Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

OpenCloud and BSOD

Started by kkamy , Nov 13 2011 11:45 AM

This topic is locked

63 replies to this topic

#1 kkamy

Member

Members
42 posts

Posted 13 November 2011 - 11:45 AM

My husband's computer was infected a few weeks ago with the OpenCloud Security virus. I previously ran Malwarebytes several weeks ago and it did remove the OpenCloud pops ups but most of my husband's files were hidden. I was able to back-up all of his personal files successfully. Many removal programs have been shut down while they are running. However the computer now only runs following startup for 2-3 minutes before I get the BSOD. In safe mode, I have followed the full removal instructions (TDSSKiller, Rkill and Malwarebytes) without success. TDSSKiller came out clean, RKill reported nothing terminated and Malwarebytes found nothing as well. The computer is also not connecting to our wireless network (stuck in the "Identifying" stage) so I am using my own computer and transferring everything via USB. I have run DDS and here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by Patrick at 11:40:53 on 2011-11-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.1450 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63434
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] c:\windows\test.bat
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EnergyCut_Utility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [VeriFacePassManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
mRun: [OpenCloud Security] c:\users\patrick\appdata\roaming\opencloud security\OpenCloud Security.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzMxMjUyMDE2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=37dbc0cbd5d347d1a19cd16b537aa9ca-f1e7a63b4b37d5f335d243fdec9fae10c46f09ec
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [-355484389] c:\windows\temp\\jucheck.exe
dRun: [GoogleVerifierTray] rundll32.exe "c:\programdata\GoogleVerifierTray.dll",DllRegisterServer
StartupFolder: c:\users\patrick\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{116432D4-7A08-4473-8A04-D4A7D97F9EC2} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\sassy\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\sassy\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-8-16 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-16 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2008-8-16 18048]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-12 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-12 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-12 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-12 40552]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZLPA;ZLPA;c:\users\patrick\appdata\local\temp\ZLPA.exe [2011-9-21 519040]
SUnknown SASKUTIL;SASKUTIL; [x]
.
=============== Created Last 30 ================
.
2011-11-13 15:42:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 15:42:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-11-13 15:26:50 790998 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-09-20 21:59:03 295053 ----a-w- c:\windows\system32\shimg.dll
2011-09-19 22:32:28 97280 ---ha-w- c:\programdata\GoogleVerifierTray.dll
2011-08-17 09:51:59 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:42:01.93 ===============

Attached Files

attach.txt 10.43K 2 downloads

BC Ads
BleepingComputer.com

#2 HelpBot

Bleepin' Binary Bot

Bots
7,078 posts

Gender:Male

Posted 18 November 2011 - 11:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427699 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 03:53 PM

Problem is still the same as described above. Here are the DDS logs. I will post GMER logs (didn't realize my husband's computer was running 32-bit version of Vista til now)

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by Patrick at 15:49:42 on 2011-11-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.1337 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63434
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] c:\windows\test.bat
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EnergyCut_Utility] c:\program files\lenovo\energycut\utilty.exe
mRun: [EnergyCut] c:\program files\lenovo\energycut\EnergyCut.exe
mRun: [PCMService] "c:\program files\lenovo\shuttlecenter\PCMService.exe"
mRun: [VeriFacePassManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
mRun: [OpenCloud Security] c:\users\patrick\appdata\roaming\opencloud security\OpenCloud Security.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzMxMjUyMDE2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=37dbc0cbd5d347d1a19cd16b537aa9ca-f1e7a63b4b37d5f335d243fdec9fae10c46f09ec
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [-355484389] c:\windows\temp\\jucheck.exe
dRun: [GoogleVerifierTray] rundll32.exe "c:\programdata\GoogleVerifierTray.dll",DllRegisterServer
StartupFolder: c:\users\patrick\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{116432D4-7A08-4473-8A04-D4A7D97F9EC2} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\sassy\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\sassy\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2008-8-16 11776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-16 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2008-8-16 18048]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-12 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-12 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-12 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-12 40552]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZLPA;ZLPA;c:\users\patrick\appdata\local\temp\ZLPA.exe [2011-9-21 519040]
SUnknown SASKUTIL;SASKUTIL; [x]
.
=============== Created Last 30 ================
.
2011-11-13 15:42:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-13 15:42:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-11-13 15:26:50 790998 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-09-20 21:59:03 295053 ----a-w- c:\windows\system32\shimg.dll
2011-09-19 22:32:28 97280 ---ha-w- c:\programdata\GoogleVerifierTray.dll
.
============= FINISH: 15:49:51.32 ===============

Attached Files

attach.txt 11.88K 2 downloads

#4 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 04:33 PM

GMER log attached.

Attached Files

ark.log 3.89K 7 downloads

#5 Farbar

Just Curious

Security Developer
19,533 posts

Gender:Male
Location:The Netherlands

Posted 18 November 2011 - 05:48 PM

Hello kkamy,

Apologies for the delay.

When running the tools make sure the wireless is not disabled. You can better have a wired connection.

When you use F8 to get to Advanced Boot Options where there is Safe Mode, do you also have "Repair Your Computer" option.
alternatively do you have a Windows Vista DVD?
Please download OTL by OldTimer.
- Save it to your desktop.
- Double click on the OTL icon on your desktop.
- Check the "Scan All Users" checkbox.
- Check the "Standard Output".
- Set Services to All.
- Set Drivers to All.
- Click Run Scan button.
- Two reports will open:
  - OTL.txt <-- Will be opened
  - Extra.txt <-- Will be minimized
- Copy and paste OTL.txt and attach Extra.txt to your reply.
Please download Farbar Service Scanner and run it on the computer with the issue.
- Check "Include All Files" option.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Minidump Files.
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

#6 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 08:23 PM

Hi. As noted in my original post, I am unable to access my wireless connection. I have not manually disabled it, but something else is. The wireless was working fine until the virus struck the computer and several other computers in the house are accessing the wireless without issue. Should I not run the programs you have instructed me to then?

#7 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 08:25 PM

Also upon entering the Boot Options I have nothing that directly says "Repair your computer." I do not have access to any Vista disks due to it be shipped preloaded with the computer.

#8 Farbar

Just Curious

Security Developer
19,533 posts

Gender:Male
Location:The Netherlands

Posted 18 November 2011 - 08:58 PM

Thanks for the feedback.

As noted in my original post, I am unable to access my wireless connection.

I have noted it and that is the reason we are running those tools. Beside winsock entries that are currently hijacked by ZeroAccess malware we need to take a look at other possibilities this malware is capable of.

I wanted to emphasize that the connection should not be disabled. It is even better if you can connect the computer directly to the modem/router while you are running the tool in step 3 and step 4.

We could have easily take care of the infection that causing BSOD if you had the option I named or a boot CD. Still we have some options but if something goes wrong our option is limited due to this restriction.

If you can please connect the computer to modem/router and run the tool. Otherwise run the tools anyway.

#9 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 08:59 PM

I ran what you said on the computer in Safe Mode with Networking. The wireless is not disable but stuck in "Identifying Mode."

OTL log
OTL logfile created on: 11/18/2011 8:52:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.91% Memory free
4.21 Gb Paging File | 3.94 Gb Available in Paging File | 93.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 188.94 Gb Total Space | 112.93 Gb Free Space | 59.77% Space Free | Partition Type: NTFS
Drive D: | 27.19 Gb Total Space | 27.16 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 2.55 Gb Free Space | 68.43% Space Free | Partition Type: FAT32

Computer Name: PATRICK-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/18 20:46:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 22:38:34 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

========== Modules (No Company Name) ==========

MOD - [2008/08/16 19:09:05 | 000,241,752 | -H-- | M] () -- C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll

========== Win32 Services (All) ==========

SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/09/21 15:29:41 | 000,519,040 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Patrick\AppData\Local\Temp\ZLPA.exe -- (ZLPA)
SRV - [2011/04/27 14:39:26 | 000,208,944 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | -H-- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/27 00:22:46 | 000,820,520 | -H-- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2011/04/06 15:20:16 | 000,349,472 | -H-- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2011/02/28 17:44:14 | 000,183,560 | -H-- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/22 08:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/02/18 15:37:16 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/10 17:30:50 | 000,086,880 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/12/10 17:29:30 | 029,293,408 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2010/12/10 17:29:30 | 000,238,944 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010/12/10 17:29:30 | 000,044,384 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2010/03/18 12:16:28 | 000,753,504 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/18 08:30:03 | 000,200,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2010/02/09 06:53:10 | 000,135,664 | -H-- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Google Update Service (gupdatem)
SRV - [2010/02/09 06:53:10 | 000,135,664 | -H-- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/09 16:56:18 | 001,181,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM) Windows Remote Management (WS-Management)
SRV - [2009/10/09 16:55:52 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009/09/30 20:01:54 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2009/09/20 11:31:40 | 000,694,784 | -H-- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/08/24 06:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/06 21:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/18 08:08:19 | 000,182,768 | -H-- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2009/06/15 07:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2009/05/21 21:03:06 | 000,133,120 | -H-- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/05/21 19:21:18 | 000,248,832 | -H-- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2009/04/11 01:28:25 | 000,413,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2009/04/11 01:28:25 | 000,282,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2009/04/11 01:28:25 | 000,199,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/04/11 01:28:25 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009/04/11 01:28:25 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009/04/11 01:28:25 | 000,029,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009/04/11 01:28:24 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/04/11 01:28:24 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009/04/11 01:28:24 | 000,095,232 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009/04/11 01:28:24 | 000,060,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SLUINotify.dll -- (SLUINotify)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 01:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPsvc)
SRV - [2009/04/11 01:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPAutoReg)
SRV - [2009/04/11 01:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009/04/11 01:28:23 | 000,644,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2pimsvc)
SRV - [2009/04/11 01:28:23 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:20 | 000,438,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2009/04/11 01:28:19 | 000,576,512 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/04/11 01:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2009/04/11 01:28:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2009/04/11 01:28:15 | 000,137,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:09 | 000,385,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2009/04/11 01:28:07 | 000,039,424 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2009/04/11 01:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:27:31 | 002,092,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dfsr.exe -- (DFSR)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 13:39:20 | 000,043,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 13:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 13:38:42 | 000,879,448 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/12/03 19:05:42 | 000,053,760 | -H-- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 19:05:32 | 000,044,544 | -H-- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/11/04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/29 16:38:31 | 000,583,048 | -H-- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 22:37:14 | 000,055,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2008/01/18 22:36:54 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2008/01/18 22:36:52 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2008/01/18 22:36:52 | 000,073,728 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2008/01/18 22:36:48 | 000,259,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2008/01/18 22:36:44 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2008/01/18 22:36:40 | 000,056,320 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2008/01/18 22:36:38 | 000,155,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2008/01/18 22:36:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc)
SRV - [2008/01/18 22:36:22 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/18 22:36:22 | 000,084,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2008/01/18 22:36:22 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2008/01/18 22:36:22 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2008/01/18 22:36:16 | 000,243,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2008/01/18 22:36:16 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2008/01/18 22:36:08 | 001,502,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2008/01/18 22:36:04 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2008/01/18 22:35:58 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008/01/18 22:35:40 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/18 22:35:38 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/18 22:35:38 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/18 22:34:58 | 000,344,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2008/01/18 22:34:54 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/18 22:34:50 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2008/01/18 22:34:50 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/18 22:34:46 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008/01/18 22:34:44 | 000,188,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2008/01/18 22:34:38 | 000,068,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2008/01/18 22:34:36 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) Internet Connection Sharing (ICS)
SRV - [2008/01/18 22:34:36 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2008/01/18 22:34:36 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2008/01/18 22:34:22 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2008/01/18 22:34:10 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2008/01/18 22:34:08 | 000,134,656 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2008/01/18 22:33:50 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2008/01/18 22:33:44 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 22:33:34 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2008/01/18 22:33:18 | 000,105,984 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2008/01/18 22:33:10 | 000,292,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/18 22:33:02 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2008/01/11 16:50:16 | 000,030,312 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/26 03:08:26 | 000,106,583 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/10/26 03:08:24 | 000,262,233 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/10/25 15:09:05 | 000,262,247 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/10/02 20:53:00 | 000,094,208 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/09/12 17:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | -H-- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/01 10:00:20 | 000,647,168 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/06/01 09:41:30 | 000,327,680 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/11/02 07:35:29 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 07:35:24 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2006/11/02 04:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2006/11/02 04:46:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2006/11/02 04:46:04 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 04:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2006/11/02 04:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2006/11/02 04:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2006/10/26 13:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKslaf52f053)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (blbdrive)
DRV - [2011/07/06 10:31:47 | 000,214,016 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/06/17 15:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2011/06/17 15:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2011/06/17 08:31:44 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2011/04/29 08:25:10 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 08:25:09 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/29 08:24:42 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/29 08:24:40 | 000,106,496 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/27 14:25:24 | 000,065,024 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,165,648 | -H-- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2011/04/18 12:18:50 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/14 09:59:03 | 000,075,264 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/02/22 08:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/02/18 15:36:58 | 000,041,984 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2011/02/18 09:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011/01/20 11:37:37 | 000,638,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2010/02/20 15:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/02/18 06:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/06/15 18:15:25 | 000,439,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 13:17:00 | 000,026,600 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/13 22:25:06 | 000,214,024 | -H-- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/13 22:25:06 | 000,079,816 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/05/13 22:25:06 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/05/13 22:25:06 | 000,035,272 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/05/13 22:24:34 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/11 01:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/11 01:32:55 | 000,226,280 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap)
DRV - [2009/04/11 01:32:55 | 000,149,480 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pci.sys -- (pci)
DRV - [2009/04/11 01:32:52 | 000,053,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/11 01:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2009/04/11 01:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/11 01:32:46 | 000,265,688 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/11 01:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\clfs.sys -- (CLFS) Common Log (CLFS)
DRV - [2009/04/11 01:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2009/04/11 01:32:46 | 000,180,712 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/11 01:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/11 01:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/11 01:32:31 | 000,054,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009/04/11 01:32:31 | 000,053,736 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\disk.sys -- (disk)
DRV - [2009/04/11 01:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup)
DRV - [2009/04/11 01:32:26 | 000,019,944 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)
DRV - [2009/04/10 23:51:27 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009/04/10 23:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp) WAN Miniport (SSTP)
DRV - [2009/04/10 23:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/10 23:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/10 23:45:56 | 000,072,192 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/10 23:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/10 23:45:37 | 000,185,856 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/10 23:45:22 | 000,066,560 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
DRV - [2009/04/10 23:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/10 23:43:16 | 000,196,096 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/10 23:43:04 | 000,062,208 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2009/04/10 23:42:55 | 000,065,536 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/10 23:42:52 | 000,039,936 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/10 23:42:42 | 000,561,152 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/10 23:39:17 | 000,067,072 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/10 23:19:14 | 000,089,088 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2009/04/10 23:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/10 23:14:29 | 000,225,280 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/10 23:14:01 | 000,035,328 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/10 23:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/10 23:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/10 23:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2008/08/16 18:45:32 | 000,018,048 | -H-- | M] (ensurebit) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CapFilt.sys -- (CapFilt)
DRV - [2008/01/18 22:43:28 | 000,503,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008/01/18 22:42:32 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/18 22:42:30 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/18 22:42:20 | 000,052,792 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/18 22:41:54 | 000,035,384 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/18 22:41:54 | 000,034,360 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/18 22:41:50 | 000,031,288 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/18 22:41:42 | 000,028,728 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/18 22:41:32 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/18 22:41:26 | 000,020,792 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/01/18 22:41:22 | 000,017,976 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/18 22:41:16 | 000,016,440 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/18 22:41:16 | 000,015,288 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/18 21:14:42 | 000,018,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/18 21:14:12 | 000,009,216 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/18 21:14:10 | 000,035,328 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/01/18 21:01:16 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/18 21:01:10 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/18 21:01:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/18 21:01:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/18 21:01:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/18 20:57:18 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/18 20:57:18 | 000,018,432 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/18 20:56:36 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/01/18 20:56:36 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/01/18 20:56:32 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/18 20:56:32 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/18 20:56:32 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/18 20:56:30 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/18 20:56:30 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/18 20:56:30 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/18 20:56:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/18 20:56:24 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/18 20:56:08 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/18 20:55:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/18 20:55:46 | 000,035,840 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/18 20:55:42 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/18 20:55:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/18 20:55:20 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/18 20:55:04 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/18 20:55:04 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/18 20:54:48 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/18 20:53:42 | 000,034,816 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/18 20:53:40 | 000,134,016 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/01/18 20:53:30 | 000,073,216 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/18 20:53:22 | 000,023,552 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/18 20:53:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/18 20:53:06 | 000,083,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2008/01/18 20:52:20 | 000,041,984 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/18 20:52:08 | 000,026,112 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/18 20:52:08 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/18 20:49:22 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/18 20:49:20 | 000,054,784 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/18 20:49:20 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/18 20:49:20 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/18 20:49:20 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/18 20:49:18 | 000,019,968 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/18 20:49:14 | 000,131,584 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4)
DRV - [2008/01/18 20:49:14 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/18 20:49:12 | 000,036,864 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2008/01/18 20:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/18 20:49:10 | 000,016,384 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2008/01/18 20:32:48 | 000,014,208 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/01/18 20:30:38 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/18 20:30:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/18 20:28:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/18 20:28:04 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/18 20:27:22 | 000,041,472 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/18 19:25:06 | 002,225,664 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/11/02 15:29:02 | 000,828,328 | -H-- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/10/25 01:26:09 | 002,015,192 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/22 14:00:44 | 000,180,736 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/06/21 03:51:28 | 002,222,080 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/05 16:39:26 | 000,011,776 | -H-- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/05/30 21:50:59 | 001,774,080 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/24 23:17:35 | 000,277,784 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/21 21:02:04 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/01 08:24:29 | 000,182,456 | -H-- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/02/24 13:42:22 | 000,039,936 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/14 02:11:57 | 000,007,680 | -H-- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/22 04:34:59 | 000,982,272 | -H-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 04:51:45 | 000,900,712 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | -H-- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | -H-- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | -H-- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:12 | 000,167,528 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 04:51:00 | 000,147,048 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | -H-- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:40 | 000,106,600 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2006/11/02 04:50:35 | 000,106,088 | -H-- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | -H-- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | -H-- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:24 | 000,047,208 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 04:50:19 | 000,045,160 | -H-- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,080,488 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 04:50:17 | 000,041,576 | -H-- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,078,952 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 04:50:16 | 000,076,392 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 04:50:16 | 000,071,784 | -H-- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | -H-- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | -H-- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | -H-- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | -H-- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | -H-- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | -H-- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:04 | 000,058,984 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2006/11/02 04:50:04 | 000,058,472 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,056,936 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\uagp35.sys -- (uagp35)
DRV - [2006/11/02 04:49:59 | 000,054,888 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2006/11/02 04:49:59 | 000,033,384 | -H-- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | -H-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | -H-- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:52 | 000,054,376 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2006/11/02 04:49:52 | 000,053,864 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\agp440.sys -- (agp440)
DRV - [2006/11/02 04:49:51 | 000,053,352 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2006/11/02 04:49:49 | 000,027,752 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 04:49:43 | 000,022,632 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2006/11/02 04:49:38 | 000,019,560 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 04:49:30 | 000,017,512 | -H-- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | -H-- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:26 | 000,015,464 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | -H-- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:49:20 | 000,013,416 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 04:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 04:03:00 | 000,242,688 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 03:55:23 | 000,039,936 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 03:55:22 | 000,029,184 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 03:55:09 | 000,068,608 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 03:55:08 | 000,035,328 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 03:55:05 | 000,019,456 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 03:55:01 | 000,021,504 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 03:55:01 | 000,012,288 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2006/11/02 03:52:52 | 000,020,608 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 03:51:40 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 03:51:40 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2006/11/02 03:51:40 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2006/11/02 03:51:38 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 03:51:33 | 000,025,088 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 03:51:32 | 000,020,480 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 03:51:30 | 000,083,456 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 03:51:30 | 000,079,360 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 03:51:25 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 03:51:23 | 000,008,704 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 03:51:12 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2006/11/02 03:51:12 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006/11/02 03:42:03 | 000,065,536 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2006/11/02 03:35:03 | 000,011,264 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 03:30:19 | 000,039,424 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 03:30:18 | 000,040,960 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 03:30:18 | 000,038,912 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 03:30:18 | 000,038,912 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 03:30:18 | 000,038,400 | -H-- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 03:25:24 | 000,071,808 | -H-- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | -H-- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | -H-- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | -H-- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | -H-- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | -H-- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:49 | 000,235,520 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006/11/02 02:30:54 | 000,117,760 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:37:21 | 000,020,480 | -H-- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53919

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53919

IE - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
IE - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63434

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B17237f8e-8cf6-478b-a9ed-aba7f92a0585%7D&mid=37dbc0cbd5d347d1a19cd16b537aa9ca-f1e7a63b4b37d5f335d243fdec9fae10c46f09ec&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-09-20%2017%3A51%3A03&sap=ku&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63434
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/01 21:23:55 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/09 10:18:20 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/01 21:23:55 | 000,000,000 | -H-D | M]

[2011/06/29 21:01:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Extensions
[2011/09/25 18:51:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\lc34kl7k.default\extensions
[2011/08/28 11:10:30 | 000,000,000 | -H-D | M] (Flash and Video Download) -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\lc34kl7k.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/09/21 15:37:57 | 000,003,849 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\lc34kl7k.default\searchplugins\avg-secure-search.xml
[2009/09/02 02:02:42 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/05/15 22:30:12 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyCut_Utility] C:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpenCloud Security] C:\Users\Patrick\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [-355484389] C:\Windows\TEMP\\jucheck.exe ()
O4 - HKU\.DEFAULT..\Run: [GoogleVerifierTray] C:\ProgramData\GoogleVerifierTray.dll (Gabest)
O4 - HKU\S-1-5-18..\Run: [-355484389] C:\Windows\TEMP\\jucheck.exe ()
O4 - HKU\S-1-5-18..\Run: [GoogleVerifierTray] C:\ProgramData\GoogleVerifierTray.dll (Gabest)
O4 - HKU\S-1-5-19..\Run: [Microsoft Update] C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Microsoft Update] C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3716398180-3555970430-3715050525-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{116432D4-7A08-4473-8A04-D4A7D97F9EC2}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (EXPLORER.EXE) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (EXPLORER.EXE) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASSY\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSY\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 10:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/13 10:42:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/13 10:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/19 17:32:30 | 000,097,280 | -H-- | C] (Gabest) -- C:\ProgramData\GoogleVerifierTray.dll
[3 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/18 20:32:39 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/11/18 20:26:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 20:26:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 15:52:08 | 000,001,356 | ---- | M] () -- C:\Users\Patrick\AppData\Local\d3d9caps.dat
[2011/11/13 11:40:32 | 000,000,000 | ---- | M] () -- C:\Users\Patrick\defogger_reenable
[2011/11/13 10:42:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/13 10:19:54 | 204,704,736 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/13 10:17:42 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/13 10:17:12 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/13 10:17:05 | 000,000,504 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2011/11/13 10:17:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[3 C:\Users\Patrick\Desktop\*.tmp files -> C:\Users\Patrick\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/13 11:40:32 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\defogger_reenable
[2011/11/13 10:42:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 05:59:24 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{C3F9D928-C598-46E9-9381-06DD5FC179CA}
[2011/09/26 05:58:24 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{3F74586B-D982-47B2-90D8-9AB038B5BD41}
[2011/09/25 21:16:29 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{1CB28FBE-7406-4027-B118-ECE4A9869D01}
[2011/09/25 19:59:36 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{0793E09C-8AC5-40B3-9816-F4F93A06B05A}
[2011/09/25 19:39:15 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{1A7507A3-45AC-40B7-9FCC-CCEE785B831A}
[2011/09/21 19:09:55 | 000,004,320 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\E3F4.ED1
[2011/09/20 16:22:27 | 000,295,053 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2011/06/27 05:06:12 | 000,011,790 | -HS- | C] () -- C:\Users\Patrick\AppData\Local\8g4e78o42qvpv7knfp1a6q7kp31cf3402438hs
[2011/06/27 05:06:12 | 000,011,790 | -HS- | C] () -- C:\ProgramData\8g4e78o42qvpv7knfp1a6q7kp31cf3402438hs
[2011/04/20 07:33:57 | 000,010,956 | -HS- | C] () -- C:\Users\Patrick\AppData\Local\1i0qem3l06
[2011/04/20 07:33:57 | 000,010,956 | -HS- | C] () -- C:\ProgramData\1i0qem3l06
[2010/09/01 21:09:54 | 000,201,686 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/05/17 05:16:32 | 000,000,016 | -H-- | C] () -- C:\Users\Patrick\AppData\Roaming\grwqhp.dat
[2009/09/19 10:41:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/19 10:41:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/12 21:11:10 | 000,001,356 | ---- | C] () -- C:\Users\Patrick\AppData\Local\d3d9caps.dat
[2009/07/12 21:09:19 | 000,002,992 | -H-- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/05/22 04:25:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2008/10/13 09:24:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/10 19:56:29 | 000,156,800 | -H-- | C] () -- C:\Users\Patrick\AppData\Roaming\Patrick.idx
[2008/08/16 19:09:07 | 001,560,576 | -H-- | C] () -- C:\Windows\System32\MainOp.dll
[2008/08/16 19:09:07 | 001,327,104 | -H-- | C] () -- C:\Windows\System32\ImageReog.dll
[2008/08/16 19:09:07 | 000,622,592 | -H-- | C] () -- C:\Windows\System32\PicNotify.dll
[2008/08/16 19:09:07 | 000,491,520 | -H-- | C] () -- C:\Windows\System32\picn.dll
[2008/08/16 19:09:07 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\Image.dll
[2008/08/16 19:09:07 | 000,126,976 | -H-- | C] () -- C:\Windows\System32\VideoOp.dll
[2008/08/16 19:09:07 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\Momo.dll
[2008/08/16 19:09:07 | 000,094,208 | -H-- | C] () -- C:\Windows\System32\ApBlend.dll
[2008/08/16 19:09:07 | 000,049,152 | -H-- | C] () -- C:\Windows\System32\DevFilt.dll
[2008/08/16 18:45:42 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2008/08/16 18:45:42 | 000,023,040 | ---- | C] () -- C:\Windows\ScrSav.dll
[2008/08/16 18:30:48 | 000,016,480 | -H-- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/16 18:25:33 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/03/28 07:34:52 | 000,910,464 | -H-- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/28 07:34:52 | 000,249,856 | -H-- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/28 07:34:52 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2008/03/28 07:34:46 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/01 09:58:40 | 000,999,424 | -H-- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/02 07:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,397,368 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,653,480 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,862 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:01 | 046,249,416 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 05:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

FSS log
Farbar Service Scanner
Ran by Patrick (administrator) on 18-11-2011 at 20:58:16
Windows Vista ™ Home Premium Service Pack 2 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service might not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service might not exist.

File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys is missing.
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-08-10 02:14] - [2011-06-17 15:13] - 0913296 ____A (Microsoft Corporation) 6647FCE6FC4970DAAFE5C64C794513D3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google site is accessible.
Yahoo site is accessible.

**** End of log ****

Minitoolbox log
MiniToolBox by Farbar
Ran by Patrick (administrator) on 18-11-2011 at 20:59:13
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:63434

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Patrick-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
Physical Address. . . . . . . . . : 00-22-15-9E-40-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1F-3C-45-19-D6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6dc4:92f8:1adc:429f%8(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.66.159(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5B2434A6-8939-4375-A1F9-DAC601BF0E68}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 192.168.1.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 22 15 9e 40 39 ...... Broadcom NetLink ™ Fast Ethernet
8 ...00 1f 3c 45 19 d6 ...... Intel® PRO/Wireless 3945ABG Network Connection
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.home
15 ...00 00 00 00 00 00 00 e0 isatap.home
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.{5B2434A6-8939-4375-A1F9-DAC601BF0E68}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.66.159 281
169.254.66.159 255.255.255.255 On-link 169.254.66.159 281
169.254.255.255 255.255.255.255 On-link 169.254.66.159 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.66.159 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.66.159 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
8 281 fe80::/64 On-link
8 281 fe80::6dc4:92f8:1adc:429f/128
On-link
1 306 ff00::/8 On-link
8 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2011 08:55:51 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (11/18/2011 08:55:51 PM) (Source: LoadPerf) (User: )
Description: 0098

Error: (11/18/2011 08:36:57 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (11/18/2011 08:36:57 PM) (Source: LoadPerf) (User: )
Description: 0098

Error: (11/18/2011 08:33:23 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/18/2011 08:26:14 PM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service was unable to establish SQL instance and connectivity discovery.

Error: (11/18/2011 08:26:14 PM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service port is unavailable for listening, or invalid.

Error: (11/18/2011 04:01:32 PM) (Source: PerfNet) (User: )
Description:

Error: (11/18/2011 04:01:31 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (11/18/2011 04:01:31 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

System errors:
=============
Error: (11/18/2011 08:52:48 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/18/2011 08:34:07 PM) (Source: Service Control Manager) (User: )
Description: mfehidk
MpFilter
spldr
Wanarpv6

Error: (11/18/2011 08:34:07 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy Agent%%10050

Error: (11/18/2011 08:34:07 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying Modules%%13876

Error: (11/18/2011 08:34:07 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (11/18/2011 08:34:07 PM) (Source: Service Control Manager) (User: )
Description: TCP/IP NetBIOS HelperAfd

Error: (11/18/2011 08:34:07 PM) (Source: Service Control Manager) (User: )
Description: DHCP ClientAfd

Error: (11/18/2011 08:34:07 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5

Error: (11/18/2011 08:33:29 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/18/2011 08:33:23 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
========================= Minidump Files ==================================

C:\Windows\Minidump\Mini031611-01.dmp
C:\Windows\Minidump\Mini032910-01.dmp
C:\Windows\Minidump\Mini062210-01.dmp
C:\Windows\Minidump\Mini092011-01.dmp
C:\Windows\Minidump\Mini092011-02.dmp
C:\Windows\Minidump\Mini092511-01.dmp
C:\Windows\Minidump\Mini092511-02.dmp
C:\Windows\Minidump\Mini092511-03.dmp
C:\Windows\Minidump\Mini092511-04.dmp
C:\Windows\Minidump\Mini092511-05.dmp
C:\Windows\Minidump\Mini092511-06.dmp
C:\Windows\Minidump\Mini092511-07.dmp
C:\Windows\Minidump\Mini092611-01.dmp
C:\Windows\Minidump\Mini092611-02.dmp
C:\Windows\Minidump\Mini101910-01.dmp
C:\Windows\Minidump\Mini111210-01.dmp
C:\Windows\Minidump\Mini111311-01.dmp
C:\Windows\Minidump\Mini111710-01.dmp
C:\Windows\Minidump\Mini112810-01.dmp
C:\Windows\Minidump\Mini122710-01.dmp
C:\Windows\Minidump\Mini123110-01.dmp

**** End of log ****

Attached Files

Extras.Txt 47.64K 1 downloads

#10 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 09:01 PM

I just saw your reply after I sent my own. I will see if I can find a cable to connect the computer directly to the computer. It's been ages since I used one so it's a 50/50 shot I can locate it. If I do, I'll re-run.

#11 Farbar

Just Curious

Security Developer
19,533 posts

Gender:Male
Location:The Netherlands

Posted 18 November 2011 - 09:16 PM

At the moment I need the log of the last step. No need to search for the cable.

#12 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 09:20 PM

I posted all 4 logs in their entirety. OTL, FSS, Results and attached Extras (from OTL). Is there a fifth log? Do you need me to re-post?

#13 Farbar

Just Curious

Security Developer
19,533 posts

Gender:Male
Location:The Netherlands

Posted 18 November 2011 - 09:39 PM

My bad, I saw it while I was going through the log.

We have some work to do.

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
Unzip the file and run GrantPerms.exe on the infected computer.
Copy and paste the following in the edit box:

C:\Windows\$NtUninstallKB31180$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Please open OTL.

Copy the text in code box and paste it to Custom Scans/Fixes section:

:files
C:\Users\Patrick\AppData\Local\8g4e78o42qvpv7knfp1a6q7kp31cf3402438hs
C:\ProgramData\8g4e78o42qvpv7knfp1a6q7kp31cf3402438hs
C:\Users\Patrick\AppData\Local\1i0qem3l06
C:\ProgramData\1i0qem3l06
C:\Users\Patrick\AppData\Roaming\OpenCloud Security
C:\Windows\$NtUninstallKB31180$

:otl
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53919
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53919
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63434
FF - prefs.js..network.proxy.type: 1
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpenCloud Security] C:\Users\Patrick\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe File not found
O4 - HKLM..\Run: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found
O4 - HKU\.DEFAULT..\Run: [-355484389] C:\Windows\TEMP\\jucheck.exe ()
O4 - HKU\S-1-5-18..\Run: [-355484389] C:\Windows\TEMP\\jucheck.exe ()
O4 - HKU\S-1-5-19..\Run: [Microsoft Update] C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe File not found
O4 - HKU\S-1-5-20..\Run: [Microsoft Update] C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe File not found
:commands
[resethosts]

Click Run Fix button.
If the fix needed a reboot please do it.
After finished a log will open. Copy and paste the log to your reply.

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

afd.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

Note: For searching more files the file names should be separated by semicolon (;)

FYI: It is too late here. I'm going to sleep. Tomorrow we will restore the internet. Please refrain from making any changes.

#14 kkamy

Member

Members
42 posts

Posted 18 November 2011 - 10:11 PM

GrantPerms by Farbar
Ran by Patrick (administrator) at 2011-11-18 21:48:15

===============================================
\\?\C:\Windows\$NtUninstallKB31180$

Owner: BUILTIN\Administrators

DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administrators FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)

========== FILES ==========
C:\Users\Patrick\AppData\Local\8g4e78o42qvpv7knfp1a6q7kp31cf3402438hs moved successfully.
C:\ProgramData\8g4e78o42qvpv7knfp1a6q7kp31cf3402438hs moved successfully.
C:\Users\Patrick\AppData\Local\1i0qem3l06 moved successfully.
C:\ProgramData\1i0qem3l06 moved successfully.
C:\Users\Patrick\AppData\Roaming\OpenCloud Security folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\Favorites\Links folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\Favorites folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\Documents folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\Contacts folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\SACore\Cache\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\SACore\Cache\AFA0228517D559C72225EDC64521ED7E04459E89 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\SACore\Cache\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\SACore\Cache\4D5367EBDE22F22AB910D2E11BF07B236BD5EB37 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\SACore\Cache folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\SACore folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\OpenCloud Security folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenCloud Security folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\Low folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\TTW3A1BU folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\HL29CR12 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\F93TKJ76 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\DYYHZND5 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\Internet Explorer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\McAfee\sacore folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\McAfee folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mydamnchannel.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mevio.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.education.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.blogtalkradio.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.blinkx.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vox-static.liverail.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vizu.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vdassets.bitgravity.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ui.mevio.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tpplayer.comcastcim.edgesuite.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static2.filmannex.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static1.dmcdn.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.scanscout.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static-cf-1.hgcdn.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sftrack.searchforce.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#seal.buysafe.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources.videobash.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#public0.ordienetworks.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.ooyala.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.onescreen.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.grabnetworks.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.break.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hwcdn.veevr.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#extras.ooyala.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d2ciznq2rtdp7k.cloudfront.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#crackle.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#convoad.technoratimedia.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#convoad.technoratimedia.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cfiles.5min.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.telemetryverification.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.tremormedia.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.springboard.gorillanation.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.media.abc.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.innovid.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ad.insightexpressai.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.outdoorchannel.com\flash\theplatform\flvPlayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.outdoorchannel.com\flash\theplatform folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.outdoorchannel.com\flash folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.outdoorchannel.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.mevio.com\widgets\mwm\MevioBPFX.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.mevio.com\widgets\mwm folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.mevio.com\widgets folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.mevio.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.education.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.dailymotion.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.blogtalkradio.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.blinkx.com\f2\player.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.blinkx.com\f2 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\www.blinkx.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\vox-static.liverail.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\vizu.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\vdassets.bitgravity.com\plugins\flowplayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\vdassets.bitgravity.com\plugins folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\vdassets.bitgravity.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\ui.mevio.com\widgets\mwm\MevioBPFX.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\ui.mevio.com\widgets\mwm folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\ui.mevio.com\widgets folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\ui.mevio.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\tpplayer.comcastcim.edgesuite.net\PDK\4.3.1\swf\flvPlayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\tpplayer.comcastcim.edgesuite.net\PDK\4.3.1\swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\tpplayer.comcastcim.edgesuite.net\PDK\4.3.1 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\tpplayer.comcastcim.edgesuite.net\PDK folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\tpplayer.comcastcim.edgesuite.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\static2.filmannex.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\static1.dmcdn.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\static.scanscout.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\static-cf-1.hgcdn.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\seal.buysafe.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\s.ytimg.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\resources.videobash.com\flash\videobashSkin.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\resources.videobash.com\flash folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\resources.videobash.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\public0.ordienetworks.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.ooyala.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.onescreen.net\1.7\s\MediaPlayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.onescreen.net\1.7\s folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.onescreen.net\1.7 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.onescreen.net\1.6\s\MediaPlayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.onescreen.net\1.6\s folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.onescreen.net\1.6 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.onescreen.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\player.grabnetworks.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\hwcdn.veevr.com\q4z7c2x6\cds\swf\flowplayer.commercial-3.2.7.1.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\hwcdn.veevr.com\q4z7c2x6\cds\swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\hwcdn.veevr.com\q4z7c2x6\cds folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\hwcdn.veevr.com\q4z7c2x6 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\hwcdn.veevr.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\fuse.tv\media\videos\flvplayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\fuse.tv\media\videos folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\fuse.tv\media folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\fuse.tv folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\flash.quantserve.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\extras.ooyala.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\d2ciznq2rtdp7k.cloudfront.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\core.videoegg.com\#ve folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\core.videoegg.com\#com\videoegg folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\core.videoegg.com\#com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\core.videoegg.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cfiles.5min.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn1.telemetryverification.net folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.visiblemeasures.com\swf\as2 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.visiblemeasures.com\swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.visiblemeasures.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.springboard.gorillanation.com\mediaplayer\master\mediaplayer.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.springboard.gorillanation.com\mediaplayer\master folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.springboard.gorillanation.com\mediaplayer folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.springboard.gorillanation.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cdn.innovid.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\cache.btrll.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\as1.suitesmart.com\_f5e.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\as1.suitesmart.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\admin.brightcove.com\[[IMPORT]]\o.aolcdn.com\videoplayer\aolbc\aol_ondemand.swf folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\admin.brightcove.com\[[IMPORT]]\o.aolcdn.com\videoplayer\aolbc folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\admin.brightcove.com\[[IMPORT]]\o.aolcdn.com\videoplayer folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\admin.brightcove.com\[[IMPORT]]\o.aolcdn.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\admin.brightcove.com\[[IMPORT]] folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF\admin.brightcove.com folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2FXZ8RZF folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Macromedia folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Intel\Wireless folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Intel folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Apple Computer\Logs folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHZD3NG folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe\Flash Player folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0\Preferences folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0\Collab folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe\Acrobat folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\security folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\log folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\ext folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Sun folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime\downloads\08\07 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime\downloads\08 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime\downloads folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows Media\11.0 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows Media folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UV7VT8YF folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQBIL718 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F7KZBHXS folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FIDKC8C folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHRQRQ0B folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WB32UTIM folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCG1B7IV folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REO1RH3R folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENAS0X1K folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBPPGIJR folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GM8ZA3Q folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\History\Low folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011092020110921 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011091920110920 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Explorer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\MSN Suite folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\STF3GZBR folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\RK3B494I folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\QFA9RZXY folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\ATFPXER8 folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Internet Explorer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Google\Toolbar folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Google folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Adobe\Color\Profiles folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Adobe\Color folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Adobe folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$ scheduled to be moved on reboot.
File\Folder :otl not found.
File\Folder IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 not found.
File\Folder IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local not found.
File\Folder IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53919 not found.
File\Folder IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 not found.
File\Folder IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local not found.
File\Folder IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53919 not found.
File\Folder FF - prefs.js..network.proxy.http: "127.0.0.1" not found.
File\Folder FF - prefs.js..network.proxy.http_port: 63434 not found.
File\Folder FF - prefs.js..network.proxy.type: 1 not found.
File\Folder O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) not found.
File\Folder O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) not found.
File\Folder O4 - HKLM..\Run: [OpenCloud Security] C:\Users\Patrick\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe File not found not found.
File\Folder O4 - HKLM..\Run: [Unattend0000000001{CE1C30CE-8390-4E54-A1C0-A091EBC35790}] C:\Windows\test.bat File not found not found.
File\Folder O4 - HKLM..\Run: [volmgr] C:\Windows\system32\config\systemprofile\AppData\Local\volmgr.exe File not found not found.
File\Folder O4 - HKU\.DEFAULT..\Run: [-355484389] C:\Windows\TEMP\\jucheck.exe () not found.
File\Folder O4 - HKU\S-1-5-18..\Run: [-355484389] C:\Windows\TEMP\\jucheck.exe () not found.
File\Folder O4 - HKU\S-1-5-19..\Run: [Microsoft Update] C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe File not found not found.
File\Folder O4 - HKU\S-1-5-20..\Run: [Microsoft Update] C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe File not found not found.
File\Folder :commands not found.
File\Folder [resethosts] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_214919

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB31180$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Intel\Wireless folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Intel folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Apple Computer\Logs folder moved successfully.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Apple Computer folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\LocalLow folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NE8NKO1L scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GC236682 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEHR8QM7 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498RWC7N scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1W1E9I1J scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData\Local scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB31180$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Farbar Service Scanner
Ran by Patrick (administrator) on 18-11-2011 at 22:08:29
Windows Vista ™ Home Premium Service Pack 2 (X86)

************************************************
================== Search: afd.sys ===================

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2011-06-16 19:09] - [2011-04-21 08:28] - 0273920 ____A (Microsoft Corporation) 70EE0FC7A0F384DBD929A01384AEEB4B

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011-06-16 19:09] - [2011-04-21 08:58] - 0273408 ____N () AD7D1F3E6073C63C55BE20EAF805408A

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2009-09-19 10:40] - [2009-04-10 23:47] - 0273920 ____A (Microsoft Corporation) A201207363AA900ABF1A388468688570

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
[2011-06-16 19:09] - [2011-04-21 08:12] - 0273920 ____A (Microsoft Corporation) C8AF25017CECB75906A571AC70D2D306

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011-06-16 19:09] - [2011-04-21 08:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2008-08-16 17:42] - [2008-01-18 20:57] - 0273920 ____A (Microsoft Corporation) 763E172A55177E478CB419F88FD0BA03

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2006-11-02 03:58] - [2006-11-02 03:58] - 0270336 ____A (Microsoft Corporation) 5D24CAF8EFD924A875698FF28384DB8B

====== End Of Search ======

After running OTL, the computer needed to reboot. It rebooted normally but then crashed (as it had before). Not sure if that affected anything.

Thanks for your hard work! I'll be around most of the weekend to work on this.

#15 Farbar

Just Curious

Security Developer
19,533 posts

Gender:Male
Location:The Netherlands

Posted 19 November 2011 - 03:10 AM

A part of the OTL removal didn't worked and some malware entries are still there. We need to do it later on. But first we restore the internet as it is awkward to use a USB drive back and fort.

Please download fix.bat 190bytes 8 downloads
Right-click and select "Run as administrator".
A log file opens, if it says "1 files(s) copied", it means it is good.
Please download AFD.reg 1.55K 3 downloads.
Double-click and confirm the prompt.
Run Command Prompt as administrator:
- Click on Start button.
- Type Cmd in the Start Search text box.
- Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.
- Type the following in the open command windows and press Enter: netsh winsock reset
- You should get notified that the operation was successful. Close the open window.
Now reboot to Safe Mode with networking and see if you have connection.