C] () -- C:\Users\JBW\Desktop\The Dispensing Project Practice Building.url
[2013/03/13 16:37:54 | 001,758,970 | ---- | C] () -- C:\Users\Public\Desktop\Sage 50 Payroll Year End guide.pdf
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2012/11/03 10:09:51 | 000,000,493 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/01 22:36:12 | 000,263,318 | ---- | C] () -- C:\Users\JBW\AppData\Local\census.cache
[2012/11/01 22:35:34 | 000,129,136 | ---- | C] () -- C:\Users\JBW\AppData\Local\ars.cache
[2012/11/01 21:57:44 | 000,000,036 | ---- | C] () -- C:\Users\JBW\AppData\Local\housecall.guid.cache
[2012/10/27 11:51:46 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012/09/21 15:10:48 | 000,000,569 | ---- | C] () -- C:\Windows\System32\TdQVDMu.exe
[2012/09/14 15:34:06 | 000,368,640 | ---- | C] () -- C:\Windows\System32\SGCDlg32.dll
[2012/09/14 15:34:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGStat32.dll
[2012/09/14 15:33:50 | 000,372,736 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2012/09/14 15:33:34 | 000,303,104 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2012/09/14 15:33:28 | 000,012,288 | ---- | C] ( ) -- C:\Windows\System32\Interop.SGSTDREGLib.dll
[2012/09/14 15:33:14 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2012/09/14 15:33:08 | 000,290,816 | ---- | C] () -- C:\Windows\System32\SGSchemeXML.dll
[2012/09/14 15:32:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2012/09/14 15:32:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2012/09/14 15:32:32 | 000,294,912 | ---- | C] () -- C:\Windows\System32\SGTBar32.dll
[2012/09/14 15:32:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2012/09/14 15:32:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SGAppBar.dll
[2012/09/14 15:32:20 | 000,008,192 | ---- | C] ( ) -- C:\Windows\System32\Interop.SGREGISTERLib.dll
[2012/09/14 15:31:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2012/09/14 15:31:48 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2012/09/14 15:31:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGLogo32.dll
[2012/09/14 15:31:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2012/09/14 15:31:40 | 000,262,144 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2012/09/14 15:31:34 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2012/09/14 15:31:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SG3D32.dll
[2012/09/14 15:31:06 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2012/09/14 15:30:46 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2012/04/13 08:38:00 | 000,058,944 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/02/24 09:24:43 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012/01/24 11:09:54 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2011/12/17 12:56:36 | 000,007,606 | ---- | C] () -- C:\Users\JBW\AppData\Local\Resmon.ResmonCfg
[2011/12/09 16:02:45 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011/12/09 16:02:45 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/12/09 16:02:45 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011/12/09 16:02:45 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011/12/08 12:57:00 | 000,000,062 | ---- | C] () -- C:\Windows\TmfLogo.INI
[2011/11/09 14:58:12 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/06/29 13:10:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/06/29 13:10:19 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/06/29 13:10:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/06/21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011/06/09 08:29:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/18 09:18:44 | 000,245,312 | ---- | C] () -- C:\Windows\System32\pcode32.dll
[2011/05/16 10:39:40 | 000,000,054 | ---- | C] () -- C:\Windows\Payroll.ini
[2011/05/13 09:41:35 | 000,000,000 | ---- | C] () -- C:\Windows\map.ini
[2011/05/13 09:39:33 | 000,000,029 | ---- | C] () -- C:\Windows\CHANGE.INI
[2011/05/13 09:39:19 | 000,012,004 | ---- | C] () -- C:\Windows\postcode.ini
[2011/05/13 09:39:18 | 000,066,332 | ---- | C] () -- C:\Windows\System32\zlib16.dll
[2011/05/13 09:39:17 | 000,651,328 | ---- | C] () -- C:\Windows\System32\change32.dll
[2011/05/13 09:39:17 | 000,165,376 | ---- | C] () -- C:\Windows\System32\postcode.dll
[2011/05/13 09:39:17 | 000,100,928 | ---- | C] () -- C:\Windows\System32\afdutl32.dll
[2011/05/13 09:39:17 | 000,077,568 | ---- | C] () -- C:\Windows\System32\afdutl16.dll
[2011/05/12 20:54:02 | 000,038,430 | ---- | C] () -- C:\Users\JBW\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/05/12 18:57:43 | 000,000,728 | ---- | C] () -- C:\Windows\SGREP32.INI
[2011/05/12 07:02:24 | 000,000,312 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/12 07:02:24 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/12 06:53:22 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/10 11:38:59 | 000,000,000 | ---- | C] () -- C:\Users\JBW\AppData\Local\{6729FD7D-2249-4C84-B932-94D56C532A02}
[2011/05/10 08:13:04 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/10 08:13:04 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2011/05/06 21:59:35 | 000,000,071 | ---- | C] () -- C:\Windows\System32\RelCPath.dll
[2011/05/05 20:12:25 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/05/05 17:04:47 | 000,032,256 | ---- | C] () -- C:\Windows\System32\_RegTLB.dll
[2011/05/05 16:40:56 | 000,000,365 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/05 16:12:38 | 000,000,585 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/05 07:28:32 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2011/05/05 07:28:32 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2011/05/05 07:08:24 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/05 07:05:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2011/05/15 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\1387BAB6-D4A0-47E6-88E2-04DE48B888E2
[2011/05/15 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\47C40ABB-3E53-466D-AD36-FC30B2F1A4F8
[2012/03/08 19:43:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\6D8A3940-41F5-4878-B752-62F645E62197
[2012/03/08 18:06:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\7CD02EB4-5780-4EAD-996C-C98F393E7A7C
[2011/06/13 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\8961EC84-40FC-4B46-B7EB-A3E89624DADB
[2011/10/08 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\90F8AAED-62B2-40B4-B165-A86818CFE75D
[2012/03/08 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\92B92703-1344-485F-A62A-B9E3E0690B1A
[2011/11/04 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Acronis
[2011/07/09 09:06:23 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\B05A9F4D-2DE1-4052-A78D-42AC35E689A6
[2012/03/08 19:43:06 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\B782AE1A-F024-4264-BA94-2E8F3F006AC3
[2012/02/25 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\BFFF3BBE-6BE4-4FCF-9BA1-8D5F016A4175
[2011/10/08 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\C6152BD8-A9F0-4666-A4BB-3A719D35CE58
[2011/06/30 07:39:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\ControlCenter4
[2012/02/25 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\DF6AC55D-4A3A-4B3B-B117-82F24CFA57E0
[2012/09/26 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\F4A5F31E-3E28-423C-8D5C-64734A7567EF
[2011/12/24 11:52:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\GetRightToGo
[2012/09/01 08:37:00 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\NTI
[2012/06/18 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\ntr
[2011/06/30 07:58:33 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Nuance
[2011/11/16 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Product_RM
[2011/12/22 09:22:08 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Registry Mechanic
[2012/03/15 15:03:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Sage
[2011/11/09 09:09:43 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Zeon
========== Purity Check ========== ========== Custom Scans ========== ========== Base Services ==========SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010/11/20 13:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 06:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: SERVICES >[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
< MD5 for: SERVICES.CFG >[2012/12/18 15:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.DOC >[2011/10/31 09:22:30 | 000,043,520 | ---- | M] () MD5=68FF5C26D2D01CA2394E03624E141104 -- C:\Work Tasks\Website OLD\Old Webpages\Services.doc
[2011/10/31 09:22:30 | 000,043,520 | ---- | M] () MD5=68FF5C26D2D01CA2394E03624E141104 -- C:\Work Tasks\Website\Services.doc
[2011/12/20 09:47:40 | 000,022,528 | ---- | M] () MD5=FC1C4C27FAEE7DF52BA0E77A6CD2715B -- C:\Work Tasks\Website OLD\Website files\Services.doc
[2011/12/20 09:47:40 | 000,022,528 | ---- | M] () MD5=FC1C4C27FAEE7DF52BA0E77A6CD2715B -- C:\Work Tasks\Website\Page Text\Services.doc
< MD5 for: SERVICES.EXE >[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SERVICES.EXE.MUI >[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 03:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
< MD5 for: SERVICES.LNK >[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
< MD5 for: SERVICES.MSC >[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
< MD5 for: SERVICES.SBS >[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: SVCHOST.EXE >[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TASKENG.EXE >[2010/11/02 05:24:43 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=41C52AF44FB96BDDB1EFB25D2D943BBA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.20830_none_e63d55df39278cc6\taskeng.exe
[2010/11/20 13:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\System32\taskeng.exe
[2010/11/20 13:17:47 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe
[2009/07/14 02:14:42 | 000,190,464 | ---- | M] (Microsoft Corporation) MD5=DE5DACEBD4C89834EC6D2C41C8643CDA -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16385_none_e582a352202e02c8\taskeng.exe
[2010/11/02 05:34:44 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=F8952E80B7F778DA2F7AA8393CA2D30E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7600.16699_none_e57bda4020327b8a\taskeng.exe
< MD5 for: USERINIT.EXE >[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WINSOCK.DLL >[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL
========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >