dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
2638
share rss forum feed

ccolvard

join:2012-06-06
Dallas, TX

[Trojan] Google redirect then more all pc's on Uverse network.

MBam no logger detects, Eset scan for several hours, no detect, no log?

>>> MBam Log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sharon :: SHARON7 [administrator]

5/31/2012 11:23:24 AM
mbam-log-2012-05-31 (11-23-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 332546
Time elapsed: 49 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

Re: [Trojan] Google redirect then more all pc's on Uverse networ

Let's get this opened for easier analysis...
What are your remaining symptoms..if any?

OTL logfile created on: 6/1/2012 10:59:21 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Sharon\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 56.69% Memory free
3.93 Gb Paging File | 2.66 Gb Available in Paging File | 67.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.86 Gb Total Space | 137.45 Gb Free Space | 61.13% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 2.91 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: SHARON7 | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/06/01 10:58:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
PRC - [2012/05/26 14:05:41 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/31 17:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/05/07 10:09:21 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2010/02/10 19:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- C:\Users\Sharon\AppData\Local\Temp\VNZIT.exe -- (VNZIT)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Sharon\AppData\Local\Temp\OPAVSYBA.exe -- (OPAVSYBA)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Sharon\AppData\Local\Temp\EAH.exe -- (EAH)
SRV - File not found [Auto | Stopped] -- C:\Windows\reset.exe /s -- (.EsetTrialReset)
SRV - [2012/05/07 10:09:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/22 19:29:08 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/03/14 10:19:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/20 07:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/25 14:24:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 20:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/31 17:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sharon\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/02/07 20:00:42 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010/05/18 16:54:50 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\radpms.sys -- (radpms)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/07/20 13:26:00 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2009/07/17 02:37:06 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/13 20:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/05/21 14:18:54 | 000,089,048 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008/10/24 13:54:00 | 000,035,328 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2)
DRV - [2008/10/24 13:54:00 | 000,035,328 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2)
DRV - [2008/04/01 14:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/12/03 13:19:00 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV - [2007/12/03 13:19:00 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {F9261AC1-61C5-45E9-9939-9A94AEB38A07}
IE - HKLM\..\SearchScopes\{F9261AC1-61C5-45E9-9939-9A94AEB38A07}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {C6116413-4D1E-491E-9B8A-94A4A90C9E90}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{C6116413-4D1E-491E-9B8A-94A4A90C9E90}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://encrypted.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/26 17:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/05/30 22:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/05/26 06:13:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/23 21:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/24 15:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/11 09:15:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/26 17:39:52 | 000,000,000 | ---D | M]

[2010/06/16 17:10:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions
[2010/02/28 16:16:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/02 11:41:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\tuedc105.default\extensions
[2012/05/23 21:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/26 06:13:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/11 18:03:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120525175844.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lorexddns.net ([lakehouse] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([us] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B78E81-FB2C-40D7-822C-8E88CBC7FB72}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/06/01 10:58:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2012/05/30 22:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/30 22:13:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/30 22:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/30 22:12:02 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sharon\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/30 14:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/30 14:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/26 14:05:50 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Opera
[2012/05/26 14:05:50 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Opera
[2012/05/26 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/05/25 20:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LanTricks
[2012/05/25 20:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\LanTricks
[2012/05/25 20:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trogon Software
[2012/05/25 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trogon Software
[2012/05/25 17:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/25 17:58:43 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2012/05/25 17:58:15 | 000,340,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2012/05/25 17:58:15 | 000,180,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012/05/25 17:58:15 | 000,169,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2012/05/25 17:58:15 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012/05/25 17:58:15 | 000,064,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2012/05/25 17:58:15 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012/05/25 17:58:15 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2012/05/25 17:52:55 | 000,151,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012/05/24 15:45:58 | 000,000,000 | ---D | C] -- C:\Registry Backups from ccleaner
[2012/05/24 15:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/24 15:40:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/23 20:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2012/05/23 20:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/05/23 20:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/05/23 13:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/05/23 00:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\SuperScan
[2012/05/08 19:40:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/05/08 19:40:51 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/05/08 19:40:50 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/05/08 19:40:48 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/05/08 19:40:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/05/08 19:40:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/05/08 19:40:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/05/08 19:40:38 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/05/08 19:40:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/05/08 19:40:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/05/08 19:40:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/05/08 19:40:21 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/05/08 19:40:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/05/08 19:40:04 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/05/08 19:40:02 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/05/08 19:39:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/08 19:38:23 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/05/08 19:37:35 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/08 17:42:29 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\SJC Money Managers
[2012/05/08 17:20:43 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/08 17:20:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/08 17:20:41 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/08 17:20:28 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/02 11:23:50 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Malwarebytes
[2012/05/02 11:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[3 C:\Users\Sharon\*.tmp files -> C:\Users\Sharon\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/06/01 10:58:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2012/06/01 10:53:28 | 000,007,642 | ---- | M] () -- C:\Users\Sharon\AppData\Local\resmon.resmoncfg
[2012/06/01 10:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/31 20:02:13 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/05/30 22:30:00 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\fba_Quicken.job
[2012/05/30 22:13:42 | 000,001,097 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/30 22:12:58 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sharon\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/30 22:12:10 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 22:12:10 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/30 22:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/30 22:04:40 | 1583,075,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/30 22:00:00 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\fba_Quickbooks.job
[2012/05/30 21:32:42 | 000,662,972 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/30 21:32:42 | 000,121,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/30 21:31:40 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2012/05/30 14:16:47 | 067,120,641 | ---- | M] () -- C:\Users\Sharon\Desktop\Desktop.7z
[2012/05/26 12:20:42 | 000,000,051 | RH-- | M] () -- C:\Users\Sharon\Desktop\GetSusp.opt
[2012/05/25 20:28:00 | 000,001,037 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\LanSpy.lnk
[2012/05/23 21:09:40 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/23 00:04:56 | 000,000,000 | ---- | M] () -- C:\Users\Sharon\Desktop\ipscan.csv
[2012/05/22 23:37:20 | 000,000,030 | RH-- | M] () -- C:\GetSusp.opt
[2012/05/17 23:24:28 | 000,078,408 | ---- | M] () -- C:\Users\Sharon\Documents\ip log.xml
[2012/05/16 19:01:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HP_192.168.1.75_MY85QHJ1P604YG
[2012/05/14 08:14:54 | 000,002,503 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/14 08:14:54 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/11 11:18:03 | 000,000,000 | -H-- | M] () -- C:\Users\Sharon\Documents\Default.rdp
[2012/05/09 09:40:53 | 039,051,264 | ---- | M] () -- C:\Users\Sharon\qdatarsi (Backup May 09,2012 09 40 AM).QBB
[2012/05/08 20:09:31 | 000,427,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 15:50:08 | 001,251,639 | ---- | M] () -- C:\Users\Sharon\Desktop\photo.JPG
[2012/05/07 14:14:05 | 000,721,251 | ---- | M] () -- C:\Users\Sharon\Desktop\Lawn Builders Contract.pdf
[2012/05/07 10:09:25 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/07 10:09:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 15:44:44 | 000,019,276 | -H-- | M] () -- C:\Users\Sharon\Documents\Database.kdb
[3 C:\Users\Sharon\*.tmp files -> C:\Users\Sharon\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/05/30 22:13:42 | 000,001,097 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/05/30 14:16:20 | 067,120,641 | ---- | C] () -- C:\Users\Sharon\Desktop\Desktop.7z
[2012/05/26 14:05:46 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/05/25 20:28:00 | 000,001,037 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\LanSpy.lnk
[2012/05/25 17:59:40 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/05/24 01:09:48 | 000,000,000 | ---- | C] () -- C:\Users\Sharon\Desktop\ipscan.csv
[2012/05/24 01:09:47 | 000,021,398 | RH-- | C] () -- C:\Users\Sharon\Desktop\dell.sdr
[2012/05/23 21:09:40 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/22 23:34:11 | 000,000,051 | RH-- | C] () -- C:\Users\Sharon\Desktop\GetSusp.opt
[2012/05/22 23:33:49 | 000,000,030 | RH-- | C] () -- C:\GetSusp.opt
[2012/05/17 23:24:28 | 000,078,408 | ---- | C] () -- C:\Users\Sharon\Documents\ip log.xml
[2012/05/16 19:01:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HP_192.168.1.75_MY85QHJ1P604YG
[2012/05/14 08:14:54 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/11 12:12:35 | 000,021,403 | ---- | C] () -- C:\Users\Sharon\Desktop\Another Obituary.pdf
[2012/05/11 12:10:34 | 002,390,517 | ---- | C] () -- C:\Users\Sharon\Desktop\strip-poker.wmv
[2012/05/11 12:10:23 | 008,001,451 | ---- | C] () -- C:\Users\Sharon\Desktop\Mrs.Hughes.wmv
[2012/05/11 11:18:03 | 000,000,000 | -H-- | C] () -- C:\Users\Sharon\Documents\Default.rdp
[2012/05/09 09:40:37 | 039,051,264 | ---- | C] () -- C:\Users\Sharon\qdatarsi (Backup May 09,2012 09 40 AM).QBB
[2012/05/08 15:50:07 | 001,251,639 | ---- | C] () -- C:\Users\Sharon\Desktop\photo.JPG
[2012/05/07 14:14:05 | 000,721,251 | ---- | C] () -- C:\Users\Sharon\Desktop\Lawn Builders Contract.pdf
[2012/05/01 18:52:26 | 000,007,642 | ---- | C] () -- C:\Users\Sharon\AppData\Local\resmon.resmoncfg
[2012/04/16 16:28:36 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/08/26 17:23:42 | 000,210,775 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011/08/26 17:23:42 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011/05/08 21:15:21 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/08 21:15:21 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/11/19 13:17:09 | 000,210,871 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/02 18:25:45 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/06/16 17:22:50 | 000,037,673 | -H-- | C] () -- C:\Users\Sharon\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/06/02 15:57:49 | 000,010,232 | -H-- | C] () -- C:\Users\Sharon\AppData\Roaming\Comma Separated Values (Windows).CAL

[color=#E56717]========== LOP Check ==========[/color]

[2012/05/30 21:35:07 | 000,000,000 | -H-D | M] -- C:\Users\Sharon\AppData\Roaming\Blueberry
[2010/09/27 14:59:15 | 000,000,000 | -H-D | M] -- C:\Users\Sharon\AppData\Roaming\Dream Aquarium
[2012/05/30 21:35:51 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Dropbox
[2012/05/01 20:01:38 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\ESET
[2012/04/16 07:55:37 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Eye-Fi
[2011/05/06 16:43:07 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Foxit
[2011/05/06 16:43:07 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Foxit Software
[2011/05/06 16:43:07 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\KeePass
[2011/01/05 20:06:13 | 000,000,000 | -H-D | M] -- C:\Users\Sharon\AppData\Roaming\LogSys
[2012/05/26 14:05:50 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Opera
[2011/05/06 07:29:39 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Sammsoft
[2011/05/06 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Softland
[2011/05/06 16:43:09 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Thunderbird
[2012/02/01 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Titanium
[2012/05/30 22:00:00 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\fba_Quickbooks.job
[2012/05/30 22:30:00 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\fba_Quicken.job
[2011/12/27 20:42:54 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 143 bytes -> C:\Users\Sharon\FW Application Radio-Systems-Whitehurst_CLW TX-DAL6050.eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Sharon\FW Application Radio-Systems-Whitehurst_CLW TX-DAL6050(4).eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Sharon\FW Application Radio-Systems-Whitehurst_CLW TX-DAL6050(3).eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Sharon\FW Application Radio-Systems-Whitehurst_CLW TX-DAL6050(2).eml:OECustomProperty
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0CFF5F08

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL Extras logfile created on: 6/1/2012 10:59:21 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Sharon\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 56.69% Memory free
3.93 Gb Paging File | 2.66 Gb Available in Paging File | 67.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.86 Gb Total Space | 137.45 Gb Free Space | 61.13% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 2.91 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: SHARON7 | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiSpywareOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097AB111-72D8-406C-862A-2AC8DDF764C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11FA0AAA-A90F-410C-9DF2-E9854257EFD2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27455A80-4F94-4B6B-A0D8-5261FAA3C44C}" = lport=445 | protocol=6 | dir=in | app=system |
"{46437B78-94A8-4E1A-8380-660A68D007A9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{881427DD-5245-49DF-9396-A3E10F716AB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FE13053-82F1-4BBF-BCD5-A379AD595FEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2EE8F3B-0EF8-4474-86B2-E235024D5077}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A36F9C33-D953-47D2-BCF6-27625FC31C92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C47D4B3C-01E2-42E7-93F4-F69230715AB5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CE0C0568-BFBD-47A3-A083-FE06A86AC117}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DC2417-D8D6-4914-8045-EA9165C5A5C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D1C5FD6-D7C2-4372-A8F0-EFD05FA3354C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{189F1AF1-0990-4E6C-8F79-265B296476F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E257621-F985-4075-82C3-217A0D473160}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{28C0A47C-07D3-4F84-8BD1-BFB1119B0D03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30AC75C4-35F1-4FCE-9608-B2CA684A02C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3591343A-9AB1-47F8-9E6F-570704384F25}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3D29E1C6-50CD-4818-A7C6-CF5D6D855681}" = protocol=6 | dir=out | app=system |
"{41388EB8-C52C-4E6E-855B-CA8EFA520254}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F7018C2-9E97-4418-9F07-1C605F1B42E2}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{4F9E2E74-D12F-4D90-9B4B-C16AEB41379A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56BEF90A-78CB-450D-AEBB-2CC0888C99B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5AFF7957-4E37-4FEC-A4E8-F6A2C50450CA}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{BA5ADF63-4C6E-46CC-B593-4CBA31AA93C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5B08BE8-C0AA-4D70-8DF6-25171150E6CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD5C303F-2A91-4F4F-AEC5-8476156FD049}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{376FA830-EAA2-012B-AD6B-000000000000}" = TurboTax 2009 whiiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D0AF541-AEB5-42C0-ADB5-09F7D6F7640F}" = TurboTax 2010 whiiper
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DD67529-BA26-4D12-97A8-3853D0C4B67D}" = Dell Backup and Recovery Manager
"{8F9216E8-21AC-4307-AE08-F5CBBCBEFE53}_is1" = Trogon MAC Scanner version 2.4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CrossLoop_is1" = CrossLoop 2.60
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KeePass Password Safe_is1" = KeePass Password Safe 1.18
"LanSpy_is1" = LanSpy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"Opera 11.64.1403" = Opera 11.64
"Picasa 3" = Picasa 3
"Power Audio Recorder_is1" = Power Audio Recorder 2.00
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TVWiz" = Intel(R) TV Wizard
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/23/2012 5:34:35 PM | Computer Name = Sharon7 | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4bc2ca37 Faulting module name: chrome.dll, version: 5.0.375.3, time stamp: 0x4bc2c9ec
Exception
code: 0xc0000005 Fault offset: 0x008171ad Faulting process id: 0x58c Faulting application
start time: 0x01cd39115ced88f6 Faulting application path: C:\Users\Sharon\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Sharon\AppData\Local\Google\Chrome\Application\5.0.375.3\chrome.dll
Report
Id: 16ae0e8d-a51f-11e1-8824-0002721ceb78

Error - 5/23/2012 6:22:03 PM | Computer Name = Sharon7 | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4bc2ca37 Faulting module name: chrome.dll, version: 5.0.375.3, time stamp: 0x4bc2c9ec
Exception
code: 0xc0000005 Fault offset: 0x008171ad Faulting process id: 0xca8 Faulting application
start time: 0x01cd392bd7c4346e Faulting application path: C:\Users\Sharon\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Sharon\AppData\Local\Google\Chrome\Application\5.0.375.3\chrome.dll
Report
Id: b848f143-a525-11e1-8824-0002721ceb78

Error - 5/24/2012 3:22:04 AM | Computer Name = Sharon7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\LeapFrog\leapfrog
connect\tagusbdrivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/24/2012 3:22:14 AM | Computer Name = Sharon7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/25/2012 4:22:23 PM | Computer Name = Sharon7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\LeapFrog\leapfrog
connect\tagusbdrivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/25/2012 4:22:32 PM | Computer Name = Sharon7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/26/2012 7:59:48 AM | Computer Name = Sharon7 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\LeapFrog\leapfrog
connect\tagusbdrivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/26/2012 8:02:31 AM | Computer Name = Sharon7 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/29/2012 10:58:11 AM | Computer Name = Sharon7 | Source = Application Error | ID = 1000
Description = Faulting application name: rescue_system-common-en.exe, version: 2.1.0.16,
time stamp: 0x4bdad87d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x338 Faulting application start time: 0x01cd3dab66be6cc3 Faulting application path:
D:\Tools\rescue_system-common-en.exe Faulting module path: unknown Report Id: b506514d-a99e-11e1-bfca-e3986482748d

Error - 5/29/2012 11:03:04 AM | Computer Name = Sharon7 | Source = Application Error | ID = 1000
Description = Faulting application name: rescue_system-common-en.exe, version: 2.1.0.16,
time stamp: 0x4bdad87d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x59c Faulting application start time: 0x01cd3dac0c4693bb Faulting application path:
D:\Tools\rescue_system-common-en.exe Faulting module path: unknown Report Id: 63b723b2-a99f-11e1-a085-89f7c243b481

[ OSession Events ]
Error - 1/26/2012 5:15:47 AM | Computer Name = Sharon7 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34285
seconds with 2820 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/30/2012 10:53:47 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 5/30/2012 10:53:48 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7000
Description = The LMIGuardianSvc service failed to start due to the following error:
%%2

Error - 5/30/2012 10:53:48 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 5/30/2012 10:58:20 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7034
Description = The Andrea RT Filters Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/30/2012 11:04:49 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 5/30/2012 11:04:49 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 5/31/2012 12:29:42 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/31/2012 12:29:47 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service v4 service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/31/2012 12:30:05 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/31/2012 12:30:11 PM | Computer Name = Sharon7 | Source = Service Control Manager | ID = 7034
Description = The QBIDPService service terminated unexpectedly. It has done this
1 time(s).

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
reply to ccolvard

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x86 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
LanSpy
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java(TM) 6 Update 31
[color=red]Java version out of date![/color]
Adobe Flash Player 11.2.202.235
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
Mozilla Firefox (12.0)
Mozilla Thunderbird (12.0.1)
Google Chrome 5.0.375.3
Google Chrome plugins...
[u]````````Process Check: objlist.exe by Laurent````````[/u]
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
[u]````````````````````End of Log``````````````````````[/u]

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=61ce2b6245943a41a389efd5ac48cf7a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-06 11:14:24
# local_time=2012-06-06 06:14:24 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 937361 39390382 0 0
# compatibility_mode=5893 16776574 100 94 764135 90555311 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=149368
# found=0
# cleaned=0
# scan_time=13943
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

This PC has been disconnected from the network and cleaned as above. If I leave it on it seems to start using a lot of network resources. Last time I cleaned Mcafee found trojan and rootkit killer found about 18 files.

Prior to that it was using eset which was reporting nothing. Now I've switch all to uverse mcafee secuirty suite and changed IP ranges on router and gateway address. Other machines present IE, Firefox redirect after time on network. Same for this machine. Seems to come back after running on network.

Cleaing tools seem to stop working or detecting.

The other thing is that it blocks certian security related sites like kaspersky, mcafee, bleeping computer, etc... Nothing seems to be going on at the moment. But, it has not been connect to the network for very long.

Thanks

Chris



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57

Is this pc used in a work environment? Or a home network?


ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

Home office. This PC has the accounting programs on it.

Thanks



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

Then, if you could also download and run TDSS Killer (#4), posting the log in your next reply - it would be appreciated

We'll need the entire log, even if you 'think/see' nothing detected.

»Security Cleanup FAQ »Rootkit Detection Applications


ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

Here is the log file. I did not take any action and skipped the quarantine of the detected files.

>>> File to big, attached.


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

21:55:26.0464 7564 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:55:28.0484 7564 ============================================================
21:55:28.0484 7564 Current date / time: 2012/06/06 21:55:28.0484
21:55:28.0484 7564 SystemInfo:
21:55:28.0484 7564
21:55:28.0484 7564 OS Version: 6.1.7601 ServicePack: 1.0
21:55:28.0484 7564 Product type: Workstation
21:55:28.0484 7564 ComputerName: SHARON7
21:55:28.0484 7564 UserName: Sharon
21:55:28.0484 7564 Windows directory: C:\Windows
21:55:28.0484 7564 System windows directory: C:\Windows
21:55:28.0484 7564 Processor architecture: Intel x86
21:55:28.0484 7564 Number of processors: 2
21:55:28.0484 7564 Page size: 0x1000
21:55:28.0484 7564 Boot type: Normal boot
21:55:28.0484 7564 ============================================================
21:55:29.0832 7564 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:29.0863 7564 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:29.0910 7564 ============================================================
21:55:29.0910 7564 \Device\Harddisk0\DR0:
21:55:29.0910 7564 MBR partitions:
21:55:29.0910 7564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0xFDB000
21:55:29.0910 7564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFEF000, BlocksNum 0x1C1B9800
21:55:29.0910 7564 \Device\Harddisk1\DR1:
21:55:29.0910 7564 MBR partitions:
21:55:29.0910 7564 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
21:55:29.0910 7564 ============================================================
21:55:29.0941 7564 C: \Device\Harddisk0\DR0\Partition1
21:55:29.0956 7564 Z: \Device\Harddisk1\DR1\Partition0
21:55:29.0956 7564 ============================================================
21:55:29.0956 7564 Initialize success
21:55:29.0956 7564 ============================================================
21:56:03.0909 5536 ============================================================
21:56:03.0909 5536 Scan started
21:56:03.0909 5536 Mode: Manual; SigCheck; TDLFS;
21:56:03.0909 5536 ============================================================
21:56:04.0664 5536 .EsetTrialReset - ok
21:56:04.0804 5536 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:56:04.0945 5536 1394ohci - ok
21:56:04.0976 5536 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:56:04.0991 5536 ACPI - ok
21:56:05.0023 5536 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:56:05.0114 5536 AcpiPmi - ok
21:56:05.0209 5536 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:05.0231 5536 AdobeFlashPlayerUpdateSvc - ok
21:56:05.0294 5536 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:05.0326 5536 adp94xx - ok
21:56:05.0356 5536 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:56:05.0386 5536 adpahci - ok
21:56:05.0406 5536 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:56:05.0421 5536 adpu320 - ok
21:56:05.0449 5536 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:56:05.0506 5536 AeLookupSvc - ok
21:56:05.0556 5536 AERTFilters (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
21:56:05.0634 5536 AERTFilters - ok
21:56:05.0696 5536 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:56:05.0774 5536 AFD - ok
21:56:05.0805 5536 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:56:05.0821 5536 agp440 - ok
21:56:05.0852 5536 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:56:05.0868 5536 aic78xx - ok
21:56:05.0899 5536 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:56:05.0961 5536 ALG - ok
21:56:05.0961 5536 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:56:05.0992 5536 aliide - ok
21:56:06.0008 5536 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:56:06.0008 5536 amdagp - ok
21:56:06.0024 5536 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:56:06.0039 5536 amdide - ok
21:56:06.0055 5536 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:56:06.0102 5536 AmdK8 - ok
21:56:06.0117 5536 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:56:06.0148 5536 AmdPPM - ok
21:56:06.0211 5536 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:56:06.0226 5536 amdsata - ok
21:56:06.0258 5536 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:06.0273 5536 amdsbs - ok
21:56:06.0289 5536 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:56:06.0304 5536 amdxata - ok
21:56:06.0336 5536 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:56:06.0445 5536 AppID - ok
21:56:06.0460 5536 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:56:06.0528 5536 AppIDSvc - ok
21:56:06.0559 5536 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:56:06.0606 5536 Appinfo - ok
21:56:06.0731 5536 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:06.0731 5536 Apple Mobile Device - ok
21:56:06.0762 5536 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:56:06.0793 5536 arc - ok
21:56:06.0809 5536 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:56:06.0824 5536 arcsas - ok
21:56:06.0933 5536 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:56:06.0949 5536 aspnet_state - ok
21:56:06.0965 5536 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:07.0074 5536 AsyncMac - ok
21:56:07.0121 5536 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:56:07.0136 5536 atapi - ok
21:56:07.0214 5536 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:07.0277 5536 AudioEndpointBuilder - ok
21:56:07.0277 5536 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:56:07.0308 5536 Audiosrv - ok
21:56:07.0386 5536 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:56:07.0479 5536 AxInstSV - ok
21:56:07.0526 5536 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:56:07.0586 5536 b06bdrv - ok
21:56:07.0619 5536 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:56:07.0681 5536 b57nd60x - ok
21:56:07.0726 5536 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:56:07.0791 5536 BDESVC - ok
21:56:07.0799 5536 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:56:07.0836 5536 Beep - ok
21:56:07.0901 5536 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:56:07.0969 5536 BFE - ok
21:56:08.0013 5536 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:56:08.0091 5536 BITS - ok
21:56:08.0106 5536 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:08.0137 5536 blbdrive - ok
21:56:08.0262 5536 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:56:08.0293 5536 Bonjour Service - ok
21:56:08.0340 5536 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:56:08.0371 5536 bowser - ok
21:56:08.0371 5536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:08.0449 5536 BrFiltLo - ok
21:56:08.0465 5536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:08.0517 5536 BrFiltUp - ok
21:56:08.0548 5536 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:56:08.0610 5536 Browser - ok
21:56:08.0626 5536 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:56:08.0688 5536 Brserid - ok
21:56:08.0704 5536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:08.0735 5536 BrSerWdm - ok
21:56:08.0751 5536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:08.0782 5536 BrUsbMdm - ok
21:56:08.0798 5536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:08.0829 5536 BrUsbSer - ok
21:56:08.0891 5536 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:56:08.0954 5536 BthEnum - ok
21:56:08.0969 5536 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:09.0000 5536 BTHMODEM - ok
21:56:09.0036 5536 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:56:09.0074 5536 BthPan - ok
21:56:09.0144 5536 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:56:09.0199 5536 BTHPORT - ok
21:56:09.0231 5536 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:56:09.0281 5536 bthserv - ok
21:56:09.0314 5536 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:56:09.0346 5536 BTHUSB - ok
21:56:09.0416 5536 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
21:56:09.0436 5536 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
21:56:09.0436 5536 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
21:56:09.0471 5536 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:56:09.0509 5536 cdfs - ok
21:56:09.0550 5536 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:56:09.0597 5536 cdrom - ok
21:56:09.0628 5536 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:09.0690 5536 CertPropSvc - ok
21:56:09.0753 5536 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
21:56:10.0282 5536 cfwids - ok
21:56:10.0307 5536 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:56:10.0322 5536 circlass - ok
21:56:10.0352 5536 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:56:10.0367 5536 CLFS - ok
21:56:10.0447 5536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:10.0465 5536 clr_optimization_v2.0.50727_32 - ok
21:56:10.0723 5536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:10.0770 5536 clr_optimization_v4.0.30319_32 - ok
21:56:10.0785 5536 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:10.0832 5536 CmBatt - ok
21:56:10.0879 5536 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:56:10.0894 5536 cmdide - ok
21:56:10.0941 5536 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:56:10.0972 5536 CNG - ok
21:56:10.0988 5536 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:56:11.0004 5536 Compbatt - ok
21:56:11.0050 5536 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:56:11.0097 5536 CompositeBus - ok
21:56:11.0113 5536 COMSysApp - ok
21:56:11.0128 5536 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:11.0144 5536 crcdisk - ok
21:56:11.0191 5536 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:56:11.0300 5536 CryptSvc - ok
21:56:11.0331 5536 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:11.0409 5536 DcomLaunch - ok
21:56:11.0440 5536 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:56:11.0509 5536 defragsvc - ok
21:56:11.0557 5536 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:56:11.0602 5536 DfsC - ok
21:56:11.0667 5536 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:56:11.0744 5536 Dhcp - ok
21:56:11.0772 5536 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:56:11.0812 5536 discache - ok
21:56:11.0842 5536 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:56:11.0862 5536 Disk - ok
21:56:11.0904 5536 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:56:11.0947 5536 Dnscache - ok
21:56:11.0993 5536 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:56:12.0071 5536 dot3svc - ok
21:56:12.0134 5536 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:56:12.0181 5536 Dot4 - ok
21:56:12.0227 5536 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:56:12.0259 5536 Dot4Print - ok
21:56:12.0274 5536 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:56:12.0305 5536 dot4usb - ok
21:56:12.0337 5536 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:56:12.0415 5536 DPS - ok
21:56:12.0446 5536 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:56:12.0477 5536 drmkaud - ok
21:56:12.0544 5536 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:56:12.0591 5536 DXGKrnl - ok
21:56:12.0700 5536 EAH - ok
21:56:12.0716 5536 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:56:12.0778 5536 EapHost - ok
21:56:12.0966 5536 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:56:13.0064 5536 ebdrv - ok
21:56:13.0174 5536 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:56:13.0226 5536 EFS - ok
21:56:13.0309 5536 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:56:13.0381 5536 ehRecvr - ok
21:56:13.0409 5536 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:56:13.0429 5536 ehSched - ok
21:56:13.0504 5536 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:56:13.0529 5536 elxstor - ok
21:56:13.0575 5536 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:56:13.0607 5536 ErrDev - ok
21:56:13.0653 5536 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:56:13.0700 5536 EventSystem - ok
21:56:13.0716 5536 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:56:13.0747 5536 exfat - ok
21:56:13.0778 5536 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:56:13.0825 5536 fastfat - ok
21:56:13.0903 5536 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:56:13.0965 5536 Fax - ok
21:56:13.0981 5536 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:56:14.0012 5536 fdc - ok
21:56:14.0043 5536 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:56:14.0090 5536 fdPHost - ok
21:56:14.0106 5536 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:56:14.0121 5536 FDResPub - ok
21:56:14.0137 5536 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:56:14.0153 5536 FileInfo - ok
21:56:14.0153 5536 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:56:14.0184 5536 Filetrace - ok
21:56:14.0199 5536 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:14.0215 5536 flpydisk - ok
21:56:14.0262 5536 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:56:14.0277 5536 FltMgr - ok
21:56:14.0324 5536 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
21:56:14.0355 5536 FlyUsb ( UnsignedFile.Multi.Generic ) - warning
21:56:14.0355 5536 FlyUsb - detected UnsignedFile.Multi.Generic (1)
21:56:14.0418 5536 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:56:14.0496 5536 FontCache - ok
21:56:14.0579 5536 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:14.0594 5536 FontCache3.0.0.0 - ok
21:56:14.0610 5536 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:56:14.0626 5536 FsDepends - ok
21:56:14.0672 5536 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:56:14.0688 5536 Fs_Rec - ok
21:56:14.0750 5536 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:56:14.0782 5536 fvevol - ok
21:56:14.0797 5536 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:14.0813 5536 gagp30kx - ok
21:56:14.0844 5536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:56:14.0844 5536 GEARAspiWDM - ok
21:56:14.0906 5536 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:56:14.0953 5536 gpsvc - ok
21:56:15.0047 5536 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:56:15.0078 5536 gusvc - ok
21:56:15.0094 5536 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:56:15.0140 5536 hcw85cir - ok
21:56:15.0187 5536 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:56:15.0234 5536 HDAudBus - ok
21:56:15.0234 5536 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:15.0268 5536 HidBatt - ok
21:56:15.0285 5536 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:56:15.0313 5536 HidBth - ok
21:56:15.0330 5536 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:56:15.0365 5536 HidIr - ok
21:56:15.0390 5536 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:56:15.0443 5536 hidserv - ok
21:56:15.0483 5536 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:56:15.0515 5536 HidUsb - ok
21:56:15.0558 5536 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:56:15.0593 5536 hkmsvc - ok
21:56:15.0638 5536 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:56:15.0698 5536 HomeGroupListener - ok
21:56:15.0743 5536 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:56:15.0820 5536 HomeGroupProvider - ok
21:56:15.0955 5536 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:56:15.0986 5536 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:56:15.0986 5536 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:56:16.0033 5536 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:56:16.0048 5536 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:56:16.0048 5536 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:56:16.0126 5536 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:56:16.0142 5536 HpSAMD - ok
21:56:16.0235 5536 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:56:16.0282 5536 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:56:16.0282 5536 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:56:16.0360 5536 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:56:16.0407 5536 HTTP - ok
21:56:16.0407 5536 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:56:16.0423 5536 hwpolicy - ok
21:56:16.0469 5536 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:56:16.0501 5536 i8042prt - ok
21:56:16.0630 5536 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:56:16.0662 5536 IAANTMON - ok
21:56:16.0693 5536 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
21:56:16.0708 5536 iaStor - ok
21:56:16.0755 5536 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:56:16.0786 5536 iaStorV - ok
21:56:16.0911 5536 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:16.0952 5536 idsvc - ok
21:56:17.0470 5536 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:56:17.0709 5536 igfx - ok
21:56:17.0834 5536 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:56:17.0849 5536 iirsp - ok
21:56:17.0927 5536 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

21:56:17.0990 5536 IKEEXT - ok
21:56:18.0146 5536 IntcAzAudAddService (8b27c21412ae4404eb0acfe1d98579ec) C:\Windows\system32\drivers\RTKVHDA.sys
21:56:18.0208 5536 IntcAzAudAddService - ok
21:56:18.0333 5536 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:56:18.0349 5536 intelide - ok
21:56:18.0364 5536 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:56:18.0411 5536 intelppm - ok
21:56:18.0541 5536 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:56:18.0556 5536 IntuitUpdateService - ok
21:56:18.0634 5536 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:56:18.0650 5536 IntuitUpdateServiceV4 - ok
21:56:18.0681 5536 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:56:18.0728 5536 IPBusEnum - ok
21:56:18.0744 5536 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:18.0775 5536 IpFilterDriver - ok
21:56:18.0853 5536 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:56:18.0884 5536 iphlpsvc - ok
21:56:18.0931 5536 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:56:18.0962 5536 IPMIDRV - ok
21:56:18.0993 5536 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:56:19.0040 5536 IPNAT - ok
21:56:19.0149 5536 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:56:19.0196 5536 iPod Service - ok
21:56:19.0212 5536 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:56:19.0243 5536 IRENUM - ok
21:56:19.0274 5536 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:56:19.0290 5536 isapnp - ok
21:56:19.0336 5536 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:56:19.0368 5536 iScsiPrt - ok
21:56:19.0383 5536 JRAID (d7b5b5c5130b775ec7e32edd780d737f) C:\Windows\system32\DRIVERS\jraid.sys
21:56:19.0434 5536 JRAID - ok
21:56:19.0461 5536 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:56:19.0471 5536 kbdclass - ok
21:56:19.0509 5536 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:56:19.0626 5536 kbdhid - ok
21:56:19.0656 5536 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:19.0674 5536 KeyIso - ok
21:56:19.0714 5536 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:56:19.0734 5536 KSecDD - ok
21:56:19.0776 5536 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:56:19.0799 5536 KSecPkg - ok
21:56:19.0831 5536 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:56:19.0876 5536 KtmRm - ok
21:56:19.0939 5536 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:56:20.0001 5536 LanmanServer - ok
21:56:20.0032 5536 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:56:20.0095 5536 LanmanWorkstation - ok
21:56:20.0126 5536 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:56:20.0173 5536 lltdio - ok
21:56:20.0220 5536 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:56:20.0274 5536 lltdsvc - ok
21:56:20.0289 5536 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:56:20.0311 5536 lmhosts - ok
21:56:20.0384 5536 LMIInfo - ok
21:56:20.0424 5536 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
21:56:20.0439 5536 lmimirr - ok
21:56:20.0466 5536 LMIRfsClientNP - ok
21:56:20.0481 5536 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:56:20.0496 5536 LMIRfsDriver - ok
21:56:20.0521 5536 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:20.0534 5536 LSI_FC - ok
21:56:20.0544 5536 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:20.0559 5536 LSI_SAS - ok
21:56:20.0575 5536 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:20.0591 5536 LSI_SAS2 - ok
21:56:20.0591 5536 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:20.0606 5536 LSI_SCSI - ok
21:56:20.0653 5536 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:56:20.0700 5536 luafv - ok
21:56:20.0793 5536 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:56:20.0825 5536 McAfee SiteAdvisor Service - ok
21:56:20.0825 5536 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:56:20.0840 5536 McMPFSvc - ok
21:56:20.0856 5536 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:56:20.0856 5536 mcmscsvc - ok
21:56:20.0871 5536 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:56:20.0871 5536 McNaiAnn - ok
21:56:20.0903 5536 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:56:20.0915 5536 McNASvc - ok
21:56:21.0020 5536 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
21:56:21.0043 5536 McODS - ok
21:56:21.0063 5536 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
21:56:21.0075 5536 McProxy - ok
21:56:21.0123 5536 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:56:21.0150 5536 McShield - ok
21:56:21.0193 5536 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:56:21.0218 5536 Mcx2Svc - ok
21:56:21.0235 5536 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:56:21.0248 5536 megasas - ok
21:56:21.0278 5536 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:21.0300 5536 MegaSR - ok
21:56:21.0345 5536 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
21:56:21.0363 5536 mfeapfk - ok
21:56:21.0425 5536 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
21:56:21.0453 5536 mfeavfk - ok
21:56:21.0480 5536 mfeavfk01 - ok
21:56:21.0576 5536 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
21:56:21.0592 5536 mfebopk - ok
21:56:21.0654 5536 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:56:21.0686 5536 mfefire - ok
21:56:21.0748 5536 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
21:56:21.0779 5536 mfefirek - ok
21:56:21.0842 5536 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
21:56:21.0873 5536 mfehidk - ok
21:56:21.0888 5536 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:56:21.0904 5536 mfenlfk - ok
21:56:21.0951 5536 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
21:56:21.0966 5536 mferkdet - ok
21:56:22.0029 5536 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
21:56:22.0044 5536 mfevtp - ok
21:56:22.0091 5536 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
21:56:22.0122 5536 mfewfpk - ok
21:56:22.0216 5536 MFE_RR - ok
21:56:22.0310 5536 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:56:22.0325 5536 Microsoft Office Groove Audit Service - ok
21:56:22.0356 5536 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:22.0403 5536 MMCSS - ok
21:56:22.0434 5536 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:56:22.0481 5536 Modem - ok
21:56:22.0528 5536 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:56:22.0564 5536 monitor - ok
21:56:22.0611 5536 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:56:22.0627 5536 mouclass - ok
21:56:22.0658 5536 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:56:22.0689 5536 mouhid - ok
21:56:22.0736 5536 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:56:22.0751 5536 mountmgr - ok
21:56:22.0783 5536 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:56:22.0829 5536 mpio - ok
21:56:22.0845 5536 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:56:22.0892 5536 mpsdrv - ok
21:56:22.0954 5536 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:56:23.0017 5536 MpsSvc - ok
21:56:23.0063 5536 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:56:23.0095 5536 MRxDAV - ok
21:56:23.0141 5536 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:23.0173 5536 mrxsmb - ok
21:56:23.0219 5536 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:23.0251 5536 mrxsmb10 - ok
21:56:23.0266 5536 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:23.0282 5536 mrxsmb20 - ok
21:56:23.0313 5536 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:56:23.0329 5536 msahci - ok
21:56:23.0370 5536 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:56:23.0382 5536 msdsm - ok
21:56:23.0410 5536 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:56:23.0455 5536 MSDTC - ok
21:56:23.0485 5536 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:56:23.0510 5536 Msfs - ok
21:56:23.0522 5536 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:56:23.0560 5536 mshidkmdf - ok
21:56:23.0592 5536 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:56:23.0612 5536 msisadrv - ok
21:56:23.0645 5536 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:56:23.0692 5536 MSiSCSI - ok
21:56:23.0695 5536 msiserver - ok
21:56:23.0715 5536 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:56:23.0750 5536 MSKSSRV - ok
21:56:23.0780 5536 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:23.0832 5536 MSPCLOCK - ok
21:56:23.0837 5536 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:56:23.0884 5536 MSPQM - ok
21:56:23.0900 5536 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:56:23.0931 5536 MsRPC - ok
21:56:23.0962 5536 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:56:23.0978 5536 mssmbios - ok
21:56:23.0993 5536 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:56:24.0009 5536 MSTEE - ok
21:56:24.0009 5536 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:24.0040 5536 MTConfig - ok
21:56:24.0056 5536 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:56:24.0071 5536 Mup - ok
21:56:24.0118 5536 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:56:24.0180 5536 napagent - ok
21:56:24.0212 5536 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:56:24.0243 5536 NativeWifiP - ok
21:56:24.0321 5536 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:56:24.0352 5536 NDIS - ok
21:56:24.0368 5536 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:24.0399 5536 NdisCap - ok
21:56:24.0414 5536 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:24.0461 5536 NdisTapi - ok
21:56:24.0492 5536 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:24.0539 5536 Ndisuio - ok
21:56:24.0580 5536 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:24.0612 5536 NdisWan - ok
21:56:24.0640 5536 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:56:24.0675 5536 NDProxy - ok
21:56:24.0720 5536 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
21:56:24.0737 5536 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:24.0737 5536 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:24.0770 5536 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:56:24.0810 5536 NetBIOS - ok
21:56:24.0842 5536 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:56:24.0887 5536 NetBT - ok
21:56:24.0925 5536 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:24.0947 5536 Netlogon - ok
21:56:24.0997 5536 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:56:25.0062 5536 Netman - ok
21:56:25.0170 5536 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:25.0197 5536 NetMsmqActivator - ok
21:56:25.0202 5536 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:25.0217 5536 NetPipeActivator - ok
21:56:25.0242 5536 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:56:25.0282 5536 netprofm - ok
21:56:25.0285 5536 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:25.0295 5536 NetTcpActivator - ok
21:56:25.0297 5536 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:56:25.0310 5536 NetTcpPortSharing - ok
21:56:25.0347 5536 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:25.0367 5536 nfrd960 - ok
21:56:25.0415 5536 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:56:25.0465 5536 NlaSvc - ok
21:56:25.0482 5536 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:56:25.0505 5536 Npfs - ok
21:56:25.0515 5536 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:56:25.0540 5536 nsi - ok
21:56:25.0547 5536 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:56:25.0575 5536 nsiproxy - ok
21:56:25.0669 5536 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:56:25.0731 5536 Ntfs - ok
21:56:25.0841 5536 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:56:25.0887 5536 Null - ok
21:56:25.0919 5536 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:56:25.0934 5536 nvraid - ok
21:56:25.0950 5536 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:56:25.0981 5536 nvstor - ok
21:56:26.0012 5536 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:56:26.0043 5536 nv_agp - ok
21:56:26.0137 5536 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:56:26.0168 5536 odserv - ok
21:56:26.0215 5536 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:56:26.0246 5536 ohci1394 - ok
21:56:26.0340 5536 OPAVSYBA - ok
21:56:26.0402 5536 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:56:26.0418 5536 ose - ok
21:56:26.0465 5536 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:56:26.0496 5536 p2pimsvc - ok
21:56:26.0527 5536 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:56:26.0610 5536 p2psvc - ok
21:56:26.0719 5536 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:56:26.0735 5536 Parport - ok
21:56:26.0766 5536 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:56:26.0797 5536 partmgr - ok
21:56:26.0813 5536 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:56:26.0844 5536 Parvdm - ok
21:56:26.0860 5536 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:56:26.0906 5536 PcaSvc - ok
21:56:26.0938 5536 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:56:26.0969 5536 pci - ok
21:56:26.0969 5536 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:56:26.0984 5536 pciide - ok
21:56:27.0000 5536 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:56:27.0031 5536 pcmcia - ok
21:56:27.0047 5536 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:56:27.0047 5536 pcw - ok
21:56:27.0094 5536 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:56:27.0156 5536 PEAUTH - ok
21:56:27.0265 5536 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:56:27.0333 5536 pla - ok
21:56:27.0455 5536 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:56:27.0498 5536 PlugPlay - ok
21:56:27.0558 5536 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
21:56:27.0578 5536 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:56:27.0578 5536 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:56:27.0598 5536 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:56:27.0630 5536 PNRPAutoReg - ok
21:56:27.0660 5536 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:56:27.0675 5536 PNRPsvc - ok
21:56:27.0720 5536 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:56:27.0775 5536 PolicyAgent - ok
21:56:27.0803 5536 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:56:27.0818 5536 Power - ok
21:56:27.0865 5536 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:56:27.0927 5536 PptpMiniport - ok
21:56:27.0943 5536 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:56:27.0974 5536 Processor - ok
21:56:28.0021 5536 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:56:28.0068 5536 ProfSvc - ok
21:56:28.0099 5536 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:28.0115 5536 ProtectedStorage - ok
21:56:28.0130 5536 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:56:28.0177 5536 Psched - ok
21:56:28.0224 5536 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
21:56:28.0239 5536 PxHelp20 - ok
21:56:28.0349 5536 QBCFMonitorService (933d92f0bd1d7a9835cd8a8b1235a11e) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
21:56:28.0349 5536 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
21:56:28.0349 5536 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
21:56:28.0427 5536 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
21:56:28.0427 5536 QBFCService ( UnsignedFile.Multi.Generic ) - warning
21:56:28.0427 5536 QBFCService - detected UnsignedFile.Multi.Generic (1)
21:56:28.0577 5536 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
21:56:28.0612 5536 QBVSS ( UnsignedFile.Multi.Generic ) - warning
21:56:28.0612 5536 QBVSS - detected UnsignedFile.Multi.Generic (1)
21:56:28.0790 5536 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:56:28.0835 5536 ql2300 - ok
21:56:28.0925 5536 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:56:28.0945 5536 ql40xx - ok
21:56:28.0977 5536 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:56:29.0025 5536 QWAVE - ok
21:56:29.0040 5536 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:56:29.0067 5536 QWAVEdrv - ok
21:56:29.0115 5536 radpms (b953369c5ef43615f1bfa9cea69fc9aa) C:\Windows\system32\DRIVERS\radpms.sys
21:56:29.0130 5536 radpms - ok
21:56:29.0150 5536 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:56:29.0187 5536 RasAcd - ok
21:56:29.0222 5536 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:56:29.0267 5536 RasAgileVpn - ok
21:56:29.0300 5536 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:56:29.0352 5536 RasAuto - ok
21:56:29.0370 5536 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:56:29.0417 5536 Rasl2tp - ok
21:56:29.0472 5536 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:56:29.0540 5536 RasMan - ok
21:56:29.0560 5536 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:56:29.0572 5536 RasPppoe - ok
21:56:29.0603 5536 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:56:29.0634 5536 RasSstp - ok
21:56:29.0666 5536 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:56:29.0728 5536 rdbss - ok
21:56:29.0744 5536 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:56:29.0775 5536 rdpbus - ok
21:56:29.0806 5536 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:56:29.0853 5536 RDPCDD - ok
21:56:29.0884 5536 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:56:29.0931 5536 RDPENCDD - ok
21:56:29.0946 5536 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:56:29.0962 5536 RDPREFMP - ok
21:56:29.0993 5536 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:56:30.0056 5536 RDPWD - ok
21:56:30.0102 5536 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:56:30.0118 5536 rdyboost - ok
21:56:30.0149 5536 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:56:30.0180 5536 RemoteAccess - ok
21:56:30.0209 5536 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:56:30.0259 5536 RemoteRegistry - ok
21:56:30.0321 5536 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:56:30.0379 5536 RFCOMM - ok
21:56:30.0419 5536 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:56:30.0456 5536 RpcEptMapper - ok
21:56:30.0476 5536 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:56:30.0511 5536 RpcLocator - ok
21:56:30.0561 5536 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:56:30.0589 5536 RpcSs - ok
21:56:30.0620 5536 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:56:30.0652 5536 rspndr - ok
21:56:30.0683 5536 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:56:30.0745 5536 RTL8167 - ok
21:56:30.0761 5536 RtNdPt60 (f2fec929e9fa9902f0bb52a4522068d4) C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:56:30.0792 5536 RtNdPt60 - ok
21:56:30.0808 5536 RTTEAMPT (d78d74c6ed83339910ccca7e68534222) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:56:30.0839 5536 RTTEAMPT - ok
21:56:30.0854 5536 RTVLANPT (e6472a4007fb17d27d4091abd657a291) C:\Windows\system32\DRIVERS\RtVlan60.sys
21:56:30.0901 5536 RTVLANPT - ok
21:56:30.0948 5536 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:30.0979 5536 SamSs - ok
21:56:31.0026 5536 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:56:31.0042 5536 sbp2port - ok
21:56:31.0073 5536 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:56:31.0104 5536 SCardSvr - ok
21:56:31.0151 5536 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:56:31.0198 5536 scfilter - ok
21:56:31.0260 5536 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:56:31.0334 5536 Schedule - ok
21:56:31.0366 5536 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:56:31.0399 5536 SCPolicySvc - ok
21:56:31.0444 5536 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:56:31.0504 5536 SDRSVC - ok
21:56:31.0531 5536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:56:31.0579 5536 secdrv - ok
21:56:31.0606 5536 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:56:31.0661 5536 seclogon - ok
21:56:31.0686 5536 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:56:31.0736 5536 SENS - ok
21:56:31.0761 5536 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:56:31.0766 5536 SensrSvc - ok
21:56:31.0782 5536 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:56:31.0813 5536 Serenum - ok
21:56:31.0844 5536 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:56:31.0875 5536 Serial - ok
21:56:31.0907 5536 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:56:31.0938 5536 sermouse - ok
21:56:31.0985 5536 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:56:32.0047 5536 SessionEnv - ok
21:56:32.0078 5536 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:56:32.0109 5536 sffdisk - ok
21:56:32.0125 5536 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

21:56:32.0141 5536 sffp_mmc - ok
21:56:32.0156 5536 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:56:32.0187 5536 sffp_sd - ok
21:56:32.0219 5536 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:56:32.0234 5536 sfloppy - ok
21:56:32.0265 5536 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:56:32.0312 5536 SharedAccess - ok
21:56:32.0359 5536 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:56:32.0406 5536 ShellHWDetection - ok
21:56:32.0437 5536 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:56:32.0453 5536 sisagp - ok
21:56:32.0468 5536 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:56:32.0484 5536 SiSRaid2 - ok
21:56:32.0499 5536 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:56:32.0499 5536 SiSRaid4 - ok
21:56:32.0531 5536 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:56:32.0546 5536 Smb - ok
21:56:32.0587 5536 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:56:32.0602 5536 SNMPTRAP - ok
21:56:32.0610 5536 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:56:32.0622 5536 spldr - ok
21:56:32.0677 5536 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:56:32.0745 5536 Spooler - ok
21:56:32.0935 5536 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:56:33.0020 5536 sppsvc - ok
21:56:33.0145 5536 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:56:33.0197 5536 sppuinotify - ok
21:56:33.0260 5536 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:56:33.0307 5536 srv - ok
21:56:33.0332 5536 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:56:33.0347 5536 srv2 - ok
21:56:33.0370 5536 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:56:33.0382 5536 srvnet - ok
21:56:33.0415 5536 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:56:33.0447 5536 SSDPSRV - ok
21:56:33.0460 5536 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:56:33.0495 5536 SstpSvc - ok
21:56:33.0520 5536 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:56:33.0532 5536 stexstor - ok
21:56:33.0560 5536 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
21:56:33.0582 5536 StillCam - ok
21:56:33.0629 5536 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:56:33.0660 5536 StiSvc - ok
21:56:33.0738 5536 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:56:33.0754 5536 stllssvr - ok
21:56:33.0785 5536 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:56:33.0816 5536 swenum - ok
21:56:33.0848 5536 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:56:33.0894 5536 swprv - ok
21:56:33.0988 5536 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:56:34.0050 5536 SysMain - ok
21:56:34.0082 5536 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:56:34.0113 5536 TabletInputService - ok
21:56:34.0160 5536 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:56:34.0222 5536 TapiSrv - ok
21:56:34.0253 5536 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:56:34.0284 5536 TBS - ok
21:56:34.0425 5536 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:56:34.0456 5536 Tcpip - ok
21:56:34.0612 5536 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:56:34.0643 5536 TCPIP6 - ok
21:56:34.0737 5536 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:56:34.0784 5536 tcpipreg - ok
21:56:34.0830 5536 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:56:34.0862 5536 TDPIPE - ok
21:56:34.0893 5536 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:56:34.0908 5536 TDTCP - ok
21:56:34.0940 5536 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:56:34.0986 5536 tdx - ok
21:56:35.0018 5536 TEAM (d78d74c6ed83339910ccca7e68534222) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:56:35.0033 5536 TEAM - ok
21:56:35.0064 5536 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:56:35.0096 5536 TermDD - ok
21:56:35.0142 5536 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:56:35.0189 5536 TermService - ok
21:56:35.0220 5536 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:56:35.0236 5536 Themes - ok
21:56:35.0292 5536 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:56:35.0329 5536 THREADORDER - ok
21:56:35.0377 5536 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:56:35.0447 5536 TrkWks - ok
21:56:35.0517 5536 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:56:35.0597 5536 TrustedInstaller - ok
21:56:35.0612 5536 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:56:35.0634 5536 tssecsrv - ok
21:56:35.0682 5536 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:56:35.0729 5536 TsUsbFlt - ok
21:56:35.0776 5536 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:56:35.0807 5536 tunnel - ok
21:56:35.0838 5536 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:56:35.0854 5536 uagp35 - ok
21:56:35.0901 5536 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:56:35.0963 5536 udfs - ok
21:56:35.0994 5536 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:56:36.0026 5536 UI0Detect - ok
21:56:36.0072 5536 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:56:36.0088 5536 uliagpkx - ok
21:56:36.0150 5536 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:56:36.0166 5536 umbus - ok
21:56:36.0197 5536 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:56:36.0228 5536 UmPass - ok
21:56:36.0260 5536 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:56:36.0291 5536 upnphost - ok
21:56:36.0322 5536 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:56:36.0353 5536 USBAAPL - ok
21:56:36.0400 5536 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
21:56:36.0431 5536 usbaudio - ok
21:56:36.0462 5536 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
21:56:36.0494 5536 usbccgp - ok
21:56:36.0540 5536 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:56:36.0572 5536 usbcir - ok
21:56:36.0587 5536 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:56:36.0603 5536 usbehci - ok
21:56:36.0643 5536 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:56:36.0673 5536 usbhub - ok
21:56:36.0693 5536 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
21:56:36.0726 5536 usbohci - ok
21:56:36.0746 5536 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:56:36.0761 5536 usbprint - ok
21:56:36.0798 5536 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:56:36.0831 5536 usbscan - ok
21:56:36.0871 5536 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:56:36.0906 5536 USBSTOR - ok
21:56:36.0926 5536 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:56:36.0938 5536 usbuhci - ok
21:56:37.0006 5536 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:56:37.0041 5536 usbvideo - ok
21:56:37.0068 5536 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:56:37.0118 5536 UxSms - ok
21:56:37.0148 5536 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:56:37.0161 5536 VaultSvc - ok
21:56:37.0203 5536 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:56:37.0223 5536 vdrvroot - ok
21:56:37.0278 5536 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:56:37.0321 5536 vds - ok
21:56:37.0346 5536 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:56:37.0368 5536 vga - ok
21:56:37.0383 5536 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:56:37.0421 5536 VgaSave - ok
21:56:37.0453 5536 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:56:37.0483 5536 vhdmp - ok
21:56:37.0536 5536 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:56:37.0556 5536 viaagp - ok
21:56:37.0568 5536 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:56:37.0593 5536 ViaC7 - ok
21:56:37.0593 5536 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:56:37.0609 5536 viaide - ok
21:56:37.0640 5536 VLAN (e6472a4007fb17d27d4091abd657a291) C:\Windows\system32\DRIVERS\RtVLAN60.sys
21:56:37.0640 5536 VLAN - ok
21:56:37.0734 5536 VNZIT - ok
21:56:37.0765 5536 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:56:37.0796 5536 volmgr - ok
21:56:37.0827 5536 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:56:37.0859 5536 volmgrx - ok
21:56:37.0890 5536 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:56:37.0921 5536 volsnap - ok
21:56:37.0952 5536 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:56:37.0983 5536 vsmraid - ok
21:56:38.0077 5536 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:56:38.0139 5536 VSS - ok
21:56:38.0155 5536 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:56:38.0186 5536 vwifibus - ok
21:56:38.0217 5536 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:56:38.0264 5536 W32Time - ok
21:56:38.0295 5536 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:56:38.0327 5536 WacomPen - ok
21:56:38.0373 5536 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:56:38.0420 5536 WANARP - ok
21:56:38.0420 5536 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:56:38.0436 5536 Wanarpv6 - ok
21:56:38.0572 5536 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:56:38.0610 5536 WatAdminSvc - ok
21:56:38.0797 5536 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:56:38.0922 5536 wbengine - ok
21:56:38.0953 5536 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:56:38.0984 5536 WbioSrvc - ok
21:56:39.0031 5536 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:56:39.0062 5536 wcncsvc - ok
21:56:39.0078 5536 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:56:39.0125 5536 WcsPlugInService - ok
21:56:39.0172 5536 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:56:39.0187 5536 Wd - ok
21:56:39.0223 5536 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:56:39.0251 5536 Wdf01000 - ok
21:56:39.0266 5536 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:56:39.0313 5536 WdiServiceHost - ok
21:56:39.0318 5536 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:56:39.0333 5536 WdiSystemHost - ok
21:56:39.0376 5536 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:56:39.0428 5536 WebClient - ok
21:56:39.0453 5536 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:56:39.0501 5536 Wecsvc - ok
21:56:39.0508 5536 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:56:39.0543 5536 wercplsupport - ok
21:56:39.0568 5536 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:56:39.0593 5536 WerSvc - ok
21:56:39.0621 5536 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:56:39.0646 5536 WfpLwf - ok
21:56:39.0658 5536 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:56:39.0671 5536 WIMMount - ok
21:56:39.0756 5536 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:56:39.0803 5536 WinDefend - ok
21:56:39.0803 5536 WinHttpAutoProxySvc - ok
21:56:39.0865 5536 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:56:39.0896 5536 Winmgmt - ok
21:56:39.0990 5536 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:56:40.0052 5536 WinRM - ok
21:56:40.0146 5536 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:56:40.0177 5536 WinUsb - ok
21:56:40.0255 5536 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:56:40.0286 5536 Wlansvc - ok
21:56:40.0317 5536 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:56:40.0317 5536 WmiAcpi - ok
21:56:40.0364 5536 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:56:40.0395 5536 wmiApSrv - ok
21:56:40.0520 5536 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:56:40.0551 5536 WMPNetworkSvc - ok
21:56:40.0664 5536 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:56:40.0707 5536 WPCSvc - ok
21:56:40.0747 5536 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:56:40.0809 5536 WPDBusEnum - ok
21:56:40.0834 5536 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:56:40.0879 5536 ws2ifsl - ok
21:56:40.0897 5536 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:56:40.0914 5536 wscsvc - ok
21:56:40.0917 5536 WSearch - ok
21:56:41.0042 5536 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:56:41.0094 5536 wuauserv - ok
21:56:41.0222 5536 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:56:41.0269 5536 WudfPf - ok
21:56:41.0285 5536 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:56:41.0332 5536 WUDFRd - ok
21:56:41.0378 5536 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:56:41.0410 5536 wudfsvc - ok
21:56:41.0441 5536 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:56:41.0472 5536 WwanSvc - ok
21:56:41.0503 5536 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:56:41.0768 5536 \Device\Harddisk0\DR0 - ok
21:56:41.0768 5536 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:56:41.0831 5536 \Device\Harddisk1\DR1 - ok
21:56:41.0831 5536 Boot (0x1200) (1dd5213d6b9553531742bca1f482e899) \Device\Harddisk0\DR0\Partition0
21:56:41.0831 5536 \Device\Harddisk0\DR0\Partition0 - ok
21:56:41.0862 5536 Boot (0x1200) (684cf6b56728a69dd244fd1d813ac8f5) \Device\Harddisk0\DR0\Partition1
21:56:41.0862 5536 \Device\Harddisk0\DR0\Partition1 - ok
21:56:41.0878 5536 Boot (0x1200) (e0cd749a6effe2c835a3722b062cdc29) \Device\Harddisk1\DR1\Partition0
21:56:41.0878 5536 \Device\Harddisk1\DR1\Partition0 - ok
21:56:41.0878 5536 ============================================================
21:56:41.0878 5536 Scan finished
21:56:41.0878 5536 ============================================================
21:56:41.0878 4280 Detected object count: 10
21:56:41.0878 4280 Actual detected object count: 10

21:56:58.0720 4280 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0720 4280 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0720 4280 FlyUsb ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0720 4280 FlyUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0720 4280 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0720 4280 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0735 4280 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0735 4280 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0735 4280 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0735 4280 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0735 4280 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0735 4280 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0735 4280 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0735 4280 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0735 4280 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0735 4280 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0735 4280 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0735 4280 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:58.0735 4280 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:58.0735 4280 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to ccolvard

I want to confirm the detects by TDSS Killer.

Please download and run RootRepeal. Post the log in this thread. You'll find links and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications


ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

The program will not run. Tried renaming, downloading into another folder and renaming and no go.

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x00429d13
Attempt to write to address: 0x005ec000

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x76f363f8
Attempt to read from address: 0x4e7306d2

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x76f363f8
Attempt to read from address: 0x4e7306d2



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to ccolvard

Ok, abandon RootRepeal and we'll check three of the files elsewhere. I'm not sure they are truly infected, but need to confirm or deny.

Please go to http://www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.


C:\Windows\system32\drivers\BVRPMPR5.SYS
C:\Windows\system32\DRIVERS\FlyUsb.sys
C:\Windows\system32\ListSvc.dll


Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

Expand your moderator at work

ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

Re: [Trojan] Google redirect then more all pc's on Uverse networ

What should be done next?



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to ccolvard

Thanks. I suspected as much. I want to do a scan with using Kaspersky rescue disk to eliminate any OS corruption.

The Kaspersky Rescue Disk is a bootable CD or USB based version of Kaspersky Antivirus.

You will find full instructions for download and use at the following links:

CD based: »support.kaspersky.com/faq/?qid=208282484

USB Based: »support.kaspersky.com/faq/?qid=208282163

Note: Please post the log (krd-log.txt) in your next reply
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

downloadKaspersky-Log.txt 40,476 bytes
Hi:

Here is the log file.


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

Objects Scan: completed 15 days ago (events: 56, objects: 1495167, time: 01:57:30)
5/24/12 3:27 PM Task completed
5/24/12 3:11 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 3:11 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 3:11 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 3:11 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 3:11 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 3:11 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 3:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 3:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 3:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 3:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 3:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 3:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 3:07 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 3:07 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
5/24/12 3:07 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 3:07 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 3:07 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
5/24/12 3:07 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 3:06 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 3:06 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 3:06 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 3:06 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 3:05 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 3:05 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 3:05 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 3:05 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 1:53 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 1:53 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 1:53 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 1:53 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 1:53 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 1:53 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 1:52 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 1:52 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 1:52 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 1:52 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 1:52 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 1:52 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 1:48 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/ThirdParty/DotNET35/dotnetmsp/x86/netfx3.0-kb948610-v6001-x86.msu Read error
5/24/12 1:48 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/ThirdParty/DotNET35/dotnetmsp/x86/netfx3.0-kb948610-v6001-x86.msu/WSUSSCAN.cab Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 1:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 1:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 1:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 1:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 1:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 1:29 PM Task started
Objects Scan: completed 15 days ago (events: 40, objects: 1723034, time: 02:17:13)
5/24/12 6:21 PM Task completed
5/24/12 5:57 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
5/24/12 5:57 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 5:57 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
5/24/12 5:57 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 5:56 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 5:56 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 5:48 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 5:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 5:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 5:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 5:47 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 5:10 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 5:01 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 5:00 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 5:00 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 5:00 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 5:00 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 4:04 PM Task started
Objects Scan: completed 14 days ago (events: 50, objects: 1467517, time: 02:01:56)
5/24/12 11:08 PM Task completed
5/24/12 10:47 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 10:47 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:47 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 10:47 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 10:47 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 10:47 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 10:46 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 10:46 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 10:46 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:46 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 10:46 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 10:46 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 10:42 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 10:41 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:41 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 10:41 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 10:41 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 10:08 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 10:04 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
5/24/12 10:04 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:04 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
5/24/12 10:04 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
5/24/12 10:03 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
5/24/12 9:06 PM Task started
Objects Scan: completed 1 hour ago (events: 60, objects: 3701994, time: 04:56:03)
6/8/12 1:55 PM Task started
6/8/12 2:25 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
6/8/12 2:25 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
6/8/12 2:25 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
6/8/12 2:25 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
6/8/12 2:25 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/zrush_shiprush4_qb.ocx Read error
6/8/12 2:25 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2288-002.dmg Read error
6/8/12 2:25 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
6/8/12 2:26 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
6/8/12 2:26 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
6/8/12 2:26 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
6/8/12 2:26 PM Processing error C:/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
6/8/12 2:35 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
6/8/12 2:35 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
6/8/12 2:35 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
6/8/12 2:35 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
6/8/12 2:37 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
6/8/12 2:37 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
6/8/12 2:37 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
6/8/12 2:37 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
6/8/12 2:38 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/Documents/Downloads/Downloads.rar Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw/038-1421-004.dmg Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.3_8J3_Restore.ipsw Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw/038-2272-002.dmg Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_4.3.5_8L1_Restore.ipsw Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw/038-1767-167.dmg Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPad Software Updates/iPad1,1_5.1_9B176_Restore.ipsw Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw/038-1423-003.dmg Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.3_8J2_Restore.ipsw Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw/038-2265-002.dmg Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone1,2_4.2.1_8C148_Restore.ipsw/038-0015-002.dmg Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_4.3.5_8L1_Restore.ipsw Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone1,2_4.2.1_8C148_Restore.ipsw Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
6/8/12 3:34 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
6/8/12 3:43 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw/018-7879-364.dmg Read error
6/8/12 3:43 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw/038-4292-008.dmg Read error
6/8/12 3:43 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.1.1_9B206_Restore.ipsw Read error
6/8/12 3:43 PM Processing error /mnt/MountedDevices/PD-2BD2C32A-00000001FDE00000/Users/Sharon/AppData/Roaming/Apple Computer/iTunes/iPhone Software Updates/iPhone3,1_5.0_9A334_Restore.ipsw Read error
6/8/12 4:07 PM Processing error Z:/SHARON7/Backup Set 2011-10-30 190005/Backup Files 2011-10-30 190005/Backup files 24.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 4:07 PM Processing error Z:/SHARON7/Backup Set 2011-10-30 190005/Backup Files 2011-10-30 190005/Backup files 24.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 4:07 PM Processing error Z:/SHARON7/Backup Set 2011-10-30 190005/Backup Files 2011-10-30 190005/Backup files 24.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 30.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 27.zip/C/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/qbformhelp.chm Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 27.zip/C/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/DIRECTD.PDF Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 27.zip/C/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/zrush_shiprush4_qb.ocx Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 27.zip/C/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/afterinstall_acc.swf Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 27.zip/C/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/afterinstall_es.swf Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 27.zip/C/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/ccpkimpost.swf Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 27.zip/C/Users/Sharon/Documents/Downloads/QuickBooksPro2010.exe/QBooks/data1.cab/NozHelp.chm Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 30.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 4:28 PM Processing error Z:/SHARON7/Backup Set 2011-12-04 190005/Backup Files 2011-12-04 190005/Backup files 30.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa Read error
6/8/12 5:50 PM Processing error Z:/SHARON7/Backup Set 2012-03-18 190005/Backup Files 2012-03-18 190005/Backup files 31.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 5:50 PM Processing error Z:/SHARON7/Backup Set 2012-03-18 190005/Backup Files 2012-03-18 190005/Backup files 31.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 5:50 PM Processing error Z:/SHARON7/Backup Set 2012-03-18 190005/Backup Files 2012-03-18 190005/Backup files 31.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa Read error
6/8/12 6:18 PM Processing error Z:/SHARON7/Backup Set 2012-05-07 090606/Backup Files 2012-05-07 090606/Backup files 32.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 6:18 PM Processing error Z:/SHARON7/Backup Set 2012-05-07 090606/Backup Files 2012-05-07 090606/Backup files 32.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa/Payload/FeedMe-Release-EN-US-svn8152.app/Data/sharedassets0.assets Read error
6/8/12 6:18 PM Processing error Z:/SHARON7/Backup Set 2012-05-07 090606/Backup Files 2012-05-07 090606/Backup files 32.zip/C/Users/Sharon/Music/iTunes/Mobile Applications/Feed Me! 2.0.ipa Read error
6/8/12 6:51 PM Task completed
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to ccolvard

Thanks for the Kaspersky log. I'm not seeing any signs of malware in what we have done so far.

On the redirect, is it everytime you search using Google?

Does it go to the same site, or type of site?

Does it affect all browsers?

Any other symptoms, beyond the redirect?
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


ccolvard

join:2012-06-06
Dallas, TX
reply to ccolvard

Hi:

Yes, the redirect was solved at least most of the time by switching to mcafee and encrypted google search.

The other symptoms are many srvhost.exe sessions running, some connect outside of network IP range, many TCP connections to unknown addresses. Seems to do this after being online for several hours (not at first).

Don't seem to be able to run win update all the time, fails.

Other issues shrinking size (or resolution of screen) and automatic shut down when I start suspending the srvhost processes.

Mcafee shows trojan detects, then no quarantine or ability to find again.



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to ccolvard

You may be dealing with a combination of issues and I'm no sure they are all malware related. Some may be hardware related but there is no way to tell currently.

A high number of svchost.exe in the Task Manager is not unusual for Windows 7. I have seen over ten on my computer. Not all are necessarily using the internet.

Your best option is to reformat and re-install. Do a full reformat, not the 'quickee' version. Make sure you backup all your data first.

A fresh start will give you a reference point to eliminate, or include, hardware as a possible source.

Let me know your choice. If you decide against reformatting, we need to cleanup regardless of the next step.