Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan crypt.aqlw & sirefef.er


  • This topic is locked This topic is locked
43 replies to this topic

#1 parishale

parishale

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 05 March 2012 - 07:20 PM

I followed the instructions per link below

http://www.bleepingcomputer.com/forums/topic445179.html

I could not download DDS step 7(nothing happens when I click on the "download now" button.
so I went to step 8, performed the scan which I have pasted below.
Please tell me how I can remove these viruses. My computer only runs in safe mode at the moment


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-05 16:11:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC46
Running: pg8hftv2.exe; Driver: C:\Users\Parisa\AppData\Local\Temp\kwdiapod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\System32\DRIVERS\netbt.sys section is writeable [0x93210000, 0x99B2, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtProtectVirtualMemory 77CE4BA4 5 Bytes JMP 00E4000A
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 77CE54E4 5 Bytes JMP 00E5000A
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!KiUserExceptionDispatcher 77CE5C28 5 Bytes JMP 00E3000A
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtCreateFile + 6 77CE424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtCreateFile + B 77CE424F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtMapViewOfSection + 6 77CE499A 1 Byte [28]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtMapViewOfSection + 6 77CE499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtMapViewOfSection + B 77CE499F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenFile + 6 77CE4A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenFile + B 77CE4A2F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcess + 6 77CE4AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcess + B 77CE4AAF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcessToken + B 77CE4ABF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenProcessTokenEx + B 77CE4ACF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThread + 6 77CE4B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThread + B 77CE4B1F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThreadToken + 6 77CE4B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThreadToken + B 77CE4B2F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtOpenThreadTokenEx + B 77CE4B3F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtQueryAttributesFile + 6 77CE4BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtQueryAttributesFile + B 77CE4BCF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtQueryFullAttributesFile + B 77CE4C7F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationFile + 6 77CE515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationFile + B 77CE515F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationThread + 6 77CE51AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtSetInformationThread + B 77CE51AF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtUnmapViewOfSection + 6 77CE544A 1 Byte [68]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtUnmapViewOfSection + 6 77CE544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1104] ntdll.dll!NtUnmapViewOfSection + B 77CE544F 1 Byte [E2]
.text C:\Windows\System32\ping.exe[1280] ntdll.dll!NtCreateProcess 77CE4304 5 Bytes JMP 0023000A
.text C:\Windows\System32\ping.exe[1280] ntdll.dll!NtCreateProcessEx 77CE4314 5 Bytes JMP 008F000A
.text C:\Windows\System32\ping.exe[1280] ntdll.dll!NtProtectVirtualMemory 77CE4BA4 5 Bytes JMP 000E000A
.text C:\Windows\System32\ping.exe[1280] ntdll.dll!NtWriteVirtualMemory 77CE54E4 5 Bytes JMP 000F000A
.text C:\Windows\System32\ping.exe[1280] ntdll.dll!NtCreateUserProcess 77CE5674 5 Bytes JMP 0094000A
.text C:\Windows\System32\ping.exe[1280] ntdll.dll!KiUserExceptionDispatcher 77CE5C28 5 Bytes JMP 000D000A
.text C:\Windows\System32\ping.exe[1280] USER32.dll!WindowFromPoint 77DB884F 5 Bytes JMP 009D000A
.text C:\Windows\System32\ping.exe[1280] USER32.dll!GetForegroundWindow 77DC32C4 5 Bytes JMP 00A2000A
.text C:\Windows\System32\ping.exe[1280] USER32.dll!GetCursorPos 77DD0B88 5 Bytes JMP 009C000A
.text C:\Windows\System32\ping.exe[1280] ole32.dll!CoCreateInstance 777E9F3E 5 Bytes JMP 0097000A
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtCreateFile + 6 77CE424A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtCreateFile + B 77CE424F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + 6 77CE499A 1 Byte [28]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + 6 77CE499A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtMapViewOfSection + B 77CE499F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenFile + 6 77CE4A2A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenFile + B 77CE4A2F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcess + 6 77CE4AAA 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcess + B 77CE4AAF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessToken + B 77CE4ABF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4ACA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenProcessTokenEx + B 77CE4ACF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThread + 6 77CE4B1A 4 Bytes [68, 01, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThread + B 77CE4B1F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadToken + 6 77CE4B2A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadToken + B 77CE4B2F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtOpenThreadTokenEx + B 77CE4B3F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryAttributesFile + 6 77CE4BCA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryAttributesFile + B 77CE4BCF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtQueryFullAttributesFile + B 77CE4C7F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationFile + 6 77CE515A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationFile + B 77CE515F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationThread + 6 77CE51AA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtSetInformationThread + B 77CE51AF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + 6 77CE544A 1 Byte [68]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + 6 77CE544A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1380] ntdll.dll!NtUnmapViewOfSection + B 77CE544F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtCreateFile + 6 77CE424A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtCreateFile + B 77CE424F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtMapViewOfSection + 6 77CE499A 1 Byte [28]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtMapViewOfSection + 6 77CE499A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtMapViewOfSection + B 77CE499F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenFile + 6 77CE4A2A 4 Bytes [68, 00, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenFile + B 77CE4A2F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenProcess + 6 77CE4AAA 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenProcess + B 77CE4AAF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenProcessToken + B 77CE4ABF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenProcessTokenEx + 6 77CE4ACA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenProcessTokenEx + B 77CE4ACF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenThread + 6 77CE4B1A 4 Bytes [68, 01, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenThread + B 77CE4B1F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenThreadToken + 6 77CE4B2A 4 Bytes [68, 02, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenThreadToken + B 77CE4B2F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtOpenThreadTokenEx + B 77CE4B3F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtQueryAttributesFile + 6 77CE4BCA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtQueryAttributesFile + B 77CE4BCF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtQueryFullAttributesFile + B 77CE4C7F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtSetInformationFile + 6 77CE515A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtSetInformationFile + B 77CE515F 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtSetInformationThread + 6 77CE51AA 4 Bytes [28, 02, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtSetInformationThread + B 77CE51AF 1 Byte [E2]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtUnmapViewOfSection + 6 77CE544A 1 Byte [68]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtUnmapViewOfSection + 6 77CE544A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe[1620] ntdll.dll!NtUnmapViewOfSection + B 77CE544F 1 Byte [E2]

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 807C0000-807E1000 (135168 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\System32\ping.exe (*** hidden *** ) 1280

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB37602$\2425043006 0 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237 0 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\@ 2048 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\cfg.ini 245 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\L 0 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\L\qnbwvoto 185856 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\oemid 189 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\U 0 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\U\80000032.@ 73216 bytes
File C:\Windows\$NtUninstallKB37602$\2957976237\version 858 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L1V7BTG\afr[2].htm 1503 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L1V7BTG\ajs[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L1V7BTG\younghollywood[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L1V7BTG\load[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L1V7BTG\like[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6L1V7BTG\net[1].htm 130 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\fetch_jquery_video[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\fetch_jquery_video[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\fetch_video[1].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\fw-nonplayer-banner[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\fw-nonplayer-banner[3].htm 1311 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\passback.c.r[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\adholder[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZYQPWS\load[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\afr[7].htm 1503 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\afr[8].htm 1503 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\pixel_static[1].js 1853 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\fastbutton[1].htm 4668 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\st[1] 5159 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\AdaptvAdserverVastVideo[1].swf 48980 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\fetch_video[1].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\younghollywood_com[1].htm 110181 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\YTemCoyeKWxPANrnqk4FNsD51hlrDpVXemZlmBPNsEBJbQPvijYK8ftyw6YfJhLf4IAMWNB_j2xkn4mr[1].htm 48907 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVAOJAME\logCAANC531.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6DYDMG47.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PTGZHLGW.txt 870 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QDHNREL6.txt 6492 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LX6A4TSC.txt 1130 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\00KDIB6A.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4IXEBL52.txt 115 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FHAF369X.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2J46TTGZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YQ3LBK1E.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RUF4TI4M.txt 356 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RYOGXMD5.txt 465 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NKA6AMUL.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HAAEZEND.txt 371 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1O5C732N.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5D1RKYDL.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C2A3E84L.txt 273 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V5DQRQ0R.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V9K4JBHJ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KKU5HM7Y.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EVF1I29U.txt 874 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WTYBQ3OS.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\O4Y6OGC6.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OHA635MO.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ZQYHY8AR.txt 490 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QQH50AF6.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RBP9FOBR.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RFKQGDDS.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9UA93CJ9.txt 101 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9ULC99ML.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ST936K0Z.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\SVS1F93P.txt 102 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CWMTX3R3.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UMINP17Q.txt 472 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\UUR7NS4F.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P75P9AUN.txt 834 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XNRRXE01.txt 1118 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JTWVI255.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\E3LSI06X.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7GSBJZS3.txt 362 bytes
File C:\Windows\Temp\fla8216.tmp 1198847 bytes
File C:\Windows\Temp\flaCF5D.tmp 1924716 bytes
File C:\Windows\Temp\flaD892.tmp 1978341 bytes
File C:\Windows\Temp\flaE6BA.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  ark.txt   42.31KB   2 downloads


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 AM

Posted 06 March 2012 - 02:05 AM

Hello parishale and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Edited by SweetTech, 06 March 2012 - 02:06 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 06 March 2012 - 01:10 PM

Hello,
1. When I ran TDSSKiller it instructed me to "cure" and rebooted. Yesterday my Chrome was redirecting me away and to a yellow page site whenever I was looking for a malware solution. You said that my computer may not be 100% safe for online banking. How can I ensure for it to be safe?
I also have 2 questions which I will title as "A" and "B":
A. DO I need to worry about Identity theft even though as soon as my computer got the virus (I know exactly when it got it because I downloaded an unsafe file) I made sure to not log in into anything. I did do online banking a couple of hours before. should I be worried?
B. I uninstalled AVG free edition and downloaded norton trial. Once the computer is safe can I go back to AVG?

here are the reports.
2.

09:20:19.0464 1508 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
09:20:20.0029 1508 ============================================================
09:20:20.0029 1508 Current date / time: 2012/03/06 09:20:20.0029
09:20:20.0029 1508 SystemInfo:
09:20:20.0029 1508
09:20:20.0029 1508 OS Version: 6.0.6002 ServicePack: 2.0
09:20:20.0029 1508 Product type: Workstation
09:20:20.0029 1508 ComputerName: PARISA-PC
09:20:20.0029 1508 UserName: Parisa
09:20:20.0029 1508 Windows directory: C:\Windows
09:20:20.0029 1508 System windows directory: C:\Windows
09:20:20.0029 1508 Processor architecture: Intel x86
09:20:20.0029 1508 Number of processors: 2
09:20:20.0029 1508 Page size: 0x1000
09:20:20.0030 1508 Boot type: Safe boot with network
09:20:20.0030 1508 ============================================================
09:20:20.0972 1508 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:20:21.0011 1508 \Device\Harddisk0\DR0:
09:20:21.0011 1508 MBR used
09:20:21.0011 1508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
09:20:21.0026 1508 Initialize success
09:20:21.0026 1508 ============================================================
09:21:11.0767 1312 ============================================================
09:21:11.0767 1312 Scan started
09:21:11.0767 1312 Mode: Manual; SigCheck; TDLFS;
09:21:11.0767 1312 ============================================================
09:21:12.0906 1312 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:21:12.0988 1312 ACPI - ok
09:21:13.0033 1312 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:21:13.0052 1312 adp94xx - ok
09:21:13.0072 1312 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:21:13.0084 1312 adpahci - ok
09:21:13.0102 1312 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:21:13.0111 1312 adpu160m - ok
09:21:13.0136 1312 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:21:13.0146 1312 adpu320 - ok
09:21:13.0238 1312 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:21:13.0286 1312 AFD - ok
09:21:13.0320 1312 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:21:13.0328 1312 agp440 - ok
09:21:13.0368 1312 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:21:13.0377 1312 aic78xx - ok
09:21:13.0405 1312 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
09:21:13.0413 1312 aliide - ok
09:21:13.0434 1312 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:21:13.0443 1312 amdagp - ok
09:21:13.0458 1312 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
09:21:13.0467 1312 amdide - ok
09:21:13.0507 1312 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:21:13.0572 1312 AmdK7 - ok
09:21:13.0591 1312 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:21:13.0666 1312 AmdK8 - ok
09:21:13.0697 1312 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:21:13.0697 1312 arc - ok
09:21:13.0728 1312 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:21:13.0744 1312 arcsas - ok
09:21:13.0806 1312 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:21:13.0837 1312 AsyncMac - ok
09:21:13.0884 1312 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:21:13.0900 1312 atapi - ok
09:21:13.0947 1312 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
09:21:14.0009 1312 athrusb - ok
09:21:14.0118 1312 BCM43XV (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:21:14.0165 1312 BCM43XV - ok
09:21:14.0211 1312 BCM43XX (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:21:14.0253 1312 BCM43XX - ok
09:21:14.0312 1312 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:21:14.0366 1312 Beep - ok
09:21:14.0709 1312 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
09:21:14.0756 1312 BHDrvx86 - ok
09:21:14.0802 1312 blbdrive - ok
09:21:14.0857 1312 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:21:14.0878 1312 bowser - ok
09:21:14.0904 1312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:21:14.0931 1312 BrFiltLo - ok
09:21:14.0942 1312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:21:14.0989 1312 BrFiltUp - ok
09:21:15.0028 1312 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:21:15.0085 1312 Brserid - ok
09:21:15.0104 1312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:21:15.0155 1312 BrSerWdm - ok
09:21:15.0188 1312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:21:15.0251 1312 BrUsbMdm - ok
09:21:15.0266 1312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:21:15.0313 1312 BrUsbSer - ok
09:21:15.0344 1312 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:21:15.0407 1312 BTHMODEM - ok
09:21:15.0516 1312 ccSet_NIS (2b2f9b4a08190334a9c36446b208bae9) C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys
09:21:15.0531 1312 ccSet_NIS - ok
09:21:15.0547 1312 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:21:15.0609 1312 cdfs - ok
09:21:15.0641 1312 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:21:15.0656 1312 cdrom - ok
09:21:15.0687 1312 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:21:15.0734 1312 circlass - ok
09:21:15.0759 1312 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:21:15.0773 1312 CLFS - ok
09:21:15.0819 1312 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
09:21:15.0827 1312 cmdide - ok
09:21:15.0839 1312 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:21:15.0847 1312 Compbatt - ok
09:21:15.0878 1312 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:21:15.0885 1312 crcdisk - ok
09:21:15.0914 1312 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:21:15.0970 1312 Crusoe - ok
09:21:16.0073 1312 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:21:16.0086 1312 DfsC - ok
09:21:16.0149 1312 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:21:16.0159 1312 disk - ok
09:21:16.0203 1312 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
09:21:16.0210 1312 DLABMFSM - ok
09:21:16.0228 1312 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
09:21:16.0234 1312 DLABOIOM - ok
09:21:16.0241 1312 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
09:21:16.0247 1312 DLACDBHM - ok
09:21:16.0261 1312 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
09:21:16.0267 1312 DLADResM - ok
09:21:16.0284 1312 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
09:21:16.0292 1312 DLAIFS_M - ok
09:21:16.0306 1312 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
09:21:16.0312 1312 DLAOPIOM - ok
09:21:16.0320 1312 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
09:21:16.0334 1312 DLAPoolM - ok
09:21:16.0354 1312 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
09:21:16.0360 1312 DLARTL_M - ok
09:21:16.0416 1312 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
09:21:16.0423 1312 DLAUDFAM - ok
09:21:16.0431 1312 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
09:21:16.0439 1312 DLAUDF_M - ok
09:21:16.0496 1312 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:21:16.0526 1312 Dot4 - ok
09:21:16.0550 1312 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:21:16.0572 1312 Dot4Print - ok
09:21:16.0583 1312 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:21:16.0606 1312 dot4usb - ok
09:21:16.0652 1312 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:21:16.0678 1312 drmkaud - ok
09:21:16.0686 1312 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
09:21:16.0694 1312 DRVMCDB - ok
09:21:16.0726 1312 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
09:21:16.0733 1312 DRVNDDM - ok
09:21:16.0816 1312 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:21:16.0836 1312 DXGKrnl - ok
09:21:16.0908 1312 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
09:21:16.0917 1312 e1express - ok
09:21:16.0948 1312 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:21:16.0997 1312 E1G60 - ok
09:21:17.0042 1312 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:21:17.0054 1312 Ecache - ok
09:21:17.0085 1312 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:21:17.0098 1312 elxstor - ok
09:21:17.0148 1312 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:21:17.0177 1312 exfat - ok
09:21:17.0211 1312 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:21:17.0241 1312 fastfat - ok
09:21:17.0257 1312 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:21:17.0279 1312 fdc - ok
09:21:17.0300 1312 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:21:17.0309 1312 FileInfo - ok
09:21:17.0343 1312 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:21:17.0376 1312 Filetrace - ok
09:21:17.0392 1312 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:21:17.0430 1312 flpydisk - ok
09:21:17.0445 1312 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:21:17.0457 1312 FltMgr - ok
09:21:17.0501 1312 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
09:21:17.0509 1312 fssfltr - ok
09:21:17.0527 1312 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:21:17.0544 1312 Fs_Rec - ok
09:21:17.0572 1312 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:21:17.0581 1312 gagp30kx - ok
09:21:17.0634 1312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:21:17.0639 1312 GEARAspiWDM - ok
09:21:17.0676 1312 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:21:17.0718 1312 HdAudAddService - ok
09:21:17.0773 1312 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:21:17.0808 1312 HDAudBus - ok
09:21:17.0843 1312 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:21:17.0894 1312 HidBth - ok
09:21:17.0909 1312 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:21:17.0963 1312 HidIr - ok
09:21:18.0004 1312 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:21:18.0040 1312 HidUsb - ok
09:21:18.0060 1312 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:21:18.0068 1312 HpCISSs - ok
09:21:18.0120 1312 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:21:18.0154 1312 HTTP - ok
09:21:18.0189 1312 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:21:18.0197 1312 i2omp - ok
09:21:18.0264 1312 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:21:18.0312 1312 i8042prt - ok
09:21:18.0343 1312 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:21:18.0343 1312 iaStorV - ok
09:21:18.0593 1312 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120303.003\IDSvix86.sys
09:21:18.0608 1312 IDSVix86 - ok
09:21:18.0686 1312 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:21:18.0780 1312 igfx - ok
09:21:18.0811 1312 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:21:18.0811 1312 iirsp - ok
09:21:18.0882 1312 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
09:21:18.0952 1312 IntcAzAudAddService - ok
09:21:18.0994 1312 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
09:21:19.0001 1312 intelide - ok
09:21:19.0030 1312 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:21:19.0071 1312 intelppm - ok
09:21:19.0126 1312 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:21:19.0153 1312 IpFilterDriver - ok
09:21:19.0159 1312 IpInIp - ok
09:21:19.0181 1312 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:21:19.0227 1312 IPMIDRV - ok
09:21:19.0263 1312 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:21:19.0286 1312 IPNAT - ok
09:21:19.0348 1312 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:21:19.0378 1312 IRENUM - ok
09:21:19.0405 1312 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:21:19.0413 1312 isapnp - ok
09:21:19.0454 1312 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:21:19.0464 1312 iScsiPrt - ok
09:21:19.0488 1312 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:21:19.0497 1312 iteatapi - ok
09:21:19.0515 1312 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:21:19.0523 1312 iteraid - ok
09:21:19.0559 1312 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:21:19.0568 1312 kbdclass - ok
09:21:19.0619 1312 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:21:19.0654 1312 kbdhid - ok
09:21:19.0690 1312 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
09:21:19.0709 1312 KSecDD - ok
09:21:19.0770 1312 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:21:19.0804 1312 lltdio - ok
09:21:19.0866 1312 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:21:19.0881 1312 LSI_FC - ok
09:21:19.0897 1312 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:21:19.0897 1312 LSI_SAS - ok
09:21:19.0944 1312 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:21:19.0959 1312 LSI_SCSI - ok
09:21:19.0990 1312 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:21:20.0053 1312 luafv - ok
09:21:20.0100 1312 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:21:20.0100 1312 megasas - ok
09:21:20.0115 1312 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:21:20.0146 1312 Modem - ok
09:21:20.0178 1312 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:21:20.0209 1312 monitor - ok
09:21:20.0224 1312 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:21:20.0240 1312 mouclass - ok
09:21:20.0271 1312 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:21:20.0302 1312 mouhid - ok
09:21:20.0334 1312 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:21:20.0334 1312 MountMgr - ok
09:21:20.0349 1312 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:21:20.0365 1312 mpio - ok
09:21:20.0381 1312 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:21:20.0388 1312 mpsdrv - ok
09:21:20.0403 1312 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:21:20.0411 1312 Mraid35x - ok
09:21:20.0454 1312 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:21:20.0467 1312 MRxDAV - ok
09:21:20.0518 1312 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:21:20.0542 1312 mrxsmb - ok
09:21:20.0594 1312 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:21:20.0609 1312 mrxsmb10 - ok
09:21:20.0627 1312 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:21:20.0651 1312 mrxsmb20 - ok
09:21:20.0671 1312 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
09:21:20.0679 1312 msahci - ok
09:21:20.0714 1312 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:21:20.0724 1312 msdsm - ok
09:21:20.0783 1312 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:21:20.0813 1312 Msfs - ok
09:21:20.0830 1312 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:21:20.0838 1312 msisadrv - ok
09:21:20.0884 1312 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:21:20.0915 1312 MSKSSRV - ok
09:21:20.0928 1312 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:21:20.0962 1312 MSPCLOCK - ok
09:21:20.0984 1312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:21:21.0006 1312 MSPQM - ok
09:21:21.0029 1312 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:21:21.0041 1312 MsRPC - ok
09:21:21.0069 1312 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:21:21.0077 1312 mssmbios - ok
09:21:21.0095 1312 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:21:21.0128 1312 MSTEE - ok
09:21:21.0167 1312 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:21:21.0177 1312 Mup - ok
09:21:21.0234 1312 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:21:21.0247 1312 NativeWifiP - ok
09:21:21.0435 1312 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\NAVENG.SYS
09:21:21.0435 1312 NAVENG - ok
09:21:21.0497 1312 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\NAVEX15.SYS
09:21:21.0544 1312 NAVEX15 - ok
09:21:21.0591 1312 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:21:21.0606 1312 NDIS - ok
09:21:21.0653 1312 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:21:21.0684 1312 NdisTapi - ok
09:21:21.0731 1312 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:21:21.0747 1312 Ndisuio - ok
09:21:21.0809 1312 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:21:21.0856 1312 NdisWan - ok
09:21:21.0887 1312 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:21:21.0918 1312 NDProxy - ok
09:21:21.0935 1312 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:21:21.0961 1312 NetBIOS - ok
09:21:22.0003 1312 netbt (058807155d0e071005c09e3f79d41691) C:\Windows\system32\DRIVERS\netbt.sys
09:21:22.0004 1312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 058807155d0e071005c09e3f79d41691, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6
09:21:22.0005 1312 netbt ( Virus.Win32.ZAccess.aml ) - infected
09:21:22.0005 1312 netbt - detected Virus.Win32.ZAccess.aml (0)
09:21:22.0051 1312 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:21:22.0060 1312 nfrd960 - ok
09:21:22.0101 1312 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:21:22.0118 1312 Npfs - ok
09:21:22.0159 1312 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:21:22.0195 1312 nsiproxy - ok
09:21:22.0251 1312 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:21:22.0298 1312 Ntfs - ok
09:21:22.0316 1312 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:21:22.0361 1312 ntrigdigi - ok
09:21:22.0385 1312 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:21:22.0408 1312 Null - ok
09:21:22.0427 1312 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
09:21:22.0439 1312 nvraid - ok
09:21:22.0457 1312 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
09:21:22.0466 1312 nvstor - ok
09:21:22.0478 1312 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:21:22.0488 1312 nv_agp - ok
09:21:22.0494 1312 NwlnkFlt - ok
09:21:22.0506 1312 NwlnkFwd - ok
09:21:22.0549 1312 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:21:22.0587 1312 ohci1394 - ok
09:21:22.0639 1312 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:21:22.0696 1312 Parport - ok
09:21:22.0719 1312 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:21:22.0729 1312 partmgr - ok
09:21:22.0753 1312 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:21:22.0798 1312 Parvdm - ok
09:21:22.0848 1312 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:21:22.0859 1312 pci - ok
09:21:22.0869 1312 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:21:22.0878 1312 pciide - ok
09:21:22.0902 1312 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:21:22.0913 1312 pcmcia - ok
09:21:22.0957 1312 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:21:23.0020 1312 PEAUTH - ok
09:21:23.0082 1312 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:21:23.0113 1312 PptpMiniport - ok
09:21:23.0129 1312 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:21:23.0176 1312 Processor - ok
09:21:23.0222 1312 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:21:23.0254 1312 PSched - ok
09:21:23.0285 1312 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
09:21:23.0285 1312 PxHelp20 - ok
09:21:23.0347 1312 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:21:23.0378 1312 ql2300 - ok
09:21:23.0425 1312 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:21:23.0425 1312 ql40xx - ok
09:21:23.0472 1312 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:21:23.0489 1312 QWAVEdrv - ok
09:21:23.0504 1312 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:21:23.0528 1312 RasAcd - ok
09:21:23.0552 1312 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:21:23.0579 1312 Rasl2tp - ok
09:21:23.0622 1312 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:21:23.0652 1312 RasPppoe - ok
09:21:23.0697 1312 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:21:23.0723 1312 RasSstp - ok
09:21:23.0758 1312 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:21:23.0778 1312 rdbss - ok
09:21:23.0785 1312 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:21:23.0807 1312 RDPCDD - ok
09:21:23.0839 1312 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:21:23.0894 1312 rdpdr - ok
09:21:23.0902 1312 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:21:23.0923 1312 RDPENCDD - ok
09:21:23.0978 1312 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:21:23.0998 1312 RDPWD - ok
09:21:24.0008 1312 rlidxbn - ok
09:21:24.0071 1312 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:21:24.0093 1312 rspndr - ok
09:21:24.0159 1312 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:21:24.0166 1312 SASDIFSV - ok
09:21:24.0181 1312 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:21:24.0188 1312 SASKUTIL - ok
09:21:24.0211 1312 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:21:24.0222 1312 sbp2port - ok
09:21:24.0264 1312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:21:24.0312 1312 secdrv - ok
09:21:24.0336 1312 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:21:24.0374 1312 Serenum - ok
09:21:24.0399 1312 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:21:24.0456 1312 Serial - ok
09:21:24.0511 1312 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:21:24.0542 1312 sermouse - ok
09:21:24.0558 1312 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:21:24.0604 1312 sffdisk - ok
09:21:24.0620 1312 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:21:24.0651 1312 sffp_mmc - ok
09:21:24.0682 1312 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:21:24.0714 1312 sffp_sd - ok
09:21:24.0745 1312 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:21:24.0776 1312 sfloppy - ok
09:21:24.0807 1312 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:21:24.0807 1312 sisagp - ok
09:21:24.0823 1312 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:21:24.0838 1312 SiSRaid2 - ok
09:21:24.0870 1312 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:21:24.0870 1312 SiSRaid4 - ok
09:21:24.0901 1312 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:21:24.0932 1312 Smb - ok
09:21:24.0963 1312 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:21:24.0963 1312 spldr - ok
09:21:25.0070 1312 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS
09:21:25.0090 1312 SRTSP - ok
09:21:25.0128 1312 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS
09:21:25.0134 1312 SRTSPX - ok
09:21:25.0159 1312 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:21:25.0197 1312 srv - ok
09:21:25.0224 1312 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:21:25.0236 1312 srv2 - ok
09:21:25.0244 1312 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:21:25.0257 1312 srvnet - ok
09:21:25.0334 1312 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:21:25.0341 1312 swenum - ok
09:21:25.0352 1312 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:21:25.0360 1312 Symc8xx - ok
09:21:25.0404 1312 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1301000.01C\SYMDS.SYS
09:21:25.0418 1312 SymDS - ok
09:21:25.0518 1312 SymEFA (a0c7005387bb6f055bb50bd8e779368b) C:\Windows\system32\drivers\NIS\1301000.01C\SYMEFA.SYS
09:21:25.0547 1312 SymEFA - ok
09:21:25.0612 1312 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:21:25.0620 1312 SymEvent - ok
09:21:25.0649 1312 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS
09:21:25.0658 1312 SymIRON - ok
09:21:25.0721 1312 SYMTDIv (671753e39b8f12cf9b6bcefcb19f89b0) C:\Windows\system32\drivers\NIS\1301000.01C\SYMTDIV.SYS
09:21:25.0732 1312 SYMTDIv - ok
09:21:25.0777 1312 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:21:25.0785 1312 Sym_hi - ok
09:21:25.0816 1312 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:21:25.0824 1312 Sym_u3 - ok
09:21:25.0889 1312 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:21:25.0921 1312 Tcpip - ok
09:21:25.0938 1312 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:21:25.0964 1312 Tcpip6 - ok
09:21:26.0008 1312 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:21:26.0019 1312 tcpipreg - ok
09:21:26.0080 1312 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:21:26.0111 1312 TDPIPE - ok
09:21:26.0158 1312 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:21:26.0174 1312 TDTCP - ok
09:21:26.0236 1312 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:21:26.0267 1312 tdx - ok
09:21:26.0298 1312 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:21:26.0314 1312 TermDD - ok
09:21:26.0345 1312 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:21:26.0392 1312 tssecsrv - ok
09:21:26.0423 1312 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:21:26.0439 1312 tunmp - ok
09:21:26.0454 1312 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:21:26.0470 1312 tunnel - ok
09:21:26.0486 1312 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:21:26.0501 1312 uagp35 - ok
09:21:26.0532 1312 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:21:26.0564 1312 udfs - ok
09:21:26.0596 1312 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:21:26.0596 1312 uliagpkx - ok
09:21:26.0641 1312 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:21:26.0653 1312 uliahci - ok
09:21:26.0675 1312 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:21:26.0684 1312 UlSata - ok
09:21:26.0707 1312 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:21:26.0716 1312 ulsata2 - ok
09:21:26.0752 1312 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:21:26.0784 1312 umbus - ok
09:21:26.0831 1312 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:21:26.0860 1312 usbccgp - ok
09:21:26.0880 1312 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:21:26.0919 1312 usbcir - ok
09:21:26.0943 1312 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:21:26.0960 1312 usbehci - ok
09:21:26.0978 1312 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:21:27.0013 1312 usbhub - ok
09:21:27.0050 1312 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:21:27.0088 1312 usbohci - ok
09:21:27.0129 1312 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:21:27.0150 1312 usbprint - ok
09:21:27.0189 1312 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:21:27.0218 1312 usbscan - ok
09:21:27.0240 1312 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:21:27.0272 1312 USBSTOR - ok
09:21:27.0313 1312 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:21:27.0330 1312 usbuhci - ok
09:21:27.0358 1312 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:21:27.0396 1312 vga - ok
09:21:27.0421 1312 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:21:27.0458 1312 VgaSave - ok
09:21:27.0483 1312 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:21:27.0491 1312 viaagp - ok
09:21:27.0506 1312 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:21:27.0560 1312 ViaC7 - ok
09:21:27.0580 1312 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
09:21:27.0587 1312 viaide - ok
09:21:27.0634 1312 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:21:27.0649 1312 volmgr - ok
09:21:27.0680 1312 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:21:27.0696 1312 volmgrx - ok
09:21:27.0712 1312 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:21:27.0727 1312 volsnap - ok
09:21:27.0758 1312 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:21:27.0774 1312 vsmraid - ok
09:21:27.0790 1312 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
09:21:27.0821 1312 VSTHWBS2 - ok
09:21:27.0852 1312 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:21:27.0899 1312 VST_DPV - ok
09:21:27.0914 1312 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:21:27.0961 1312 WacomPen - ok
09:21:28.0008 1312 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:21:28.0055 1312 Wanarp - ok
09:21:28.0055 1312 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:21:28.0070 1312 Wanarpv6 - ok
09:21:28.0086 1312 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:21:28.0102 1312 Wd - ok
09:21:28.0148 1312 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
09:21:28.0156 1312 WDC_SAM - ok
09:21:28.0230 1312 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:21:28.0250 1312 Wdf01000 - ok
09:21:28.0303 1312 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:21:28.0352 1312 winachsf - ok
09:21:28.0410 1312 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:21:28.0448 1312 WmiAcpi - ok
09:21:28.0497 1312 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:21:28.0509 1312 WpdUsb - ok
09:21:28.0551 1312 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:21:28.0585 1312 ws2ifsl - ok
09:21:28.0643 1312 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:21:28.0678 1312 WUDFRd - ok
09:21:28.0722 1312 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:21:28.0847 1312 \Device\Harddisk0\DR0 - ok
09:21:28.0850 1312 Boot (0x1200) (40acf9f818f1641987d091ee5b65f490) \Device\Harddisk0\DR0\Partition0
09:21:28.0851 1312 \Device\Harddisk0\DR0\Partition0 - ok
09:21:28.0852 1312 ============================================================
09:21:28.0852 1312 Scan finished
09:21:28.0852 1312 ============================================================
09:21:28.0861 1868 Detected object count: 1
09:21:28.0861 1868 Actual detected object count: 1
09:22:51.0944 1868 netbt ( Virus.Win32.ZAccess.aml ) - skipped by user
09:22:51.0944 1868 netbt ( Virus.Win32.ZAccess.aml ) - User select action: Skip
09:23:30.0488 2836 ============================================================
09:23:30.0488 2836 Scan started
09:23:30.0488 2836 Mode: Manual; SigCheck; TDLFS;
09:23:30.0488 2836 ============================================================
09:23:33.0482 2836 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:23:33.0513 2836 ACPI - ok
09:23:33.0543 2836 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:23:33.0559 2836 adp94xx - ok
09:23:33.0573 2836 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:23:33.0586 2836 adpahci - ok
09:23:33.0612 2836 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:23:33.0621 2836 adpu160m - ok
09:23:33.0671 2836 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:23:33.0681 2836 adpu320 - ok
09:23:33.0765 2836 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:23:33.0789 2836 AFD - ok
09:23:33.0813 2836 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:23:33.0821 2836 agp440 - ok
09:23:33.0853 2836 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:23:33.0862 2836 aic78xx - ok
09:23:33.0898 2836 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
09:23:33.0906 2836 aliide - ok
09:23:33.0936 2836 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:23:33.0944 2836 amdagp - ok
09:23:33.0960 2836 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
09:23:33.0967 2836 amdide - ok
09:23:33.0992 2836 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:23:34.0032 2836 AmdK7 - ok
09:23:34.0059 2836 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:23:34.0099 2836 AmdK8 - ok
09:23:34.0123 2836 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:23:34.0131 2836 arc - ok
09:23:34.0183 2836 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:23:34.0191 2836 arcsas - ok
09:23:34.0241 2836 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:23:34.0264 2836 AsyncMac - ok
09:23:34.0339 2836 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:23:34.0348 2836 atapi - ok
09:23:34.0456 2836 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
09:23:34.0480 2836 athrusb - ok
09:23:34.0680 2836 BCM43XV (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:23:34.0724 2836 BCM43XV - ok
09:23:34.0798 2836 BCM43XX (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:23:34.0844 2836 BCM43XX - ok
09:23:34.0888 2836 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:23:34.0911 2836 Beep - ok
09:23:35.0294 2836 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
09:23:35.0316 2836 BHDrvx86 - ok
09:23:35.0328 2836 blbdrive - ok
09:23:35.0377 2836 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:23:35.0389 2836 bowser - ok
09:23:35.0440 2836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:23:35.0458 2836 BrFiltLo - ok
09:23:35.0477 2836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:23:35.0494 2836 BrFiltUp - ok
09:23:35.0529 2836 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:23:35.0573 2836 Brserid - ok
09:23:35.0613 2836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:23:35.0653 2836 BrSerWdm - ok
09:23:35.0667 2836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:23:35.0717 2836 BrUsbMdm - ok
09:23:35.0728 2836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:23:35.0774 2836 BrUsbSer - ok
09:23:35.0789 2836 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:23:35.0829 2836 BTHMODEM - ok
09:23:35.0896 2836 ccSet_NIS (2b2f9b4a08190334a9c36446b208bae9) C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys
09:23:35.0904 2836 ccSet_NIS - ok
09:23:35.0924 2836 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:23:35.0947 2836 cdfs - ok
09:23:35.0983 2836 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:23:36.0001 2836 cdrom - ok
09:23:36.0040 2836 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:23:36.0080 2836 circlass - ok
09:23:36.0127 2836 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:23:36.0140 2836 CLFS - ok
09:23:36.0188 2836 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
09:23:36.0195 2836 cmdide - ok
09:23:36.0249 2836 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:23:36.0257 2836 Compbatt - ok
09:23:36.0304 2836 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:23:36.0312 2836 crcdisk - ok
09:23:36.0358 2836 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:23:36.0400 2836 Crusoe - ok
09:23:36.0452 2836 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:23:36.0472 2836 DfsC - ok
09:23:36.0506 2836 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:23:36.0524 2836 disk - ok
09:23:36.0563 2836 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
09:23:36.0569 2836 DLABMFSM - ok
09:23:36.0580 2836 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
09:23:36.0591 2836 DLABOIOM - ok
09:23:36.0608 2836 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
09:23:36.0613 2836 DLACDBHM - ok
09:23:36.0629 2836 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
09:23:36.0635 2836 DLADResM - ok
09:23:36.0661 2836 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
09:23:36.0668 2836 DLAIFS_M - ok
09:23:36.0699 2836 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
09:23:36.0712 2836 DLAOPIOM - ok
09:23:36.0726 2836 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
09:23:36.0731 2836 DLAPoolM - ok
09:23:36.0773 2836 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
09:23:36.0780 2836 DLARTL_M - ok
09:23:36.0826 2836 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
09:23:36.0837 2836 DLAUDFAM - ok
09:23:36.0871 2836 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
09:23:36.0879 2836 DLAUDF_M - ok
09:23:36.0948 2836 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:23:36.0980 2836 Dot4 - ok
09:23:36.0994 2836 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:23:37.0023 2836 Dot4Print - ok
09:23:37.0043 2836 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:23:37.0065 2836 dot4usb - ok
09:23:37.0108 2836 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:23:37.0125 2836 drmkaud - ok
09:23:37.0139 2836 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
09:23:37.0150 2836 DRVMCDB - ok
09:23:37.0179 2836 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
09:23:37.0185 2836 DRVNDDM - ok
09:23:37.0263 2836 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:23:37.0285 2836 DXGKrnl - ok
09:23:37.0371 2836 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
09:23:37.0380 2836 e1express - ok
09:23:37.0417 2836 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:23:37.0472 2836 E1G60 - ok
09:23:37.0525 2836 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:23:37.0536 2836 Ecache - ok
09:23:37.0587 2836 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:23:37.0599 2836 elxstor - ok
09:23:37.0666 2836 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:23:37.0679 2836 exfat - ok
09:23:37.0795 2836 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:23:37.0814 2836 fastfat - ok
09:23:37.0869 2836 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:23:37.0894 2836 fdc - ok
09:23:37.0975 2836 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:23:37.0984 2836 FileInfo - ok
09:23:38.0120 2836 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:23:38.0148 2836 Filetrace - ok
09:23:38.0401 2836 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:23:38.0441 2836 flpydisk - ok
09:23:38.0488 2836 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:23:38.0499 2836 FltMgr - ok
09:23:38.0535 2836 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
09:23:38.0548 2836 fssfltr - ok
09:23:38.0595 2836 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:23:38.0612 2836 Fs_Rec - ok
09:23:38.0648 2836 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:23:38.0656 2836 gagp30kx - ok
09:23:38.0711 2836 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:23:38.0718 2836 GEARAspiWDM - ok
09:23:38.0760 2836 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:23:38.0811 2836 HdAudAddService - ok
09:23:38.0857 2836 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:23:38.0882 2836 HDAudBus - ok
09:23:38.0919 2836 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:23:38.0959 2836 HidBth - ok
09:23:38.0993 2836 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:23:39.0033 2836 HidIr - ok
09:23:39.0084 2836 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:23:39.0100 2836 HidUsb - ok
09:23:39.0128 2836 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:23:39.0135 2836 HpCISSs - ok
09:23:39.0221 2836 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:23:39.0238 2836 HTTP - ok
09:23:39.0282 2836 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:23:39.0290 2836 i2omp - ok
09:23:39.0340 2836 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:23:39.0357 2836 i8042prt - ok
09:23:39.0418 2836 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:23:39.0428 2836 iaStorV - ok
09:23:39.0720 2836 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120303.003\IDSvix86.sys
09:23:39.0733 2836 IDSVix86 - ok
09:23:39.0821 2836 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:23:39.0867 2836 igfx - ok
09:23:39.0909 2836 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:23:39.0917 2836 iirsp - ok
09:23:40.0008 2836 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
09:23:40.0066 2836 IntcAzAudAddService - ok
09:23:40.0111 2836 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
09:23:40.0119 2836 intelide - ok
09:23:40.0179 2836 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:23:40.0208 2836 intelppm - ok
09:23:40.0260 2836 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:23:40.0287 2836 IpFilterDriver - ok
09:23:40.0299 2836 IpInIp - ok
09:23:40.0348 2836 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:23:40.0389 2836 IPMIDRV - ok
09:23:40.0447 2836 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:23:40.0476 2836 IPNAT - ok
09:23:40.0515 2836 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:23:40.0539 2836 IRENUM - ok
09:23:40.0572 2836 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:23:40.0582 2836 isapnp - ok
09:23:40.0604 2836 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:23:40.0616 2836 iScsiPrt - ok
09:23:40.0672 2836 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:23:40.0680 2836 iteatapi - ok
09:23:40.0707 2836 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:23:40.0715 2836 iteraid - ok
09:23:40.0770 2836 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:23:40.0779 2836 kbdclass - ok
09:23:40.0820 2836 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:23:40.0846 2836 kbdhid - ok
09:23:40.0883 2836 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
09:23:40.0900 2836 KSecDD - ok
09:23:40.0937 2836 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:23:40.0960 2836 lltdio - ok
09:23:41.0002 2836 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:23:41.0019 2836 LSI_FC - ok
09:23:41.0071 2836 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:23:41.0081 2836 LSI_SAS - ok
09:23:41.0110 2836 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:23:41.0118 2836 LSI_SCSI - ok
09:23:41.0171 2836 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:23:41.0193 2836 luafv - ok
09:23:41.0229 2836 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:23:41.0237 2836 megasas - ok
09:23:41.0291 2836 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:23:41.0319 2836 Modem - ok
09:23:41.0352 2836 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:23:41.0375 2836 monitor - ok
09:23:41.0420 2836 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:23:41.0429 2836 mouclass - ok
09:23:41.0441 2836 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:23:41.0463 2836 mouhid - ok
09:23:41.0493 2836 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:23:41.0501 2836 MountMgr - ok
09:23:41.0535 2836 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:23:41.0547 2836 mpio - ok
09:23:41.0587 2836 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:23:41.0606 2836 mpsdrv - ok
09:23:41.0629 2836 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:23:41.0643 2836 Mraid35x - ok
09:23:41.0673 2836 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:23:41.0687 2836 MRxDAV - ok
09:23:41.0736 2836 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:23:41.0748 2836 mrxsmb - ok
09:23:41.0804 2836 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:23:41.0817 2836 mrxsmb10 - ok
09:23:41.0845 2836 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:23:41.0857 2836 mrxsmb20 - ok
09:23:41.0880 2836 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
09:23:41.0890 2836 msahci - ok
09:23:41.0923 2836 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:23:41.0932 2836 msdsm - ok
09:23:41.0976 2836 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:23:41.0998 2836 Msfs - ok
09:23:42.0022 2836 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:23:42.0030 2836 msisadrv - ok
09:23:42.0101 2836 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:23:42.0124 2836 MSKSSRV - ok
09:23:42.0162 2836 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:23:42.0185 2836 MSPCLOCK - ok
09:23:42.0226 2836 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:23:42.0249 2836 MSPQM - ok
09:23:42.0284 2836 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:23:42.0298 2836 MsRPC - ok
09:23:42.0329 2836 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:23:42.0336 2836 mssmbios - ok
09:23:42.0388 2836 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:23:42.0411 2836 MSTEE - ok
09:23:42.0441 2836 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:23:42.0453 2836 Mup - ok
09:23:42.0493 2836 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:23:42.0516 2836 NativeWifiP - ok
09:23:42.0695 2836 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\NAVENG.SYS
09:23:42.0702 2836 NAVENG - ok
09:23:42.0745 2836 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\NAVEX15.SYS
09:23:42.0792 2836 NAVEX15 - ok
09:23:42.0857 2836 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:23:42.0876 2836 NDIS - ok
09:23:42.0938 2836 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:23:42.0955 2836 NdisTapi - ok
09:23:42.0994 2836 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:23:43.0016 2836 Ndisuio - ok
09:23:43.0061 2836 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:23:43.0079 2836 NdisWan - ok
09:23:43.0124 2836 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:23:43.0141 2836 NDProxy - ok
09:23:43.0227 2836 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:23:43.0249 2836 NetBIOS - ok
09:23:43.0303 2836 netbt (058807155d0e071005c09e3f79d41691) C:\Windows\system32\DRIVERS\netbt.sys
09:23:43.0304 2836 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 058807155d0e071005c09e3f79d41691, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6
09:23:43.0306 2836 netbt ( Virus.Win32.ZAccess.aml ) - infected
09:23:43.0306 2836 netbt - detected Virus.Win32.ZAccess.aml (0)
09:23:43.0377 2836 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:23:43.0388 2836 nfrd960 - ok
09:23:43.0485 2836 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:23:43.0502 2836 Npfs - ok
09:23:43.0593 2836 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:23:43.0615 2836 nsiproxy - ok
09:23:43.0692 2836 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:23:43.0723 2836 Ntfs - ok
09:23:43.0750 2836 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:23:43.0788 2836 ntrigdigi - ok
09:23:43.0828 2836 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:23:43.0850 2836 Null - ok
09:23:43.0902 2836 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
09:23:43.0914 2836 nvraid - ok
09:23:43.0940 2836 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
09:23:43.0955 2836 nvstor - ok
09:23:43.0987 2836 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:23:43.0996 2836 nv_agp - ok
09:23:44.0016 2836 NwlnkFlt - ok
09:23:44.0053 2836 NwlnkFwd - ok
09:23:44.0091 2836 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:23:44.0139 2836 ohci1394 - ok
09:23:44.0189 2836 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:23:44.0232 2836 Parport - ok
09:23:44.0273 2836 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:23:44.0282 2836 partmgr - ok
09:23:44.0312 2836 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:23:44.0360 2836 Parvdm - ok
09:23:44.0406 2836 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:23:44.0417 2836 pci - ok
09:23:44.0436 2836 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:23:44.0449 2836 pciide - ok
09:23:44.0477 2836 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:23:44.0487 2836 pcmcia - ok
09:23:44.0524 2836 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:23:44.0582 2836 PEAUTH - ok
09:23:44.0660 2836 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:23:44.0683 2836 PptpMiniport - ok
09:23:44.0709 2836 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:23:44.0750 2836 Processor - ok
09:23:44.0791 2836 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:23:44.0824 2836 PSched - ok
09:23:44.0861 2836 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
09:23:44.0867 2836 PxHelp20 - ok
09:23:44.0925 2836 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:23:44.0950 2836 ql2300 - ok
09:23:44.0988 2836 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:23:44.0997 2836 ql40xx - ok
09:23:45.0034 2836 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:23:45.0045 2836 QWAVEdrv - ok
09:23:45.0059 2836 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:23:45.0091 2836 RasAcd - ok
09:23:45.0127 2836 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:23:45.0154 2836 Rasl2tp - ok
09:23:45.0200 2836 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:23:45.0217 2836 RasPppoe - ok
09:23:45.0280 2836 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:23:45.0292 2836 RasSstp - ok
09:23:45.0337 2836 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:23:45.0356 2836 rdbss - ok
09:23:45.0385 2836 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:23:45.0407 2836 RDPCDD - ok
09:23:45.0447 2836 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:23:45.0488 2836 rdpdr - ok
09:23:45.0510 2836 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:23:45.0532 2836 RDPENCDD - ok
09:23:45.0570 2836 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:23:45.0589 2836 RDPWD - ok
09:23:45.0604 2836 rlidxbn - ok
09:23:45.0645 2836 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:23:45.0668 2836 rspndr - ok
09:23:45.0738 2836 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:23:45.0744 2836 SASDIFSV - ok
09:23:45.0772 2836 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:23:45.0778 2836 SASKUTIL - ok
09:23:45.0811 2836 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:23:45.0823 2836 sbp2port - ok
09:23:45.0888 2836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:23:45.0928 2836 secdrv - ok
09:23:45.0969 2836 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:23:46.0009 2836 Serenum - ok
09:23:46.0041 2836 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:23:46.0090 2836 Serial - ok
09:23:46.0122 2836 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:23:46.0152 2836 sermouse - ok
09:23:46.0210 2836 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:23:46.0249 2836 sffdisk - ok
09:23:46.0289 2836 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:23:46.0328 2836 sffp_mmc - ok
09:23:46.0365 2836 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:23:46.0405 2836 sffp_sd - ok
09:23:46.0431 2836 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:23:46.0470 2836 sfloppy - ok
09:23:46.0507 2836 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:23:46.0516 2836 sisagp - ok
09:23:46.0541 2836 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:23:46.0549 2836 SiSRaid2 - ok
09:23:46.0574 2836 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:23:46.0583 2836 SiSRaid4 - ok
09:23:46.0625 2836 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:23:46.0644 2836 Smb - ok
09:23:46.0712 2836 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:23:46.0721 2836 spldr - ok
09:23:46.0871 2836 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS
09:23:46.0886 2836 SRTSP - ok
09:23:46.0945 2836 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS
09:23:46.0963 2836 SRTSPX - ok
09:23:47.0001 2836 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:23:47.0016 2836 srv - ok
09:23:47.0055 2836 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:23:47.0070 2836 srv2 - ok
09:23:47.0093 2836 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:23:47.0105 2836 srvnet - ok
09:23:47.0159 2836 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:23:47.0167 2836 swenum - ok
09:23:47.0198 2836 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:23:47.0207 2836 Symc8xx - ok
09:23:47.0271 2836 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1301000.01C\SYMDS.SYS
09:23:47.0282 2836 SymDS - ok
09:23:47.0368 2836 SymEFA (a0c7005387bb6f055bb50bd8e779368b) C:\Windows\system32\drivers\NIS\1301000.01C\SYMEFA.SYS
09:23:47.0391 2836 SymEFA - ok
09:23:47.0454 2836 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:23:47.0461 2836 SymEvent - ok
09:23:47.0499 2836 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS
09:23:47.0507 2836 SymIRON - ok
09:23:47.0613 2836 SYMTDIv (671753e39b8f12cf9b6bcefcb19f89b0) C:\Windows\system32\drivers\NIS\1301000.01C\SYMTDIV.SYS
09:23:47.0625 2836 SYMTDIv - ok
09:23:47.0677 2836 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:23:47.0693 2836 Sym_hi - ok
09:23:47.0706 2836 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:23:47.0714 2836 Sym_u3 - ok
09:23:47.0799 2836 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:23:47.0832 2836 Tcpip - ok
09:23:47.0856 2836 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:23:47.0883 2836 Tcpip6 - ok
09:23:47.0942 2836 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:23:47.0953 2836 tcpipreg - ok
09:23:48.0011 2836 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:23:48.0033 2836 TDPIPE - ok
09:23:48.0126 2836 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:23:48.0152 2836 TDTCP - ok
09:23:48.0214 2836 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:23:48.0232 2836 tdx - ok
09:23:48.0275 2836 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:23:48.0284 2836 TermDD - ok
09:23:48.0359 2836 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:23:48.0382 2836 tssecsrv - ok
09:23:48.0431 2836 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:23:48.0452 2836 tunmp - ok
09:23:48.0460 2836 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:23:48.0471 2836 tunnel - ok
09:23:48.0541 2836 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:23:48.0549 2836 uagp35 - ok
09:23:48.0608 2836 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:23:48.0629 2836 udfs - ok
09:23:48.0678 2836 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:23:48.0696 2836 uliagpkx - ok
09:23:48.0732 2836 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:23:48.0743 2836 uliahci - ok
09:23:48.0782 2836 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:23:48.0791 2836 UlSata - ok
09:23:48.0823 2836 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:23:48.0848 2836 ulsata2 - ok
09:23:48.0885 2836 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:23:48.0908 2836 umbus - ok
09:23:48.0964 2836 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:23:48.0982 2836 usbccgp - ok
09:23:49.0021 2836 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:23:49.0061 2836 usbcir - ok
09:23:49.0094 2836 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:23:49.0114 2836 usbehci - ok
09:23:49.0136 2836 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:23:49.0155 2836 usbhub - ok
09:23:49.0174 2836 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:23:49.0232 2836 usbohci - ok
09:23:49.0264 2836 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:23:49.0286 2836 usbprint - ok
09:23:49.0330 2836 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:23:49.0348 2836 usbscan - ok
09:23:49.0381 2836 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:23:49.0398 2836 USBSTOR - ok
09:23:49.0441 2836 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:23:49.0459 2836 usbuhci - ok
09:23:49.0491 2836 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:23:49.0539 2836 vga - ok
09:23:49.0574 2836 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:23:49.0596 2836 VgaSave - ok
09:23:49.0640 2836 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:23:49.0648 2836 viaagp - ok
09:23:49.0672 2836 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:23:49.0712 2836 ViaC7 - ok
09:23:49.0746 2836 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
09:23:49.0753 2836 viaide - ok
09:23:49.0802 2836 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:23:49.0816 2836 volmgr - ok
09:23:49.0868 2836 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:23:49.0881 2836 volmgrx - ok
09:23:49.0897 2836 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:23:49.0909 2836 volsnap - ok
09:23:49.0945 2836 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:23:49.0954 2836 vsmraid - ok
09:23:50.0009 2836 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
09:23:50.0034 2836 VSTHWBS2 - ok
09:23:50.0063 2836 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:23:50.0103 2836 VST_DPV - ok
09:23:50.0141 2836 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:23:50.0181 2836 WacomPen - ok
09:23:50.0242 2836 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:23:50.0265 2836 Wanarp - ok
09:23:50.0271 2836 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:23:50.0289 2836 Wanarpv6 - ok
09:23:50.0320 2836 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:23:50.0327 2836 Wd - ok
09:23:50.0386 2836 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
09:23:50.0396 2836 WDC_SAM - ok
09:23:50.0472 2836 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:23:50.0489 2836 Wdf01000 - ok
09:23:50.0561 2836 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:23:50.0594 2836 winachsf - ok
09:23:50.0677 2836 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:23:50.0726 2836 WmiAcpi - ok
09:23:50.0788 2836 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:23:50.0801 2836 WpdUsb - ok
09:23:50.0867 2836 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:23:50.0896 2836 ws2ifsl - ok
09:23:50.0959 2836 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:23:50.0982 2836 WUDFRd - ok
09:23:51.0055 2836 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:23:51.0155 2836 \Device\Harddisk0\DR0 - ok
09:23:51.0162 2836 Boot (0x1200) (40acf9f818f1641987d091ee5b65f490) \Device\Harddisk0\DR0\Partition0
09:23:51.0163 2836 \Device\Harddisk0\DR0\Partition0 - ok
09:23:51.0167 2836 ============================================================
09:23:51.0167 2836 Scan finished
09:23:51.0167 2836 ============================================================
09:23:51.0175 2828 Detected object count: 1
09:23:51.0175 2828 Actual detected object count: 1
09:24:02.0220 2828 netbt ( Virus.Win32.ZAccess.aml ) - skipped by user
09:24:02.0220 2828 netbt ( Virus.Win32.ZAccess.aml ) - User select action: Skip
09:25:00.0877 3840 ============================================================
09:25:00.0877 3840 Scan started
09:25:00.0877 3840 Mode: Manual; SigCheck; TDLFS;
09:25:00.0877 3840 ============================================================
09:25:03.0423 3840 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:25:03.0437 3840 ACPI - ok
09:25:03.0467 3840 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:25:03.0482 3840 adp94xx - ok
09:25:03.0530 3840 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:25:03.0541 3840 adpahci - ok
09:25:03.0561 3840 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:25:03.0569 3840 adpu160m - ok
09:25:03.0654 3840 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:25:03.0664 3840 adpu320 - ok
09:25:03.0722 3840 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:25:03.0736 3840 AFD - ok
09:25:03.0754 3840 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:25:03.0762 3840 agp440 - ok
09:25:03.0803 3840 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:25:03.0811 3840 aic78xx - ok
09:25:03.0847 3840 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
09:25:03.0855 3840 aliide - ok
09:25:03.0910 3840 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:25:03.0918 3840 amdagp - ok
09:25:03.0959 3840 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
09:25:03.0967 3840 amdide - ok
09:25:03.0992 3840 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:25:04.0031 3840 AmdK7 - ok
09:25:04.0075 3840 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:25:04.0113 3840 AmdK8 - ok
09:25:04.0131 3840 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:25:04.0139 3840 arc - ok
09:25:04.0157 3840 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:25:04.0165 3840 arcsas - ok
09:25:04.0240 3840 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:25:04.0262 3840 AsyncMac - ok
09:25:04.0304 3840 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:25:04.0313 3840 atapi - ok
09:25:04.0372 3840 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
09:25:04.0394 3840 athrusb - ok
09:25:04.0529 3840 BCM43XV (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:25:04.0589 3840 BCM43XV - ok
09:25:04.0646 3840 BCM43XX (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:25:04.0712 3840 BCM43XX - ok
09:25:04.0812 3840 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:25:04.0834 3840 Beep - ok
09:25:05.0152 3840 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
09:25:05.0173 3840 BHDrvx86 - ok
09:25:05.0215 3840 blbdrive - ok
09:25:05.0233 3840 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:25:05.0245 3840 bowser - ok
09:25:05.0288 3840 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:25:05.0305 3840 BrFiltLo - ok
09:25:05.0334 3840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:25:05.0352 3840 BrFiltUp - ok
09:25:05.0420 3840 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:25:05.0460 3840 Brserid - ok
09:25:05.0479 3840 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:25:05.0520 3840 BrSerWdm - ok
09:25:05.0558 3840 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:25:05.0597 3840 BrUsbMdm - ok
09:25:05.0619 3840 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:25:05.0658 3840 BrUsbSer - ok
09:25:05.0722 3840 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:25:05.0761 3840 BTHMODEM - ok
09:25:05.0846 3840 ccSet_NIS (2b2f9b4a08190334a9c36446b208bae9) C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys
09:25:05.0853 3840 ccSet_NIS - ok
09:25:05.0871 3840 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:25:05.0894 3840 cdfs - ok
09:25:05.0924 3840 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:25:05.0942 3840 cdrom - ok
09:25:05.0965 3840 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:25:06.0005 3840 circlass - ok
09:25:06.0051 3840 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:25:06.0064 3840 CLFS - ok
09:25:06.0095 3840 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
09:25:06.0103 3840 cmdide - ok
09:25:06.0115 3840 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:25:06.0122 3840 Compbatt - ok
09:25:06.0170 3840 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:25:06.0178 3840 crcdisk - ok
09:25:06.0232 3840 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:25:06.0272 3840 Crusoe - ok
09:25:06.0318 3840 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:25:06.0329 3840 DfsC - ok
09:25:06.0353 3840 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:25:06.0363 3840 disk - ok
09:25:06.0395 3840 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
09:25:06.0402 3840 DLABMFSM - ok
09:25:06.0412 3840 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
09:25:06.0418 3840 DLABOIOM - ok
09:25:06.0445 3840 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
09:25:06.0451 3840 DLACDBHM - ok
09:25:06.0462 3840 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
09:25:06.0468 3840 DLADResM - ok
09:25:06.0485 3840 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
09:25:06.0492 3840 DLAIFS_M - ok
09:25:06.0524 3840 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
09:25:06.0530 3840 DLAOPIOM - ok
09:25:06.0537 3840 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
09:25:06.0543 3840 DLAPoolM - ok
09:25:06.0550 3840 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
09:25:06.0557 3840 DLARTL_M - ok
09:25:06.0575 3840 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
09:25:06.0583 3840 DLAUDFAM - ok
09:25:06.0604 3840 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
09:25:06.0611 3840 DLAUDF_M - ok
09:25:06.0664 3840 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:25:06.0688 3840 Dot4 - ok
09:25:06.0702 3840 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:25:06.0724 3840 Dot4Print - ok
09:25:06.0734 3840 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:25:06.0757 3840 dot4usb - ok
09:25:06.0862 3840 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:25:06.0878 3840 drmkaud - ok
09:25:06.0886 3840 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
09:25:06.0894 3840 DRVMCDB - ok
09:25:06.0901 3840 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
09:25:06.0908 3840 DRVNDDM - ok
09:25:06.0962 3840 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:25:06.0984 3840 DXGKrnl - ok
09:25:07.0026 3840 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
09:25:07.0034 3840 e1express - ok
09:25:07.0100 3840 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:25:07.0139 3840 E1G60 - ok
09:25:07.0169 3840 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:25:07.0180 3840 Ecache - ok
09:25:07.0220 3840 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:25:07.0231 3840 elxstor - ok
09:25:07.0282 3840 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:25:07.0294 3840 exfat - ok
09:25:07.0321 3840 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:25:07.0339 3840 fastfat - ok
09:25:07.0358 3840 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:25:07.0381 3840 fdc - ok
09:25:07.0417 3840 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:25:07.0425 3840 FileInfo - ok
09:25:07.0469 3840 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:25:07.0491 3840 Filetrace - ok
09:25:07.0510 3840 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:25:07.0549 3840 flpydisk - ok
09:25:07.0558 3840 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:25:07.0570 3840 FltMgr - ok
09:25:07.0619 3840 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
09:25:07.0626 3840 fssfltr - ok
09:25:07.0670 3840 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:25:07.0686 3840 Fs_Rec - ok
09:25:07.0706 3840 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:25:07.0714 3840 gagp30kx - ok
09:25:07.0768 3840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:25:07.0774 3840 GEARAspiWDM - ok
09:25:07.0802 3840 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:25:07.0845 3840 HdAudAddService - ok
09:25:07.0891 3840 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:25:07.0914 3840 HDAudBus - ok
09:25:07.0969 3840 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:25:08.0008 3840 HidBth - ok
09:25:08.0027 3840 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:25:08.0065 3840 HidIr - ok
09:25:08.0083 3840 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:25:08.0101 3840 HidUsb - ok
09:25:08.0137 3840 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:25:08.0145 3840 HpCISSs - ok
09:25:08.0205 3840 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:25:08.0221 3840 HTTP - ok
09:25:08.0249 3840 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:25:08.0266 3840 i2omp - ok
09:25:08.0324 3840 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:25:08.0342 3840 i8042prt - ok
09:25:08.0376 3840 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:25:08.0388 3840 iaStorV - ok
09:25:08.0629 3840 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120303.003\IDSvix86.sys
09:25:08.0642 3840 IDSVix86 - ok
09:25:08.0712 3840 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:25:08.0783 3840 igfx - ok
09:25:08.0809 3840 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:25:08.0819 3840 iirsp - ok
09:25:08.0901 3840 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
09:25:09.0058 3840 IntcAzAudAddService - ok
09:25:09.0211 3840 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
09:25:09.0218 3840 intelide - ok
09:25:09.0289 3840 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:25:09.0312 3840 intelppm - ok
09:25:09.0369 3840 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:25:09.0395 3840 IpFilterDriver - ok
09:25:09.0402 3840 IpInIp - ok
09:25:09.0474 3840 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:25:09.0515 3840 IPMIDRV - ok
09:25:09.0547 3840 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:25:09.0571 3840 IPNAT - ok
09:25:09.0673 3840 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:25:09.0703 3840 IRENUM - ok
09:25:09.0722 3840 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:25:09.0730 3840 isapnp - ok
09:25:09.0771 3840 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:25:09.0782 3840 iScsiPrt - ok
09:25:09.0805 3840 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:25:09.0814 3840 iteatapi - ok
09:25:09.0849 3840 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:25:09.0857 3840 iteraid - ok
09:25:09.0902 3840 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:25:09.0910 3840 kbdclass - ok
09:25:09.0953 3840 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:25:09.0971 3840 kbdhid - ok
09:25:10.0015 3840 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
09:25:10.0033 3840 KSecDD - ok
09:25:10.0096 3840 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:25:10.0117 3840 lltdio - ok
09:25:10.0160 3840 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:25:10.0169 3840 LSI_FC - ok
09:25:10.0188 3840 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:25:10.0196 3840 LSI_SAS - ok
09:25:10.0226 3840 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:25:10.0234 3840 LSI_SCSI - ok
09:25:10.0261 3840 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:25:10.0285 3840 luafv - ok
09:25:10.0320 3840 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:25:10.0327 3840 megasas - ok
09:25:10.0345 3840 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:25:10.0368 3840 Modem - ok
09:25:10.0411 3840 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:25:10.0433 3840 monitor - ok
09:25:10.0463 3840 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:25:10.0471 3840 mouclass - ok
09:25:10.0488 3840 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:25:10.0511 3840 mouhid - ok
09:25:10.0551 3840 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:25:10.0560 3840 MountMgr - ok
09:25:10.0593 3840 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:25:10.0602 3840 mpio - ok
09:25:10.0636 3840 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:25:10.0653 3840 mpsdrv - ok
09:25:10.0671 3840 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:25:10.0679 3840 Mraid35x - ok
09:25:10.0704 3840 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:25:10.0719 3840 MRxDAV - ok
09:25:10.0761 3840 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:25:10.0773 3840 mrxsmb - ok
09:25:10.0823 3840 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:25:10.0836 3840 mrxsmb10 - ok
09:25:10.0853 3840 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:25:10.0865 3840 mrxsmb20 - ok
09:25:10.0884 3840 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
09:25:10.0892 3840 msahci - ok
09:25:10.0915 3840 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:25:10.0924 3840 msdsm - ok
09:25:10.0976 3840 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:25:10.0998 3840 Msfs - ok
09:25:11.0011 3840 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:25:11.0020 3840 msisadrv - ok
09:25:11.0052 3840 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:25:11.0074 3840 MSKSSRV - ok
09:25:11.0096 3840 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:25:11.0118 3840 MSPCLOCK - ok
09:25:11.0143 3840 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:25:11.0165 3840 MSPQM - ok
09:25:11.0200 3840 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:25:11.0213 3840 MsRPC - ok
09:25:11.0259 3840 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:25:11.0267 3840 mssmbios - ok
09:25:11.0322 3840 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:25:11.0344 3840 MSTEE - ok
09:25:11.0426 3840 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:25:11.0436 3840 Mup - ok
09:25:11.0509 3840 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:25:11.0522 3840 NativeWifiP - ok
09:25:11.0712 3840 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\NAVENG.SYS
09:25:11.0719 3840 NAVENG - ok
09:25:11.0778 3840 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\NAVEX15.SYS
09:25:11.0822 3840 NAVEX15 - ok
09:25:11.0887 3840 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:25:11.0905 3840 NDIS - ok
09:25:11.0963 3840 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:25:11.0981 3840 NdisTapi - ok
09:25:12.0027 3840 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:25:12.0050 3840 Ndisuio - ok
09:25:12.0070 3840 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:25:12.0088 3840 NdisWan - ok
09:25:12.0115 3840 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:25:12.0136 3840 NDProxy - ok
09:25:12.0149 3840 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:25:12.0171 3840 NetBIOS - ok
09:25:12.0222 3840 netbt (058807155d0e071005c09e3f79d41691) C:\Windows\system32\DRIVERS\netbt.sys
09:25:12.0224 3840 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 058807155d0e071005c09e3f79d41691, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6
09:25:12.0225 3840 netbt ( Virus.Win32.ZAccess.aml ) - infected
09:25:12.0225 3840 netbt - detected Virus.Win32.ZAccess.aml (0)
09:25:12.0302 3840 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:25:12.0312 3840 nfrd960 - ok
09:25:12.0356 3840 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:25:12.0383 3840 Npfs - ok
09:25:12.0412 3840 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:25:12.0435 3840 nsiproxy - ok
09:25:12.0515 3840 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:25:12.0545 3840 Ntfs - ok
09:25:12.0592 3840 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:25:12.0631 3840 ntrigdigi - ok
09:25:12.0695 3840 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:25:12.0716 3840 Null - ok
09:25:12.0744 3840 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
09:25:12.0763 3840 nvraid - ok
09:25:12.0791 3840 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
09:25:12.0801 3840 nvstor - ok
09:25:12.0821 3840 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:25:12.0830 3840 nv_agp - ok
09:25:12.0862 3840 NwlnkFlt - ok
09:25:12.0881 3840 NwlnkFwd - ok
09:25:12.0908 3840 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:25:12.0957 3840 ohci1394 - ok
09:25:12.0990 3840 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:25:13.0038 3840 Parport - ok
09:25:13.0054 3840 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:25:13.0073 3840 partmgr - ok
09:25:13.0087 3840 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:25:13.0135 3840 Parvdm - ok
09:25:13.0191 3840 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:25:13.0204 3840 pci - ok
09:25:13.0220 3840 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:25:13.0229 3840 pciide - ok
09:25:13.0261 3840 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:25:13.0270 3840 pcmcia - ok
09:25:13.0300 3840 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:25:13.0356 3840 PEAUTH - ok
09:25:13.0461 3840 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:25:13.0483 3840 PptpMiniport - ok
09:25:13.0503 3840 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:25:13.0543 3840 Processor - ok
09:25:13.0572 3840 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:25:13.0589 3840 PSched - ok
09:25:13.0604 3840 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
09:25:13.0610 3840 PxHelp20 - ok
09:25:13.0659 3840 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:25:13.0684 3840 ql2300 - ok
09:25:13.0705 3840 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:25:13.0714 3840 ql40xx - ok
09:25:13.0758 3840 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:25:13.0770 3840 QWAVEdrv - ok
09:25:13.0789 3840 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:25:13.0824 3840 RasAcd - ok
09:25:13.0869 3840 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:25:13.0900 3840 Rasl2tp - ok
09:25:13.0943 3840 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:25:13.0961 3840 RasPppoe - ok
09:25:13.0989 3840 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:25:14.0001 3840 RasSstp - ok
09:25:14.0026 3840 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:25:14.0046 3840 rdbss - ok
09:25:14.0110 3840 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:25:14.0132 3840 RDPCDD - ok
09:25:14.0164 3840 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:25:14.0208 3840 rdpdr - ok
09:25:14.0225 3840 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:25:14.0254 3840 RDPENCDD - ok
09:25:14.0279 3840 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:25:14.0298 3840 RDPWD - ok
09:25:14.0319 3840 rlidxbn - ok
09:25:14.0404 3840 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:25:14.0427 3840 rspndr - ok
09:25:14.0504 3840 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:25:14.0510 3840 SASDIFSV - ok
09:25:14.0523 3840 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:25:14.0529 3840 SASKUTIL - ok
09:25:14.0553 3840 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:25:14.0572 3840 sbp2port - ok
09:25:14.0623 3840 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:25:14.0662 3840 secdrv - ok
09:25:14.0711 3840 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:25:14.0753 3840 Serenum - ok
09:25:14.0774 3840 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:25:14.0819 3840 Serial - ok
09:25:14.0877 3840 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:25:14.0899 3840 sermouse - ok
09:25:14.0927 3840 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:25:14.0968 3840 sffdisk - ok
09:25:14.0981 3840 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:25:15.0021 3840 sffp_mmc - ok
09:25:15.0041 3840 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:25:15.0090 3840 sffp_sd - ok
09:25:15.0115 3840 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:25:15.0154 3840 sfloppy - ok
09:25:15.0184 3840 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:25:15.0192 3840 sisagp - ok
09:25:15.0216 3840 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:25:15.0224 3840 SiSRaid2 - ok
09:25:15.0258 3840 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:25:15.0267 3840 SiSRaid4 - ok
09:25:15.0311 3840 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:25:15.0328 3840 Smb - ok
09:25:15.0361 3840 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:25:15.0370 3840 spldr - ok
09:25:15.0521 3840 SRTSP (2c5fbf6a00a4a3dcf643e46e8acb20c2) C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS
09:25:15.0537 3840 SRTSP - ok
09:25:15.0579 3840 SRTSPX (9034ea58552b55f370e5293a7175c5ac) C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS
09:25:15.0585 3840 SRTSPX - ok
09:25:15.0629 3840 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:25:15.0643 3840 srv - ok
09:25:15.0675 3840 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:25:15.0696 3840 srv2 - ok
09:25:15.0715 3840 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:25:15.0727 3840 srvnet - ok
09:25:15.0793 3840 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:25:15.0801 3840 swenum - ok
09:25:15.0834 3840 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:25:15.0843 3840 Symc8xx - ok
09:25:15.0888 3840 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1301000.01C\SYMDS.SYS
09:25:15.0900 3840 SymDS - ok
09:25:16.0018 3840 SymEFA (a0c7005387bb6f055bb50bd8e779368b) C:\Windows\system32\drivers\NIS\1301000.01C\SYMEFA.SYS
09:25:16.0041 3840 SymEFA - ok
09:25:16.0088 3840 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:25:16.0095 3840 SymEvent - ok
09:25:16.0175 3840 SymIRON (39c35ddbb570e9f334f239248e4de34d) C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS
09:25:16.0191 3840 SymIRON - ok
09:25:16.0247 3840 SYMTDIv (671753e39b8f12cf9b6bcefcb19f89b0) C:\Windows\system32\drivers\NIS\1301000.01C\SYMTDIV.SYS
09:25:16.0259 3840 SYMTDIv - ok
09:25:16.0286 3840 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:25:16.0294 3840 Sym_hi - ok
09:25:16.0326 3840 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:25:16.0334 3840 Sym_u3 - ok
09:25:16.0407 3840 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:25:16.0434 3840 Tcpip - ok
09:25:16.0454 3840 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:25:16.0480 3840 Tcpip6 - ok
09:25:16.0517 3840 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:25:16.0528 3840 tcpipreg - ok
09:25:16.0563 3840 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:25:16.0585 3840 TDPIPE - ok
09:25:16.0610 3840 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:25:16.0634 3840 TDTCP - ok
09:25:16.0673 3840 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:25:16.0691 3840 tdx - ok
09:25:16.0726 3840 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:25:16.0736 3840 TermDD - ok
09:25:16.0777 3840 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:25:16.0799 3840 tssecsrv - ok
09:25:16.0849 3840 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:25:16.0860 3840 tunmp - ok
09:25:16.0882 3840 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:25:16.0893 3840 tunnel - ok
09:25:16.0925 3840 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:25:16.0940 3840 uagp35 - ok
09:25:17.0000 3840 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:25:17.0019 3840 udfs - ok
09:25:17.0079 3840 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:25:17.0087 3840 uliagpkx - ok
09:25:17.0158 3840 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:25:17.0168 3840 uliahci - ok
09:25:17.0191 3840 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:25:17.0202 3840 UlSata - ok
09:25:17.0242 3840 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:25:17.0250 3840 ulsata2 - ok
09:25:17.0294 3840 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:25:17.0317 3840 umbus - ok
09:25:17.0374 3840 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:25:17.0392 3840 usbccgp - ok
09:25:17.0414 3840 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:25:17.0454 3840 usbcir - ok
09:25:17.0482 3840 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:25:17.0512 3840 usbehci - ok
09:25:17.0545 3840 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:25:17.0564 3840 usbhub - ok
09:25:17.0583 3840 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:25:17.0654 3840 usbohci - ok
09:25:17.0672 3840 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:25:17.0703 3840 usbprint - ok
09:25:17.0747 3840 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:25:17.0764 3840 usbscan - ok
09:25:17.0790 3840 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:25:17.0809 3840 USBSTOR - ok
09:25:17.0855 3840 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:25:17.0875 3840 usbuhci - ok
09:25:17.0900 3840 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:25:17.0940 3840 vga - ok
09:25:17.0963 3840 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:25:17.0986 3840 VgaSave - ok
09:25:18.0016 3840 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:25:18.0024 3840 viaagp - ok
09:25:18.0040 3840 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:25:18.0088 3840 ViaC7 - ok
09:25:18.0113 3840 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
09:25:18.0123 3840 viaide - ok
09:25:18.0147 3840 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:25:18.0155 3840 volmgr - ok
09:25:18.0194 3840 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:25:18.0208 3840 volmgrx - ok
09:25:18.0234 3840 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:25:18.0247 3840 volsnap - ok
09:25:18.0271 3840 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:25:18.0280 3840 vsmraid - ok
09:25:18.0327 3840 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
09:25:18.0351 3840 VSTHWBS2 - ok
09:25:18.0398 3840 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:25:18.0444 3840 VST_DPV - ok
09:25:18.0475 3840 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:25:18.0514 3840 WacomPen - ok
09:25:18.0585 3840 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:25:18.0603 3840 Wanarp - ok
09:25:18.0606 3840 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:25:18.0624 3840 Wanarpv6 - ok
09:25:18.0654 3840 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:25:18.0662 3840 Wd - ok
09:25:18.0712 3840 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
09:25:18.0721 3840 WDC_SAM - ok
09:25:18.0773 3840 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:25:18.0794 3840 Wdf01000 - ok
09:25:18.0887 3840 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:25:18.0919 3840 winachsf - ok
09:25:18.0978 3840 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:25:19.0027 3840 WmiAcpi - ok
09:25:19.0089 3840 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:25:19.0100 3840 WpdUsb - ok
09:25:19.0160 3840 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:25:19.0190 3840 ws2ifsl - ok
09:25:19.0260 3840 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:25:19.0283 3840 WUDFRd - ok
09:25:19.0347 3840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:25:19.0473 3840 \Device\Harddisk0\DR0 - ok
09:25:19.0477 3840 Boot (0x1200) (40acf9f818f1641987d091ee5b65f490) \Device\Harddisk0\DR0\Partition0
09:25:19.0478 3840 \Device\Harddisk0\DR0\Partition0 - ok
09:25:19.0480 3840 ============================================================
09:25:19.0480 3840 Scan finished
09:25:19.0480 3840 ============================================================
09:25:19.0499 3832 Detected object count: 1
09:25:19.0499 3832 Actual detected object count: 1
09:25:24.0694 3832 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
09:25:24.0847 3832 Backup copy found, using it..
09:25:24.0854 3832 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
09:25:26.0957 3832 netbt ( Virus.Win32.ZAccess.aml ) - User select action: Cure
09:25:34.0203 1676 Deinitialize success


3.
Farbar Service Scanner Version: 01-03-2012
Ran by Parisa (administrator) on 06-03-2012 at 09:36:18
Running from "C:\Users\Parisa\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 20:14] - [2011-04-21 05:58] - 0273408 ____A () E393785473ABBDD5C46285E5FB0F6710

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

I have to post #4 & #5 in a separate reply because it says its too long

4.
OTL logfile created on: 3/6/2012 9:38:08 AM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Parisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 46.52% Memory free
6.18 Gb Paging File | 4.37 Gb Available in Paging File | 70.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 553.57 Gb Free Space | 59.43% Space Free | Partition Type: NTFS

Computer Name: PARISA-PC | User Name: Parisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 09:37:02 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Parisa\Desktop\OTL.exe
PRC - [2012/03/06 09:34:21 | 000,337,137 | ---- | M] () -- C:\Users\Parisa\Desktop\FSS.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Parisa\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/01 15:37:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Parisa\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
PRC - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2010/12/26 14:08:56 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/11/08 11:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 11:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 11:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/06 09:34:21 | 000,337,137 | ---- | M] () -- C:\Users\Parisa\Desktop\FSS.exe
MOD - [2012/02/14 21:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/14 21:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/14 21:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/14 21:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/14 21:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/01 23:09:40 | 000,262,656 | ---- | M] () -- C:\Program Files\The Extractor\extcmh.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Udfreadr_xp)
SRV - File not found [Auto | Stopped] -- -- (tvicport)
SRV - File not found [Auto | Stopped] -- -- (server)
SRV - File not found [Auto | Stopped] -- -- (SE2Dbus)
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (o2flash)
SRV - File not found [Auto | Stopped] -- -- (nuvaud2)
SRV - File not found [Auto | Stopped] -- -- (ntuneservice)
SRV - File not found [Auto | Stopped] -- -- (NecUsb3)
SRV - File not found [Auto | Stopped] -- -- (MailService)
SRV - File not found [Auto | Stopped] -- -- (lockmgr)
SRV - File not found [Auto | Stopped] -- -- (lexbces)
SRV - File not found [Auto | Stopped] -- -- (hsfhwbs2)
SRV - File not found [Auto | Stopped] -- -- (enethusb)
SRV - File not found [Auto | Stopped] -- -- (asp.net_2.0.50727)
SRV - [2012/02/10 11:38:06 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010/12/26 14:08:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/11/08 11:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 11:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 11:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/04/16 08:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Disabled | Stopped] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/18 23:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\bdftdif.dll -- (zebrceb)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- -- (rlidxbn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2012/03/05 10:10:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\navex15.sys -- (NAVEX15)
DRV - [2012/03/05 10:10:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120305.002\naveng.sys -- (NAVENG)
DRV - [2012/03/05 10:06:53 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/03 04:03:30 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120303.003\IDSvix86.sys -- (IDSVix86)
DRV - [2012/02/15 21:50:02 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/08 15:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 18:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 18:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/28 19:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301000.01C\SYMEFA.SYS -- (SymEFA)
DRV - [2011/07/25 18:18:40 | 000,344,184 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301000.01C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1301000.01C\SYMDS.SYS -- (SymDS)
DRV - [2011/07/25 18:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS -- (SymIRON)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/21 05:58:27 | 000,273,408 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\afd.sys -- (AFD)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/01 23:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC C4 F8 D2 C8 83 CC 01 [binary data]
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes\{B57B59EB-983D-4A5D-B734-55463194BFC3}: "URL" = http://mn.iamwired.net/websearch.php?src=tops&search={SearchTerms}
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://mn.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://mn.iamwired.net/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://mn.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Parisa\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Parisa\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Parisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/11/14 22:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/19 22:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/27 23:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/27 23:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/06 09:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/03/06 09:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/02 13:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 14:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/16 15:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/19 22:37:17 | 000,000,000 | ---D | M]

[2011/02/03 15:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parisa\AppData\Roaming\Mozilla\Extensions
[2011/11/15 23:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\extensions
[2011/03/16 11:35:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/14 20:56:39 | 000,000,259 | ---- | M] () -- C:\Users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\searchplugins\Search.xml
[2012/03/02 13:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/16 06:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/21 03:00:04 | 000,061,440 | ---- | M] (Element K Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOlp32.dll
[2012/02/16 02:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 02:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Offline Course Player Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOlp32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files\Photodex Presenter\npPxPlay.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Parisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: DivX HiQ = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Minimal = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000..\Run: [Akamai NetSession Interface] C:\Users\Parisa\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Parisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: download.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftelearning.com ([dynamics] https in Trusted sites)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF03E76-DA3B-417A-ACB7-0A670BACFA8A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA1A5F35-075A-4EB9-A10A-4F278809AD18}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Parisa\Pictures\EclipseBanner5-702x1023.jpg
O24 - Desktop BackupWallPaper: C:\Users\Parisa\Pictures\EclipseBanner5-702x1023.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6082770f-f27d-11df-950b-b0f9e9c4e768}\Shell - "" = AutoRun
O33 - MountPoints2\{6082770f-f27d-11df-950b-b0f9e9c4e768}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O33 - MountPoints2\{e04be1fe-efb0-11df-b2f0-001d6013d1b9}\Shell\AutoRun\command - "" = K:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk - C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk - C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE - (Intuit Inc.)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: 54340251.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: nuvaud2 - File not found
NetSvcs: asp.net_2.0.50727 - File not found
NetSvcs: ntuneservice - File not found
NetSvcs: tvicport - File not found
NetSvcs: enethusb - File not found
NetSvcs: OneCareMP - File not found
NetSvcs: zebrceb - C:\Windows\System32\bdftdif.dll (Oak Technology Inc.)
NetSvcs: pccsmcfd - File not found
NetSvcs: cwafeventrouter - File not found
NetSvcs: rtl8139 - File not found
NetSvcs: snmptrapdservice - File not found
NetSvcs: amon - File not found
NetSvcs: rbfilter - File not found
NetSvcs: SNDO763 - File not found
NetSvcs: tvtfilter - File not found
NetSvcs: slee_81_service - File not found
NetSvcs: epgspooler - File not found
NetSvcs: U81xmgmt - File not found
NetSvcs: vaiomediaplatform-mobile-gateway - File not found
NetSvcs: SWMX00 - File not found
NetSvcs: basic2 - File not found
NetSvcs: Alpham1 - File not found
NetSvcs: tavsvc - File not found
NetSvcs: wintabservice - File not found
NetSvcs: WmXlCore - File not found
NetSvcs: ZY202_XP - File not found
NetSvcs: pcouffin - File not found
NetSvcs: stcagent - File not found
NetSvcs: AppnApi - File not found
NetSvcs: SRVLOC - File not found
NetSvcs: roammgr - File not found
NetSvcs: iastor - File not found
NetSvcs: bdrsdrv - File not found
NetSvcs: nmwcdcm - File not found
NetSvcs: servidor - File not found
NetSvcs: s616obex - File not found
NetSvcs: wandrv - File not found
NetSvcs: mcsysmon - File not found
NetSvcs: HPFECP20 - File not found
NetSvcs: ssisvr32 - File not found
NetSvcs: Fd16_700 - File not found
NetSvcs: camdrl - File not found
NetSvcs: o2flash - File not found
NetSvcs: Udfreadr_xp - File not found
NetSvcs: server - File not found
NetSvcs: SE2Dbus - File not found
NetSvcs: MailService - File not found
NetSvcs: lockmgr - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 09:37:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Parisa\Desktop\OTL.exe
[2012/03/06 09:25:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/06 09:19:57 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Parisa\Desktop\tdsskiller.exe
[2012/03/05 11:06:10 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Parisa\Desktop\aswMBR.exe
[2012/03/05 10:06:53 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/05 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/05 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/03/04 23:13:31 | 000,897,656 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys
[2012/03/04 23:13:31 | 000,566,904 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys
[2012/03/04 23:13:31 | 000,344,184 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\symtdiv.sys
[2012/03/04 23:13:31 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys
[2012/03/04 23:13:31 | 000,314,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys
[2012/03/04 23:13:31 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys
[2012/03/04 23:13:31 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys
[2012/03/04 23:13:31 | 000,031,864 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys
[2012/03/04 23:13:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/03/04 23:13:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1301000.01C
[2012/03/04 23:13:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/03/04 23:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/03/04 23:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/03/04 23:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/03/04 23:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/28 18:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2012/02/28 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2012/02/28 12:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/02/28 12:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
[2012/02/28 12:15:45 | 000,000,000 | ---D | C] -- C:\Users\Parisa\Documents\My Web Sites
[2012/02/28 12:15:45 | 000,000,000 | ---D | C] -- C:\Users\Parisa\Documents\IISExpress
[2012/02/28 12:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
[2012/02/28 12:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WebMatrix
[2012/02/28 12:07:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2012/02/28 12:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2012/02/28 12:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 7.0 Extensions
[2012/02/28 12:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012/02/28 11:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/28 11:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2012/02/28 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/14 23:33:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/14 23:33:35 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/14 23:33:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/14 23:33:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/14 23:33:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/14 23:33:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 12:01:48 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/08 22:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Photojunction
[2012/02/08 22:33:27 | 000,000,000 | ---D | C] -- C:\Users\Parisa\AppData\Roaming\Photojunction
[2011/07/14 14:52:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Parisa\AppData\Roaming\pcouffin.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/06 09:42:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000UA.job
[2012/03/06 09:37:02 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Parisa\Desktop\OTL.exe
[2012/03/06 09:35:52 | 000,687,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/06 09:35:52 | 000,136,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 09:34:21 | 000,337,137 | ---- | M] () -- C:\Users\Parisa\Desktop\FSS.exe
[2012/03/06 09:30:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/06 09:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/03/06 09:28:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/03/06 09:27:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/06 09:27:37 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 09:27:35 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 09:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 09:27:10 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 09:19:53 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Parisa\Desktop\tdsskiller.exe
[2012/03/06 09:11:40 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/05 15:17:39 | 000,302,592 | ---- | M] () -- C:\Users\Parisa\Desktop\pg8hftv2.exe
[2012/03/05 15:13:19 | 000,000,000 | ---- | M] () -- C:\Users\Parisa\defogger_reenable
[2012/03/05 15:12:02 | 000,050,477 | ---- | M] () -- C:\Users\Parisa\Desktop\Defogger.exe
[2012/03/05 13:19:49 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301000.01C\VT20111023.023
[2012/03/05 13:14:19 | 002,025,293 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Cat.DB
[2012/03/05 11:07:20 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Parisa\Desktop\aswMBR.exe
[2012/03/05 10:06:53 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/05 10:06:53 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/05 10:06:53 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/05 10:06:49 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/04 22:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/03/04 22:28:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/03/04 19:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/03/04 19:28:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/03/04 18:28:09 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/03/04 18:28:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/03/04 17:32:54 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/03/04 17:30:47 | 000,000,001 | ---- | M] () -- C:\Windows\System32\eq30F.com.d
[2012/03/04 17:28:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/03/04 16:50:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/03/04 16:50:29 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/03/04 16:50:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/03/04 16:50:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/03/04 16:50:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/03/04 16:50:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/03/04 16:50:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/03/04 16:50:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/03/04 16:50:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/03/04 16:50:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/03/04 16:50:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/03/04 16:50:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/03/04 16:50:28 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/03/04 16:08:26 | 294,148,686 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/04 16:07:04 | 000,000,112 | ---- | M] () -- C:\ProgramData\CfTRTvU.dat
[2012/03/04 15:42:22 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2012/03/04 15:42:22 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2012/03/04 15:42:09 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000Core.job
[2012/03/04 15:32:35 | 000,001,356 | ---- | M] () -- C:\Users\Parisa\AppData\Local\d3d9caps.dat
[2012/03/02 13:15:06 | 000,000,870 | ---- | M] () -- C:\Users\Parisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/02 13:15:06 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/01 10:47:51 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/02/27 09:33:03 | 000,000,902 | ---- | M] () -- C:\Users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/24 18:08:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/24 12:02:05 | 000,000,862 | ---- | M] () -- C:\Users\Parisa\Desktop\movtoavi - Shortcut.lnk
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/18 16:31:28 | 000,034,816 | ---- | M] () -- C:\Users\Parisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 10:07:18 | 005,294,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/08 22:33:29 | 000,000,376 | ---- | M] () -- C:\Users\Parisa\AppData\Roaming\.sysConfig
[2012/02/08 18:56:01 | 000,000,938 | ---- | M] () -- C:\Users\Parisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/07 16:32:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 09:34:31 | 000,337,137 | ---- | C] () -- C:\Users\Parisa\Desktop\FSS.exe
[2012/03/06 09:27:10 | 3209,875,456 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/05 15:17:40 | 000,302,592 | ---- | C] () -- C:\Users\Parisa\Desktop\pg8hftv2.exe
[2012/03/05 15:13:19 | 000,000,000 | ---- | C] () -- C:\Users\Parisa\defogger_reenable
[2012/03/05 15:12:06 | 000,050,477 | ---- | C] () -- C:\Users\Parisa\Desktop\Defogger.exe
[2012/03/05 13:20:42 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\VT20111023.023
[2012/03/05 10:17:47 | 002,025,293 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Cat.DB
[2012/03/05 10:06:53 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/05 10:06:53 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/05 10:06:49 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/04 23:13:25 | 000,003,433 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.inf
[2012/03/04 23:13:25 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.inf
[2012/03/04 23:13:25 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNetV.inf
[2012/03/04 23:13:25 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNet.inf
[2012/03/04 23:13:25 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.inf
[2012/03/04 23:13:25 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.inf
[2012/03/04 23:13:25 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.inf
[2012/03/04 23:13:25 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Iron.inf
[2012/03/04 23:13:17 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\symnetv.cat
[2012/03/04 23:13:17 | 000,007,510 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.cat
[2012/03/04 23:13:17 | 000,007,498 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.cat
[2012/03/04 23:13:17 | 000,007,496 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.cat
[2012/03/04 23:13:17 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.cat
[2012/03/04 23:13:17 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.cat
[2012/03/04 23:13:17 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\iron.cat
[2012/03/04 23:13:17 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNet.cat
[2012/03/04 23:13:17 | 000,002,801 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymVTcer.dat
[2012/03/04 23:13:17 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\isolate.ini
[2012/03/04 17:30:47 | 000,000,001 | ---- | C] () -- C:\Windows\System32\eq30F.com.d
[2012/03/04 15:42:22 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2012/03/04 15:42:22 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/03/04 15:38:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\CfTRTvU.dat
[2012/03/04 15:38:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2012/03/04 15:38:03 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2012/03/04 15:38:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2012/03/04 15:38:01 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2012/03/04 15:38:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2012/03/04 15:37:58 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2012/03/04 15:37:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2012/03/04 15:37:56 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2012/03/04 15:37:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2012/03/04 15:37:54 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2012/03/04 15:37:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2012/03/04 15:37:52 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2012/03/04 15:37:52 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2012/03/04 15:37:51 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2012/03/04 15:37:50 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2012/03/04 15:37:49 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2012/03/04 15:37:48 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2012/03/04 15:37:48 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2012/03/04 15:37:46 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2012/03/04 15:37:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2012/03/04 15:37:44 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2012/03/04 15:37:44 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2012/03/04 15:37:43 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2012/03/04 15:37:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2012/03/04 15:37:41 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2012/03/04 15:37:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job
[2012/03/04 15:37:37 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2012/03/04 15:37:36 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2012/03/04 15:37:36 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job
[2012/03/04 15:37:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job
[2012/03/04 15:37:34 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2012/03/04 15:37:33 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job
[2012/03/04 15:37:32 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2012/03/04 15:37:32 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job
[2012/03/04 15:37:31 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2012/03/04 15:37:30 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job
[2012/03/04 15:37:28 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2012/03/04 15:37:26 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job
[2012/03/04 15:37:24 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2012/03/04 15:37:22 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2012/03/04 15:37:20 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2012/03/04 15:37:19 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2012/03/04 15:37:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2012/03/04 15:37:16 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2012/03/04 15:37:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2012/03/04 15:37:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2012/03/04 15:37:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2012/03/04 15:37:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/03/04 15:13:40 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/02 13:15:06 | 000,000,870 | ---- | C] () -- C:\Users\Parisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/02 13:15:06 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/02 13:15:06 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/28 11:25:41 | 000,001,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012/02/08 22:33:29 | 000,000,376 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\.sysConfig
[2011/12/21 14:55:56 | 008,500,224 | ---- | C] () -- C:\Windows\System32\QtGuiTR4.dll
[2011/12/21 14:55:56 | 000,363,520 | ---- | C] () -- C:\Windows\System32\QtSvgTR4.dll
[2011/12/21 14:55:55 | 002,522,112 | ---- | C] () -- C:\Windows\System32\QtCoreTR4.dll
[2011/12/13 17:16:27 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2011/12/06 14:06:23 | 000,000,132 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/09/20 12:21:41 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2011/09/13 13:24:01 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2011/07/14 14:52:58 | 000,000,022 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2011/07/14 14:52:28 | 000,087,608 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\inst.exe
[2011/07/14 14:52:28 | 000,007,887 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\pcouffin.cat
[2011/07/14 14:52:28 | 000,001,144 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\pcouffin.inf
[2011/07/09 15:25:35 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/15 20:14:53 | 000,273,408 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/05/04 16:32:38 | 000,000,132 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/04/08 13:25:15 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/04/08 13:25:15 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/04/08 13:25:15 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/04/08 13:21:04 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/04/08 13:19:16 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/04/08 13:08:14 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/04/08 13:08:14 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/16 11:48:50 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/03/10 17:51:54 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/12 15:42:33 | 000,001,456 | ---- | C] () -- C:\Users\Parisa\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/02/11 14:15:14 | 000,000,132 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/19 22:31:23 | 000,172,957 | ---- | C] () -- C:\Windows\hpwins21.dat
[2010/11/18 15:11:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/18 11:33:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/18 11:33:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/15 14:28:33 | 000,005,632 | ---- | C] () -- C:\Windows\System32\usbvideo.dll
[2010/11/14 16:33:24 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/11/14 13:12:56 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/11/14 13:12:40 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/14 12:34:44 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2010/11/13 22:07:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/13 21:45:50 | 000,034,816 | ---- | C] () -- C:\Users\Parisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 21:21:01 | 000,001,356 | ---- | C] () -- C:\Users\Parisa\AppData\Local\d3d9caps.dat

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/03/06 09:26:17 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbt.sys
[2012/03/05 10:06:53 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\SYMEVENT.SYS
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2010/11/14 00:33:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010/11/14 00:33:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010/11/14 00:33:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2010/11/14 00:31:16 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/11/14 00:31:15 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/11/14 00:31:15 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/11/14 01:06:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/11/14 01:06:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/11/14 00:31:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 01:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 23:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: TDX.SYS >
[2009/04/10 20:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/10 20:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2006/11/02 00:57:35 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=AB4FDE8AF4A0270A46A001C08CBCE1C2 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
[2008/01/18 21:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 01:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2010/11/14 00:33:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2010/11/14 00:33:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2010/11/14 00:33:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/18 23:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/18 23:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/18 23:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/18 23:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 01:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB37602$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

5. After running the TDSSKiller I am able to log into normal mode as oppose to "safe Mode" which all day yesterday I could only log into the computer in safe mode.

#4 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 06 March 2012 - 01:35 PM

My computer crashed after a couple of hours.. i got the blue screen regarding disk (the computer turned off before I could write down the info)

Also this file is erased: C:\Windows\System32\drivers\etc\hosts

Edited by parishale, 06 March 2012 - 10:42 PM.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 AM

Posted 07 March 2012 - 02:17 AM

Hi parishale!

1. When I ran TDSSKiller it instructed me to "cure" and rebooted. Yesterday my Chrome was redirecting me away and to a yellow page site whenever I was looking for a malware solution. You said that my computer may not be 100% safe for online banking. How can I ensure for it to be safe?

Okay, what TDSSKiller found was a file that was patched by the ZeroAccess infection. It looks like TDSSKiller was able to cure that infected file.

If you'd like to ensure that your computer is safe, the only 100% way to guarantee that is to perform a reformat and re-install of your operating system.

A. DO I need to worry about Identity theft even though as soon as my computer got the virus (I know exactly when it got it because I downloaded an unsafe file) I made sure to not log in into anything. I did do online banking a couple of hours before. should I be worried?

I would go to a computer you know to be clean and change your password for your online banking. I'd also suggest contacting your bank, and informing them that of what's going on, so that they are aware of it.

B. I uninstalled AVG free edition and downloaded norton trial. Once the computer is safe can I go back to AVG

Yep, that shouldn't be a problem, I can also recommend some other alternatives if you're interested in hearing about them. Just let me know.

5. After running the TDSSKiller I am able to log into normal mode as oppose to "safe Mode" which all day yesterday I could only log into the computer in safe mode.

Okay, thanks for that information! :)

My computer crashed after a couple of hours.. i got the blue screen regarding disk (the computer turned off before I could write down the info)

Okay, i'm going under the assumption that you're still able to log into Windows without issue. If this is incorrect, please let me know.


OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - [2008/01/18 23:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\bdftdif.dll -- (zebrceb)
    IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
    IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes\{B57B59EB-983D-4A5D-B734-55463194BFC3}: "URL" = http://mn.iamwired.net/websearch.php?src=tops&search={SearchTerms}
    IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421
    FF - prefs.js..browser.search.defaulturl: "http://mn.iamwired.net/websearch.php?src=tops&search="
    FF - prefs.js..browser.startup.homepage: "http://mn.iamwired.net/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..keyword.URL: "http://mn.iamwired.net/websearch.php?src=tops&search="
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O33 - MountPoints2\{6082770f-f27d-11df-950b-b0f9e9c4e768}\Shell - "" = AutoRun
    O33 - MountPoints2\{6082770f-f27d-11df-950b-b0f9e9c4e768}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
    O33 - MountPoints2\{e04be1fe-efb0-11df-b2f0-001d6013d1b9}\Shell\AutoRun\command - "" = K:\WDSetup.exe
    NetSvcs: zebrceb - C:\Windows\System32\bdftdif.dll (Oak Technology Inc.)
    [2012/03/06 09:11:40 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012/03/04 17:30:47 | 000,000,001 | ---- | M] () -- C:\Windows\System32\eq30F.com.d
    [2012/03/04 17:30:47 | 000,000,001 | ---- | C] () -- C:\Windows\System32\eq30F.com.d
    [2012/03/04 15:38:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\CfTRTvU.dat
    [2012/03/04 15:13:40 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
    [2011/12/21 14:55:56 | 008,500,224 | ---- | C] () -- C:\Windows\System32\QtGuiTR4.dll
    [2011/12/21 14:55:56 | 000,363,520 | ---- | C] () -- C:\Windows\System32\QtSvgTR4.dll
    [2011/12/21 14:55:55 | 002,522,112 | ---- | C] () -- C:\Windows\System32\QtCoreTR4.dll
    
    :Reg
    
    :Files
    C:\Windows\tasks\At*.job
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 07 March 2012 - 02:44 PM

So as I followed your instruction # 1 my computer was fine. But when I ran Combofix, my computer kept rebooting and after the reboot norton said "Auto protect is processing security risk Trojan.zeroacess!inf. so I decided to do this all over.

So I ran the tdsskiller again and it found zero access again. but when i rebooted it said it was still there... so I ran TDSkiller again and found something else that it said to skip so I did.
here is the report with the zeroaccess removal

1. 14:17:08.0563 1032 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
14:17:08.0579 1032 ============================================================
14:17:08.0579 1032 Current date / time: 2012/03/07 14:17:08.0579
14:17:08.0579 1032 SystemInfo:
14:17:08.0579 1032
14:17:08.0579 1032 OS Version: 6.0.6002 ServicePack: 2.0
14:17:08.0579 1032 Product type: Workstation
14:17:08.0579 1032 ComputerName: PARISA-PC
14:17:08.0579 1032 UserName: Parisa
14:17:08.0579 1032 Windows directory: C:\Windows
14:17:08.0579 1032 System windows directory: C:\Windows
14:17:08.0579 1032 Processor architecture: Intel x86
14:17:08.0579 1032 Number of processors: 2
14:17:08.0579 1032 Page size: 0x1000
14:17:08.0579 1032 Boot type: Safe boot with network
14:17:08.0579 1032 ============================================================
14:17:09.0951 1032 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:17:09.0998 1032 \Device\Harddisk0\DR0:
14:17:09.0998 1032 MBR used
14:17:09.0998 1032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:17:10.0014 1032 Initialize success
14:17:10.0014 1032 ============================================================
14:17:11.0979 1164 ============================================================
14:17:11.0979 1164 Scan started
14:17:11.0979 1164 Mode: Manual;
14:17:11.0979 1164 ============================================================
14:17:12.0962 1164 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:17:12.0962 1164 ACPI - ok
14:17:13.0025 1164 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:17:13.0025 1164 adp94xx - ok
14:17:13.0071 1164 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:17:13.0071 1164 adpahci - ok
14:17:13.0118 1164 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:17:13.0118 1164 adpu160m - ok
14:17:13.0149 1164 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:17:13.0149 1164 adpu320 - ok
14:17:13.0259 1164 AFD (e393785473abbdd5c46285e5fb0f6710) C:\Windows\system32\drivers\afd.sys
14:17:13.0259 1164 AFD ( Virus.Win32.ZAccess.c ) - infected
14:17:13.0259 1164 AFD - detected Virus.Win32.ZAccess.c (0)
14:17:13.0290 1164 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:17:13.0290 1164 agp440 - ok
14:17:13.0352 1164 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:17:13.0352 1164 aic78xx - ok
14:17:13.0399 1164 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
14:17:13.0399 1164 aliide - ok
14:17:13.0430 1164 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:17:13.0430 1164 amdagp - ok
14:17:13.0446 1164 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
14:17:13.0446 1164 amdide - ok
14:17:13.0461 1164 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:17:13.0461 1164 AmdK7 - ok
14:17:13.0493 1164 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:17:13.0493 1164 AmdK8 - ok
14:17:13.0539 1164 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:17:13.0539 1164 arc - ok
14:17:13.0571 1164 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:17:13.0571 1164 arcsas - ok
14:17:13.0664 1164 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:17:13.0664 1164 AsyncMac - ok
14:17:13.0711 1164 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:17:13.0711 1164 atapi - ok
14:17:13.0773 1164 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
14:17:13.0789 1164 athrusb - ok
14:17:13.0867 1164 BCM43XV (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:17:13.0867 1164 BCM43XV - ok
14:17:13.0914 1164 BCM43XX (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:17:13.0929 1164 BCM43XX - ok
14:17:13.0992 1164 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:17:13.0992 1164 Beep - ok
14:17:14.0148 1164 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
14:17:14.0226 1164 BHDrvx86 - ok
14:17:14.0241 1164 blbdrive - ok
14:17:14.0304 1164 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:17:14.0304 1164 bowser - ok
14:17:14.0335 1164 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:17:14.0335 1164 BrFiltLo - ok
14:17:14.0366 1164 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:17:14.0366 1164 BrFiltUp - ok
14:17:14.0397 1164 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:17:14.0413 1164 Brserid - ok
14:17:14.0444 1164 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:17:14.0444 1164 BrSerWdm - ok
14:17:14.0460 1164 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:17:14.0460 1164 BrUsbMdm - ok
14:17:14.0475 1164 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:17:14.0475 1164 BrUsbSer - ok
14:17:14.0507 1164 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:17:14.0522 1164 BTHMODEM - ok
14:17:14.0585 1164 catchme - ok
14:17:14.0694 1164 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys
14:17:14.0694 1164 ccSet_NIS - ok
14:17:14.0741 1164 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:17:14.0741 1164 cdfs - ok
14:17:14.0787 1164 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:17:14.0787 1164 cdrom - ok
14:17:14.0803 1164 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:17:14.0803 1164 circlass - ok
14:17:14.0850 1164 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:17:14.0850 1164 CLFS - ok
14:17:14.0928 1164 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
14:17:14.0928 1164 cmdide - ok
14:17:14.0928 1164 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:17:14.0928 1164 Compbatt - ok
14:17:14.0959 1164 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:17:14.0959 1164 crcdisk - ok
14:17:15.0037 1164 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:17:15.0037 1164 Crusoe - ok
14:17:15.0115 1164 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:17:15.0115 1164 DfsC - ok
14:17:15.0224 1164 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:17:15.0224 1164 disk - ok
14:17:15.0255 1164 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
14:17:15.0271 1164 DLABMFSM - ok
14:17:15.0287 1164 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
14:17:15.0287 1164 DLABOIOM - ok
14:17:15.0287 1164 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
14:17:15.0287 1164 DLACDBHM - ok
14:17:15.0318 1164 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
14:17:15.0318 1164 DLADResM - ok
14:17:15.0333 1164 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
14:17:15.0333 1164 DLAIFS_M - ok
14:17:15.0333 1164 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
14:17:15.0349 1164 DLAOPIOM - ok
14:17:15.0349 1164 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
14:17:15.0349 1164 DLAPoolM - ok
14:17:15.0365 1164 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
14:17:15.0380 1164 DLARTL_M - ok
14:17:15.0396 1164 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
14:17:15.0396 1164 DLAUDFAM - ok
14:17:15.0411 1164 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
14:17:15.0411 1164 DLAUDF_M - ok
14:17:15.0458 1164 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:17:15.0458 1164 Dot4 - ok
14:17:15.0474 1164 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:17:15.0474 1164 Dot4Print - ok
14:17:15.0505 1164 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:17:15.0505 1164 dot4usb - ok
14:17:15.0552 1164 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:17:15.0552 1164 drmkaud - ok
14:17:15.0567 1164 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
14:17:15.0567 1164 DRVMCDB - ok
14:17:15.0567 1164 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
14:17:15.0567 1164 DRVNDDM - ok
14:17:15.0614 1164 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:17:15.0630 1164 DXGKrnl - ok
14:17:15.0661 1164 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
14:17:15.0661 1164 e1express - ok
14:17:15.0692 1164 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:17:15.0692 1164 E1G60 - ok
14:17:15.0723 1164 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:17:15.0723 1164 Ecache - ok
14:17:15.0833 1164 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:17:15.0848 1164 eeCtrl - ok
14:17:15.0926 1164 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:17:15.0926 1164 elxstor - ok
14:17:15.0973 1164 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:17:15.0973 1164 EraserUtilRebootDrv - ok
14:17:16.0067 1164 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:17:16.0067 1164 exfat - ok
14:17:16.0098 1164 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:17:16.0098 1164 fastfat - ok
14:17:16.0145 1164 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:17:16.0145 1164 fdc - ok
14:17:16.0176 1164 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:17:16.0176 1164 FileInfo - ok
14:17:16.0238 1164 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:17:16.0238 1164 Filetrace - ok
14:17:16.0254 1164 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:17:16.0254 1164 flpydisk - ok
14:17:16.0269 1164 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:17:16.0269 1164 FltMgr - ok
14:17:16.0332 1164 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
14:17:16.0332 1164 fssfltr - ok
14:17:16.0347 1164 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:17:16.0363 1164 Fs_Rec - ok
14:17:16.0379 1164 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:17:16.0379 1164 gagp30kx - ok
14:17:16.0457 1164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:17:16.0457 1164 GEARAspiWDM - ok
14:17:16.0457 1164 Scan interrupted by user!
14:17:16.0457 1164 Scan interrupted by user!
14:17:16.0457 1164 Scan interrupted by user!
14:17:16.0457 1164 ============================================================
14:17:16.0457 1164 Scan finished
14:17:16.0457 1164 ============================================================
14:17:16.0472 1936 Detected object count: 1
14:17:16.0472 1936 Actual detected object count: 1
14:17:48.0593 1936 C:\Windows\system32\drivers\afd.sys - copied to quarantine
14:17:48.0795 1936 Backup copy found, using it..
14:17:48.0811 1936 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
14:17:50.0823 1936 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
14:17:53.0850 1352 Deinitialize success

this is the 2nd TDSSkiller report

14:21:05.0675 5952 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
14:21:06.0565 5952 ============================================================
14:21:06.0565 5952 Current date / time: 2012/03/07 14:21:06.0565
14:21:06.0565 5952 SystemInfo:
14:21:06.0565 5952
14:21:06.0565 5952 OS Version: 6.0.6002 ServicePack: 2.0
14:21:06.0565 5952 Product type: Workstation
14:21:06.0565 5952 ComputerName: PARISA-PC
14:21:06.0565 5952 UserName: Parisa
14:21:06.0565 5952 Windows directory: C:\Windows
14:21:06.0565 5952 System windows directory: C:\Windows
14:21:06.0565 5952 Processor architecture: Intel x86
14:21:06.0565 5952 Number of processors: 2
14:21:06.0565 5952 Page size: 0x1000
14:21:06.0565 5952 Boot type: Normal boot
14:21:06.0565 5952 ============================================================
14:21:10.0059 5952 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:21:10.0106 5952 \Device\Harddisk0\DR0:
14:21:10.0106 5952 MBR used
14:21:10.0106 5952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:21:10.0153 5952 Initialize success
14:21:10.0153 5952 ============================================================
14:21:15.0254 6108 ============================================================
14:21:15.0254 6108 Scan started
14:21:15.0254 6108 Mode: Manual; SigCheck; TDLFS;
14:21:15.0254 6108 ============================================================
14:21:17.0205 6108 Suspicious service (Hidden): 84869208
14:21:17.0345 6108 84869208 ( HiddenService.Multi.Generic ) - warning
14:21:17.0345 6108 84869208 - detected HiddenService.Multi.Generic (1)
14:21:17.0423 6108 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:21:17.0579 6108 ACPI - ok
14:21:17.0657 6108 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:21:17.0688 6108 adp94xx - ok
14:21:17.0751 6108 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:21:17.0782 6108 adpahci - ok
14:21:17.0798 6108 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:21:17.0829 6108 adpu160m - ok
14:21:17.0860 6108 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:21:17.0876 6108 adpu320 - ok
14:21:18.0094 6108 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:21:18.0203 6108 AFD - ok
14:21:18.0281 6108 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:21:18.0312 6108 agp440 - ok
14:21:18.0359 6108 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:21:18.0406 6108 aic78xx - ok
14:21:18.0437 6108 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
14:21:18.0453 6108 aliide - ok
14:21:18.0484 6108 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:21:18.0500 6108 amdagp - ok
14:21:18.0515 6108 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
14:21:18.0531 6108 amdide - ok
14:21:18.0546 6108 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:21:18.0796 6108 AmdK7 - ok
14:21:18.0812 6108 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:21:18.0905 6108 AmdK8 - ok
14:21:18.0952 6108 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:21:18.0968 6108 arc - ok
14:21:18.0983 6108 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:21:19.0030 6108 arcsas - ok
14:21:19.0170 6108 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:21:19.0701 6108 AsyncMac - ok
14:21:19.0826 6108 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:21:19.0857 6108 atapi - ok
14:21:20.0247 6108 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
14:21:20.0481 6108 athrusb - ok
14:21:20.0606 6108 BCM43XV (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:21:20.0684 6108 BCM43XV - ok
14:21:20.0824 6108 BCM43XX (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:21:20.0964 6108 BCM43XX - ok
14:21:21.0042 6108 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:21:21.0120 6108 Beep - ok
14:21:21.0308 6108 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
14:21:21.0339 6108 BHDrvx86 - ok
14:21:21.0432 6108 blbdrive - ok
14:21:21.0526 6108 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:21:21.0557 6108 bowser - ok
14:21:21.0682 6108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:21:21.0791 6108 BrFiltLo - ok
14:21:21.0822 6108 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:21:21.0885 6108 BrFiltUp - ok
14:21:21.0932 6108 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:21:21.0994 6108 Brserid - ok
14:21:22.0088 6108 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:21:22.0181 6108 BrSerWdm - ok
14:21:22.0228 6108 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:21:22.0290 6108 BrUsbMdm - ok
14:21:22.0400 6108 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:21:22.0462 6108 BrUsbSer - ok
14:21:22.0524 6108 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:21:22.0571 6108 BTHMODEM - ok
14:21:22.0680 6108 catchme - ok
14:21:22.0883 6108 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys
14:21:22.0899 6108 ccSet_NIS - ok
14:21:22.0961 6108 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:21:23.0039 6108 cdfs - ok
14:21:23.0102 6108 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:21:23.0148 6108 cdrom - ok
14:21:23.0180 6108 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:21:23.0242 6108 circlass - ok
14:21:23.0538 6108 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:21:23.0585 6108 CLFS - ok
14:21:23.0663 6108 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
14:21:23.0679 6108 cmdide - ok
14:21:23.0741 6108 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:21:23.0757 6108 Compbatt - ok
14:21:23.0788 6108 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:21:23.0819 6108 crcdisk - ok
14:21:23.0866 6108 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:21:23.0944 6108 Crusoe - ok
14:21:24.0006 6108 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:21:24.0038 6108 DfsC - ok
14:21:24.0131 6108 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:21:24.0147 6108 disk - ok
14:21:24.0256 6108 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
14:21:24.0256 6108 DLABMFSM - ok
14:21:24.0303 6108 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
14:21:24.0318 6108 DLABOIOM - ok
14:21:24.0365 6108 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
14:21:24.0381 6108 DLACDBHM - ok
14:21:24.0429 6108 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
14:21:24.0429 6108 DLADResM - ok
14:21:24.0585 6108 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
14:21:24.0600 6108 DLAIFS_M - ok
14:21:24.0741 6108 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
14:21:24.0741 6108 DLAOPIOM - ok
14:21:24.0803 6108 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
14:21:24.0819 6108 DLAPoolM - ok
14:21:24.0850 6108 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
14:21:24.0865 6108 DLARTL_M - ok
14:21:24.0959 6108 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
14:21:24.0975 6108 DLAUDFAM - ok
14:21:25.0006 6108 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
14:21:25.0021 6108 DLAUDF_M - ok
14:21:25.0115 6108 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:21:25.0146 6108 Dot4 - ok
14:21:25.0177 6108 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:21:25.0209 6108 Dot4Print - ok
14:21:25.0287 6108 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:21:25.0302 6108 dot4usb - ok
14:21:25.0474 6108 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:21:25.0505 6108 drmkaud - ok
14:21:25.0552 6108 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
14:21:25.0567 6108 DRVMCDB - ok
14:21:25.0583 6108 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
14:21:25.0583 6108 DRVNDDM - ok
14:21:25.0755 6108 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:21:25.0770 6108 DXGKrnl - ok
14:21:25.0848 6108 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
14:21:25.0864 6108 e1express - ok
14:21:25.0895 6108 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:21:25.0942 6108 E1G60 - ok
14:21:25.0989 6108 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:21:26.0004 6108 Ecache - ok
14:21:26.0238 6108 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:21:26.0269 6108 eeCtrl - ok
14:21:26.0301 6108 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:21:26.0316 6108 elxstor - ok
14:21:26.0394 6108 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:21:26.0394 6108 EraserUtilRebootDrv - ok
14:21:26.0550 6108 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:21:26.0597 6108 exfat - ok
14:21:26.0659 6108 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:21:26.0691 6108 fastfat - ok
14:21:26.0753 6108 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:21:26.0784 6108 fdc - ok
14:21:26.0847 6108 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:21:26.0862 6108 FileInfo - ok
14:21:26.0971 6108 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:21:27.0003 6108 Filetrace - ok
14:21:27.0034 6108 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:21:27.0065 6108 flpydisk - ok
14:21:27.0112 6108 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:21:27.0127 6108 FltMgr - ok
14:21:27.0237 6108 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
14:21:27.0252 6108 fssfltr - ok
14:21:27.0346 6108 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:21:27.0361 6108 Fs_Rec - ok
14:21:27.0471 6108 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:21:27.0486 6108 gagp30kx - ok
14:21:27.0533 6108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:21:27.0533 6108 GEARAspiWDM - ok
14:21:27.0595 6108 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:21:27.0642 6108 HdAudAddService - ok
14:21:27.0689 6108 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:21:27.0751 6108 HDAudBus - ok
14:21:27.0783 6108 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:21:27.0829 6108 HidBth - ok
14:21:27.0861 6108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:21:27.0923 6108 HidIr - ok
14:21:27.0954 6108 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:21:27.0985 6108 HidUsb - ok
14:21:28.0017 6108 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:21:28.0032 6108 HpCISSs - ok
14:21:28.0110 6108 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:21:28.0157 6108 HTTP - ok
14:21:28.0188 6108 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:21:28.0204 6108 i2omp - ok
14:21:28.0251 6108 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:21:28.0297 6108 i8042prt - ok
14:21:28.0329 6108 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:21:28.0344 6108 iaStorV - ok
14:21:28.0687 6108 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120305.001\IDSvix86.sys
14:21:28.0734 6108 IDSVix86 - ok
14:21:28.0859 6108 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:21:29.0187 6108 igfx - ok
14:21:29.0233 6108 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:21:29.0249 6108 iirsp - ok
14:21:29.0514 6108 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
14:21:29.0592 6108 IntcAzAudAddService - ok
14:21:29.0623 6108 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
14:21:29.0639 6108 intelide - ok
14:21:29.0686 6108 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:21:29.0717 6108 intelppm - ok
14:21:29.0857 6108 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:29.0889 6108 IpFilterDriver - ok
14:21:29.0904 6108 IpInIp - ok
14:21:29.0935 6108 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:21:29.0998 6108 IPMIDRV - ok
14:21:30.0029 6108 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:21:30.0060 6108 IPNAT - ok
14:21:30.0123 6108 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:21:30.0154 6108 IRENUM - ok
14:21:30.0185 6108 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:21:30.0216 6108 isapnp - ok
14:21:30.0263 6108 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:21:30.0279 6108 iScsiPrt - ok
14:21:30.0310 6108 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:21:30.0341 6108 iteatapi - ok
14:21:30.0372 6108 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:21:30.0372 6108 iteraid - ok
14:21:30.0435 6108 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:21:30.0435 6108 kbdclass - ok
14:21:30.0481 6108 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:21:30.0513 6108 kbdhid - ok
14:21:30.0622 6108 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:21:30.0653 6108 KSecDD - ok
14:21:30.0778 6108 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:21:30.0809 6108 lltdio - ok
14:21:30.0856 6108 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:21:30.0871 6108 LSI_FC - ok
14:21:30.0903 6108 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:21:30.0918 6108 LSI_SAS - ok
14:21:30.0934 6108 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:21:30.0965 6108 LSI_SCSI - ok
14:21:31.0012 6108 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:21:31.0059 6108 luafv - ok
14:21:31.0074 6108 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:21:31.0121 6108 megasas - ok
14:21:31.0199 6108 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:21:31.0230 6108 Modem - ok
14:21:31.0261 6108 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:21:31.0293 6108 monitor - ok
14:21:31.0371 6108 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:21:31.0371 6108 mouclass - ok
14:21:31.0402 6108 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:21:31.0433 6108 mouhid - ok
14:21:31.0481 6108 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:21:31.0512 6108 MountMgr - ok
14:21:31.0559 6108 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:21:31.0574 6108 mpio - ok
14:21:31.0637 6108 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:21:31.0668 6108 mpsdrv - ok
14:21:31.0684 6108 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:21:31.0699 6108 Mraid35x - ok
14:21:31.0762 6108 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:21:31.0777 6108 MRxDAV - ok
14:21:31.0824 6108 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:31.0871 6108 mrxsmb - ok
14:21:31.0949 6108 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:31.0964 6108 mrxsmb10 - ok
14:21:31.0980 6108 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:32.0011 6108 mrxsmb20 - ok
14:21:32.0120 6108 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
14:21:32.0183 6108 msahci - ok
14:21:32.0292 6108 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:21:32.0308 6108 msdsm - ok
14:21:32.0370 6108 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:21:32.0401 6108 Msfs - ok
14:21:32.0432 6108 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:21:32.0448 6108 msisadrv - ok
14:21:32.0496 6108 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:21:32.0558 6108 MSKSSRV - ok
14:21:32.0574 6108 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:32.0605 6108 MSPCLOCK - ok
14:21:32.0652 6108 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:21:32.0667 6108 MSPQM - ok
14:21:32.0714 6108 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:21:32.0745 6108 MsRPC - ok
14:21:32.0761 6108 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:21:32.0761 6108 mssmbios - ok
14:21:32.0808 6108 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:21:32.0870 6108 MSTEE - ok
14:21:32.0901 6108 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:21:32.0917 6108 Mup - ok
14:21:33.0073 6108 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:21:33.0104 6108 NativeWifiP - ok
14:21:33.0213 6108 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120307.002\NAVENG.SYS
14:21:33.0229 6108 NAVENG - ok
14:21:33.0369 6108 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120307.002\NAVEX15.SYS
14:21:33.0432 6108 NAVEX15 - ok
14:21:33.0510 6108 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:21:33.0525 6108 NDIS - ok
14:21:33.0681 6108 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:33.0759 6108 NdisTapi - ok
14:21:33.0806 6108 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:33.0837 6108 Ndisuio - ok
14:21:33.0993 6108 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:34.0196 6108 NdisWan - ok
14:21:34.0259 6108 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:21:34.0368 6108 NDProxy - ok
14:21:34.0446 6108 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:21:34.0493 6108 NetBIOS - ok
14:21:34.0524 6108 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:21:34.0664 6108 netbt - ok
14:21:34.0773 6108 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:21:34.0789 6108 nfrd960 - ok
14:21:34.0805 6108 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:21:34.0820 6108 Npfs - ok
14:21:34.0867 6108 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:21:34.0961 6108 nsiproxy - ok
14:21:35.0257 6108 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:21:35.0382 6108 Ntfs - ok
14:21:35.0460 6108 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:21:35.0523 6108 ntrigdigi - ok
14:21:35.0695 6108 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:21:35.0773 6108 Null - ok
14:21:35.0820 6108 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
14:21:35.0898 6108 nvraid - ok
14:21:35.0960 6108 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
14:21:35.0991 6108 nvstor - ok
14:21:36.0069 6108 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:21:36.0085 6108 nv_agp - ok
14:21:36.0100 6108 NwlnkFlt - ok
14:21:36.0116 6108 NwlnkFwd - ok
14:21:36.0147 6108 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:21:36.0194 6108 ohci1394 - ok
14:21:36.0288 6108 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:21:36.0334 6108 Parport - ok
14:21:36.0397 6108 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:21:36.0412 6108 partmgr - ok
14:21:36.0506 6108 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:21:36.0553 6108 Parvdm - ok
14:21:36.0632 6108 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:21:36.0647 6108 pci - ok
14:21:36.0725 6108 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:21:36.0741 6108 pciide - ok
14:21:36.0788 6108 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:21:36.0803 6108 pcmcia - ok
14:21:36.0835 6108 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:21:36.0913 6108 PEAUTH - ok
14:21:36.0991 6108 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:37.0053 6108 PptpMiniport - ok
14:21:37.0131 6108 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:21:37.0209 6108 Processor - ok
14:21:37.0271 6108 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:21:37.0318 6108 PSched - ok
14:21:37.0381 6108 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
14:21:37.0396 6108 PxHelp20 - ok
14:21:37.0568 6108 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:21:37.0700 6108 ql2300 - ok
14:21:37.0856 6108 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:21:37.0871 6108 ql40xx - ok
14:21:37.0934 6108 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:21:38.0027 6108 QWAVEdrv - ok
14:21:38.0105 6108 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:38.0152 6108 RasAcd - ok
14:21:38.0246 6108 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:38.0293 6108 Rasl2tp - ok
14:21:38.0386 6108 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:38.0449 6108 RasPppoe - ok
14:21:38.0511 6108 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:38.0558 6108 RasSstp - ok
14:21:38.0589 6108 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:38.0651 6108 rdbss - ok
14:21:38.0714 6108 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:38.0776 6108 RDPCDD - ok
14:21:38.0839 6108 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:21:38.0948 6108 rdpdr - ok
14:21:38.0995 6108 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:21:39.0057 6108 RDPENCDD - ok
14:21:39.0587 6108 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:21:39.0634 6108 RDPWD - ok
14:21:39.0665 6108 rlidxbn - ok
14:21:39.0743 6108 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:39.0775 6108 rspndr - ok
14:21:39.0899 6108 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:21:39.0915 6108 SASDIFSV - ok
14:21:39.0931 6108 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:21:39.0946 6108 SASKUTIL - ok
14:21:40.0024 6108 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:21:40.0040 6108 sbp2port - ok
14:21:40.0289 6108 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:21:40.0367 6108 secdrv - ok
14:21:40.0477 6108 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:21:40.0523 6108 Serenum - ok
14:21:40.0601 6108 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:21:40.0664 6108 Serial - ok
14:21:40.0727 6108 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:21:40.0790 6108 sermouse - ok
14:21:40.0868 6108 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:21:40.0914 6108 sffdisk - ok
14:21:40.0992 6108 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:21:41.0055 6108 sffp_mmc - ok
14:21:41.0211 6108 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:21:41.0273 6108 sffp_sd - ok
14:21:41.0304 6108 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:21:41.0382 6108 sfloppy - ok
14:21:41.0398 6108 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:21:41.0414 6108 sisagp - ok
14:21:41.0460 6108 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:21:41.0492 6108 SiSRaid2 - ok
14:21:41.0523 6108 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:21:41.0570 6108 SiSRaid4 - ok
14:21:41.0632 6108 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:21:41.0663 6108 Smb - ok
14:21:41.0788 6108 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:21:41.0804 6108 spldr - ok
14:21:41.0944 6108 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS
14:21:41.0960 6108 SRTSP - ok
14:21:42.0053 6108 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS
14:21:42.0069 6108 SRTSPX - ok
14:21:42.0194 6108 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:21:42.0256 6108 srv - ok
14:21:42.0287 6108 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:21:42.0334 6108 srv2 - ok
14:21:42.0350 6108 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:42.0365 6108 srvnet - ok
14:21:42.0459 6108 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:21:42.0474 6108 swenum - ok
14:21:42.0537 6108 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:21:42.0552 6108 Symc8xx - ok
14:21:42.0677 6108 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS
14:21:42.0693 6108 SymDS - ok
14:21:42.0771 6108 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS
14:21:42.0833 6108 SymEFA - ok
14:21:42.0927 6108 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:21:42.0942 6108 SymEvent - ok
14:21:42.0974 6108 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS
14:21:42.0989 6108 SymIRON - ok
14:21:43.0052 6108 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS
14:21:43.0114 6108 SYMTDIv - ok
14:21:43.0145 6108 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:21:43.0176 6108 Sym_hi - ok
14:21:43.0254 6108 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:21:43.0286 6108 Sym_u3 - ok
14:21:43.0488 6108 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:21:43.0598 6108 Tcpip - ok
14:21:43.0613 6108 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:21:43.0691 6108 Tcpip6 - ok
14:21:43.0785 6108 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:21:43.0800 6108 tcpipreg - ok
14:21:43.0894 6108 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:21:44.0019 6108 TDPIPE - ok
14:21:44.0066 6108 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:21:44.0097 6108 TDTCP - ok
14:21:44.0190 6108 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:21:44.0222 6108 tdx - ok
14:21:44.0284 6108 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:21:44.0300 6108 TermDD - ok
14:21:44.0393 6108 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:44.0440 6108 tssecsrv - ok
14:21:44.0456 6108 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:21:44.0534 6108 tunmp - ok
14:21:44.0549 6108 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:21:44.0580 6108 tunnel - ok
14:21:44.0627 6108 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:21:44.0627 6108 uagp35 - ok
14:21:45.0017 6108 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:21:45.0111 6108 udfs - ok
14:21:45.0158 6108 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:21:45.0173 6108 uliagpkx - ok
14:21:45.0314 6108 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:21:45.0407 6108 uliahci - ok
14:21:45.0750 6108 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:21:45.0766 6108 UlSata - ok
14:21:45.0828 6108 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:21:45.0891 6108 ulsata2 - ok
14:21:46.0000 6108 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:21:46.0047 6108 umbus - ok
14:21:46.0156 6108 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:46.0187 6108 usbccgp - ok
14:21:46.0343 6108 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:21:46.0390 6108 usbcir - ok
14:21:46.0468 6108 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:21:46.0499 6108 usbehci - ok
14:21:46.0530 6108 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:21:46.0577 6108 usbhub - ok
14:21:46.0593 6108 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:21:46.0718 6108 usbohci - ok
14:21:46.0749 6108 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:21:46.0796 6108 usbprint - ok
14:21:46.0936 6108 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:21:46.0983 6108 usbscan - ok
14:21:47.0466 6108 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:47.0544 6108 USBSTOR - ok
14:21:47.0638 6108 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:21:47.0654 6108 usbuhci - ok
14:21:47.0794 6108 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:47.0841 6108 vga - ok
14:21:47.0919 6108 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:21:47.0950 6108 VgaSave - ok
14:21:48.0012 6108 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:21:48.0028 6108 viaagp - ok
14:21:48.0137 6108 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:21:48.0184 6108 ViaC7 - ok
14:21:48.0434 6108 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
14:21:48.0449 6108 viaide - ok
14:21:48.0730 6108 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:21:48.0761 6108 volmgr - ok
14:21:48.0824 6108 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:21:48.0902 6108 volmgrx - ok
14:21:49.0323 6108 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:21:49.0354 6108 volsnap - ok
14:21:49.0432 6108 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:21:49.0463 6108 vsmraid - ok
14:21:49.0526 6108 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:21:49.0572 6108 VSTHWBS2 - ok
14:21:49.0682 6108 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:21:49.0869 6108 VST_DPV - ok
14:21:49.0900 6108 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:21:49.0962 6108 WacomPen - ok
14:21:50.0087 6108 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:50.0150 6108 Wanarp - ok
14:21:50.0165 6108 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:50.0181 6108 Wanarpv6 - ok
14:21:50.0323 6108 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:21:50.0359 6108 Wd - ok
14:21:50.0551 6108 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
14:21:50.0613 6108 WDC_SAM - ok
14:21:50.0750 6108 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:21:50.0843 6108 Wdf01000 - ok
14:21:50.0999 6108 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:21:51.0202 6108 winachsf - ok
14:21:51.0311 6108 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:21:51.0374 6108 WmiAcpi - ok
14:21:51.0592 6108 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:21:51.0623 6108 WpdUsb - ok
14:21:51.0951 6108 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:21:52.0091 6108 ws2ifsl - ok
14:21:52.0185 6108 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:52.0232 6108 WUDFRd - ok
14:21:52.0357 6108 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:21:53.0090 6108 \Device\Harddisk0\DR0 - ok
14:21:53.0105 6108 Boot (0x1200) (40acf9f818f1641987d091ee5b65f490) \Device\Harddisk0\DR0\Partition0
14:21:53.0105 6108 \Device\Harddisk0\DR0\Partition0 - ok
14:21:53.0105 6108 ============================================================
14:21:53.0105 6108 Scan finished
14:21:53.0105 6108 ============================================================
14:21:53.0121 6100 Detected object count: 1
14:21:53.0121 6100 Actual detected object count: 1
14:23:12.0544 6100 84869208 ( HiddenService.Multi.Generic ) - skipped by user
14:23:12.0544 6100 84869208 ( HiddenService.Multi.Generic ) - User select action: Skip
14:23:27.0206 5948 Deinitialize success

here is the fss report

Farbar Service Scanner Version: 01-03-2012
Ran by Parisa (administrator) on 07-03-2012 at 14:35:46
Running from "C:\Users\Parisa\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by parishale, 07 March 2012 - 05:41 PM.


#7 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 07 March 2012 - 06:15 PM

OTL logfile created on: 3/7/2012 2:43:12 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Parisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.71% Memory free
6.18 Gb Paging File | 4.64 Gb Available in Paging File | 75.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 554.50 Gb Free Space | 59.53% Space Free | Partition Type: NTFS

Computer Name: PARISA-PC | User Name: Parisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 09:37:02 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Parisa\Desktop\OTL.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Parisa\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/01 15:37:08 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Parisa\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 18:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2010/12/26 14:08:56 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/11/08 11:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/11/08 11:43:16 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/11/08 11:40:14 | 000,237,568 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/06 03:49:48 | 000,429,040 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll
MOD - [2012/03/06 03:49:46 | 003,772,912 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
MOD - [2012/03/06 03:48:22 | 000,122,880 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\avutil-51.dll
MOD - [2012/03/06 03:48:20 | 000,220,672 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\avformat-53.dll
MOD - [2012/03/06 03:48:19 | 001,747,456 | ---- | M] () -- C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\avcodec-53.dll
MOD - [2012/02/29 13:24:09 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll
MOD - [2012/02/29 13:22:19 | 001,488,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\a5e48d843684bd2a20570239b5417cf3\Microsoft.BusinessSolutions.SBA.Interop.Word.ni.dll
MOD - [2012/02/29 13:21:28 | 001,941,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\8da36c0cb6df145917283f276cc67b0c\Microsoft.Office.Interop.Word.ni.dll
MOD - [2012/02/29 13:21:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\83ea3511705bbc6c104383ea7f68d8d0\Extensibility.ni.dll
MOD - [2012/02/29 13:20:33 | 000,532,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SBAIAPI\5c6e91128f2ec1e89409461651040442\SBAIAPI.ni.dll
MOD - [2012/02/29 13:20:18 | 000,963,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\e1f097eb692a8fd71faaa19913f6ceda\office.ni.dll
MOD - [2012/02/29 13:20:08 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/29 13:19:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/29 13:19:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/29 13:19:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/29 13:19:03 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/02/29 13:18:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/01 23:09:40 | 000,262,656 | ---- | M] () -- C:\Program Files\The Extractor\extcmh.dll
MOD - [2009/03/29 20:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Udfreadr_xp)
SRV - File not found [Auto | Stopped] -- -- (tvicport)
SRV - File not found [Auto | Stopped] -- -- (server)
SRV - File not found [Auto | Stopped] -- -- (SE2Dbus)
SRV - File not found [Auto | Stopped] -- -- (OneCareMP)
SRV - File not found [Auto | Stopped] -- -- (o2flash)
SRV - File not found [Auto | Stopped] -- -- (nuvaud2)
SRV - File not found [Auto | Stopped] -- -- (ntuneservice)
SRV - File not found [Auto | Stopped] -- -- (NecUsb3)
SRV - File not found [Auto | Stopped] -- -- (MailService)
SRV - File not found [Auto | Stopped] -- -- (lockmgr)
SRV - File not found [Auto | Stopped] -- -- (lexbces)
SRV - File not found [Auto | Stopped] -- -- (hsfhwbs2)
SRV - File not found [Auto | Stopped] -- -- (enethusb)
SRV - File not found [Auto | Stopped] -- -- (asp.net_2.0.50727)
SRV - [2012/02/10 11:38:06 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 18:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010/12/26 14:08:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/11/08 11:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 11:43:16 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/11/08 11:40:14 | 000,237,568 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/04/16 08:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Disabled | Stopped] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 23:33:32 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Stopped] -- C:\Windows\System32\delldmi.dll -- (yediex)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- -- (rlidxbn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/06 09:51:34 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/05 10:10:36 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120307.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/05 10:10:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/03/05 10:10:36 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/05 10:10:36 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120307.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/03 04:03:30 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120305.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/02/15 21:50:02 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/23 18:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/23 17:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/23 17:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 19:37:59 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/11/16 19:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/04 15:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/01 23:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC C4 F8 D2 C8 83 CC 01 [binary data]
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Parisa\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Parisa\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Parisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/11/14 22:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/19 22:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/27 23:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/27 23:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/06 09:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/03/07 14:22:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/02 13:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/21 14:53:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/16 15:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/11/19 22:37:17 | 000,000,000 | ---D | M]

[2011/02/03 15:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parisa\AppData\Roaming\Mozilla\Extensions
[2011/11/15 23:21:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\extensions
[2011/03/16 11:35:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/14 20:56:39 | 000,000,259 | ---- | M] () -- C:\Users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\searchplugins\Search.xml
[2012/03/02 13:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/16 06:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/21 03:00:04 | 000,061,440 | ---- | M] (Element K Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOlp32.dll
[2012/02/16 02:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 02:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Offline Course Player Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOlp32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files\Photodex Presenter\npPxPlay.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Parisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: DivX HiQ = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Minimal = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Users\Parisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/07 12:12:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000..\Run: [Akamai NetSession Interface] C:\Users\Parisa\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Parisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: download.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: livemeeting.com ([]https in Internet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftelearning.com ([dynamics] https in Trusted sites)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF03E76-DA3B-417A-ACB7-0A670BACFA8A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA1A5F35-075A-4EB9-A10A-4F278809AD18}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Parisa\Pictures\EclipseBanner5-702x1023.jpg
O24 - Desktop BackupWallPaper: C:\Users\Parisa\Pictures\EclipseBanner5-702x1023.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk - C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk - C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE - (Intuit Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - (Western Digital Technologies, Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: 54340251.sys - Driver
SafeBootMin: 80560222.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: fastuserswitchingcompatibility - File not found
NetSvcs: ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: nla - File not found
NetSvcs: ntmssvc - File not found
NetSvcs: nwcworkstation - File not found
NetSvcs: nwsapagent - File not found
NetSvcs: srservice - File not found
NetSvcs: nuvaud2 - File not found
NetSvcs: asp.net_2.0.50727 - File not found
NetSvcs: ntuneservice - File not found
NetSvcs: tvicport - File not found
NetSvcs: enethusb - File not found
NetSvcs: onecaremp - File not found
NetSvcs: pccsmcfd - File not found
NetSvcs: cwafeventrouter - File not found
NetSvcs: rtl8139 - File not found
NetSvcs: snmptrapdservice - File not found
NetSvcs: amon - File not found
NetSvcs: rbfilter - File not found
NetSvcs: sndo763 - File not found
NetSvcs: tvtfilter - File not found
NetSvcs: slee_81_service - File not found
NetSvcs: epgspooler - File not found
NetSvcs: u81xmgmt - File not found
NetSvcs: vaiomediaplatform-mobile-gateway - File not found
NetSvcs: swmx00 - File not found
NetSvcs: basic2 - File not found
NetSvcs: alpham1 - File not found
NetSvcs: tavsvc - File not found
NetSvcs: wintabservice - File not found
NetSvcs: oracle_load_balancer_60_client-forms6i - File not found
NetSvcs: evian - File not found
NetSvcs: yediex - C:\Windows\System32\delldmi.dll ()
NetSvcs: wmxlcore - File not found
NetSvcs: zy202_xp - File not found
NetSvcs: pcouffin - File not found
NetSvcs: stcagent - File not found
NetSvcs: appnapi - File not found
NetSvcs: srvloc - File not found
NetSvcs: roammgr - File not found
NetSvcs: iastor - File not found
NetSvcs: bdrsdrv - File not found
NetSvcs: nmwcdcm - File not found
NetSvcs: servidor - File not found
NetSvcs: s616obex - File not found
NetSvcs: wandrv - File not found
NetSvcs: mcsysmon - File not found
NetSvcs: hpfecp20 - File not found
NetSvcs: ssisvr32 - File not found
NetSvcs: fd16_700 - File not found
NetSvcs: camdrl - File not found
NetSvcs: o2flash - File not found
NetSvcs: udfreadr_xp - File not found
NetSvcs: server - File not found
NetSvcs: se2dbus - File not found
NetSvcs: mailservice - File not found
NetSvcs: lockmgr - File not found
NetSvcs: wmdmpmsp - File not found
NetSvcs: logonhours - File not found
NetSvcs: pcaudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 13:35:26 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.svs
[2012/03/07 13:13:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 13:13:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 13:13:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/07 13:13:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/07 12:26:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 12:21:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 12:20:38 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\Parisa\Desktop\ComboFix.exe
[2012/03/07 11:33:44 | 000,000,000 | ---D | C] -- C:\Users\Parisa\AppData\Local\CrashDumps
[2012/03/07 11:19:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/06 09:51:12 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symtdiv.sys
[2012/03/06 09:51:12 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symnets.sys
[2012/03/06 09:51:11 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.sys
[2012/03/06 09:51:11 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.sys
[2012/03/06 09:51:11 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symds.sys
[2012/03/06 09:51:11 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ironx86.sys
[2012/03/06 09:51:11 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.sys
[2012/03/06 09:51:11 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.sys
[2012/03/06 09:50:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1305000.091
[2012/03/06 09:37:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Parisa\Desktop\OTL.exe
[2012/03/06 09:25:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/06 09:19:57 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Parisa\Desktop\tdsskiller.exe
[2012/03/05 11:06:10 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Parisa\Desktop\aswMBR.exe
[2012/03/05 10:06:53 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/05 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/05 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/03/04 23:13:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/03/04 23:13:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/03/04 23:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/03/04 23:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/03/04 23:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/03/04 23:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/28 18:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2012/02/28 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2012/02/28 12:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2012/02/28 12:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
[2012/02/28 12:15:45 | 000,000,000 | ---D | C] -- C:\Users\Parisa\Documents\My Web Sites
[2012/02/28 12:15:45 | 000,000,000 | ---D | C] -- C:\Users\Parisa\Documents\IISExpress
[2012/02/28 12:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix
[2012/02/28 12:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WebMatrix
[2012/02/28 12:07:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033
[2012/02/28 12:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2012/02/28 12:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 7.0 Extensions
[2012/02/28 12:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012/02/28 11:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/28 11:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2012/02/28 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/14 23:33:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/14 23:33:35 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/14 23:33:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/14 23:33:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/14 23:33:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/14 23:33:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 12:01:48 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/08 22:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Photojunction
[2012/02/08 22:33:27 | 000,000,000 | ---D | C] -- C:\Users\Parisa\AppData\Roaming\Photojunction
[2011/07/14 14:52:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Parisa\AppData\Roaming\pcouffin.sys
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 14:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000UA.job
[2012/03/07 14:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 14:26:54 | 000,687,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 14:26:54 | 000,136,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/07 14:19:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 14:19:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 14:19:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 14:18:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 14:18:46 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 14:08:03 | 299,469,390 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/07 12:20:43 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\Parisa\Desktop\ComboFix.exe
[2012/03/07 12:14:11 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/07 12:12:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/03/07 11:03:30 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/07 11:03:04 | 002,081,077 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/03/07 11:02:29 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
[2012/03/06 15:42:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000Core.job
[2012/03/06 09:51:34 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/06 09:51:34 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/06 09:51:34 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/06 09:37:02 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Parisa\Desktop\OTL.exe
[2012/03/06 09:34:21 | 000,337,137 | ---- | M] () -- C:\Users\Parisa\Desktop\FSS.exe
[2012/03/06 09:19:53 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Parisa\Desktop\tdsskiller.exe
[2012/03/05 15:17:39 | 000,302,592 | ---- | M] () -- C:\Users\Parisa\Desktop\pg8hftv2.exe
[2012/03/05 15:13:19 | 000,000,000 | -H-- | M] () -- C:\Users\Parisa\defogger_reenable
[2012/03/05 15:12:02 | 000,050,477 | ---- | M] () -- C:\Users\Parisa\Desktop\Defogger.exe
[2012/03/05 11:07:20 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Parisa\Desktop\aswMBR.exe
[2012/03/04 15:42:22 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2012/03/04 15:42:22 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2012/03/04 15:32:35 | 000,001,356 | ---- | M] () -- C:\Users\Parisa\AppData\Local\d3d9caps.dat
[2012/03/02 13:15:06 | 000,000,870 | ---- | M] () -- C:\Users\Parisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/02 13:15:06 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/01 10:47:51 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/02/27 09:33:03 | 000,000,902 | ---- | M] () -- C:\Users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/24 18:08:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/24 12:02:05 | 000,000,862 | ---- | M] () -- C:\Users\Parisa\Desktop\movtoavi - Shortcut.lnk
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/18 16:31:28 | 000,034,816 | ---- | M] () -- C:\Users\Parisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 10:07:18 | 005,294,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/08 22:33:29 | 000,000,376 | ---- | M] () -- C:\Users\Parisa\AppData\Roaming\.sysConfig
[2012/02/08 18:56:01 | 000,000,938 | ---- | M] () -- C:\Users\Parisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/07 16:32:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 14:18:46 | 3209,875,456 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/07 13:13:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 13:13:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 13:13:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 13:13:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 13:13:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 12:14:11 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/07 12:10:46 | 000,000,902 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/07 11:02:29 | 002,081,077 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/03/07 11:02:29 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
[2012/03/06 09:51:12 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnetv.cat
[2012/03/06 09:51:12 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.cat
[2012/03/06 09:51:12 | 000,001,469 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnetv.inf
[2012/03/06 09:51:12 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.inf
[2012/03/06 09:51:11 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.cat
[2012/03/06 09:51:11 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.cat
[2012/03/06 09:51:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.cat
[2012/03/06 09:51:11 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.cat
[2012/03/06 09:51:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.cat
[2012/03/06 09:51:11 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.cat
[2012/03/06 09:51:11 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.inf
[2012/03/06 09:51:11 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.inf
[2012/03/06 09:51:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.inf
[2012/03/06 09:51:11 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.inf
[2012/03/06 09:51:11 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.inf
[2012/03/06 09:51:11 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.inf
[2012/03/06 09:50:47 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symvtcer.dat
[2012/03/06 09:50:47 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
[2012/03/06 09:34:31 | 000,337,137 | ---- | C] () -- C:\Users\Parisa\Desktop\FSS.exe
[2012/03/05 15:17:40 | 000,302,592 | ---- | C] () -- C:\Users\Parisa\Desktop\pg8hftv2.exe
[2012/03/05 15:13:19 | 000,000,000 | -H-- | C] () -- C:\Users\Parisa\defogger_reenable
[2012/03/05 15:12:06 | 000,050,477 | ---- | C] () -- C:\Users\Parisa\Desktop\Defogger.exe
[2012/03/05 10:06:53 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/05 10:06:53 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/05 10:06:49 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/04 15:42:22 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2012/03/04 15:42:22 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/03/02 13:15:06 | 000,000,870 | ---- | C] () -- C:\Users\Parisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/02 13:15:06 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/02 13:15:06 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/28 11:25:41 | 000,001,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2012/02/08 22:33:29 | 000,000,376 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\.sysConfig
[2011/12/13 17:16:27 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2011/12/06 14:06:23 | 000,000,132 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/09/20 12:21:41 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2011/09/13 13:24:01 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2011/07/14 14:52:58 | 000,000,022 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2011/07/14 14:52:28 | 000,087,608 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\inst.exe
[2011/07/14 14:52:28 | 000,007,887 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\pcouffin.cat
[2011/07/14 14:52:28 | 000,001,144 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\pcouffin.inf
[2011/07/09 15:25:35 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/04 16:32:38 | 000,000,132 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/04/08 13:25:15 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/04/08 13:25:15 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/04/08 13:25:15 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/04/08 13:21:04 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/04/08 13:19:16 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/04/08 13:08:14 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/04/08 13:08:14 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/16 11:48:50 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/03/10 17:51:54 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/02/12 15:42:33 | 000,001,456 | ---- | C] () -- C:\Users\Parisa\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/02/11 14:15:14 | 000,000,132 | ---- | C] () -- C:\Users\Parisa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/19 22:31:23 | 000,172,957 | ---- | C] () -- C:\Windows\hpwins21.dat
[2010/11/18 15:11:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/18 11:33:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/18 11:33:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/15 14:28:33 | 000,005,632 | ---- | C] () -- C:\Windows\System32\usbvideo.dll
[2010/11/15 14:28:33 | 000,005,632 | ---- | C] () -- C:\Windows\System32\delldmi.dll
[2010/11/14 16:33:24 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/11/14 13:12:56 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/11/14 13:12:40 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/14 12:34:44 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2010/11/13 22:07:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/13 21:45:50 | 000,034,816 | ---- | C] () -- C:\Users\Parisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 21:21:01 | 000,001,356 | ---- | C] () -- C:\Users\Parisa\AppData\Local\d3d9caps.dat

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\acpi.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\AEAudioService.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\atitool.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\backupexecagentaccelerator.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\backupexecnotificationserver.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\btnetfilter.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\cwcwdm.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\defragfs.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\delldmi.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\elosystemservice.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\enxpsvr.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\EPSON_EB_RPCV4_01.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\hcf_msft.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\incdrm.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\intelroam.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\KMW_SYS.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\LC7981.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\mcvsrte.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\mssql$microsoftsmlbiz.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\NETMDUSB.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\oracle_load_balancer_60_server-forms6ip9.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\P17xfi.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\pepifilter.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\pwisvc.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\s116nd5.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\s217mdm.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SaiNtSub.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\sansaservice.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\se2Bnd5.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SE2Cmgmt.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SECYPUSB.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SNMP.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SQLAgent$MICROSOFTBCM.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\tfsndrct.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\uiusys.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\usbprint.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\w810obex.dll
[2008/01/18 23:33:32 | 000,005,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\wanusb.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/07 14:18:26 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\afd.sys
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/03/06 09:26:17 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbt.sys
[2012/03/06 09:51:34 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\SYMEVENT.SYS

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/02/21 11:49:48 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2010/11/14 00:33:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010/11/14 00:33:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010/11/14 00:33:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2010/11/14 00:31:16 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/11/14 00:31:15 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/11/14 00:31:15 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/11/14 01:06:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/11/14 01:06:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/11/14 00:31:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 01:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 23:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: TDX.SYS >
[2009/04/10 20:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/10 20:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2006/11/02 00:57:35 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=AB4FDE8AF4A0270A46A001C08CBCE1C2 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
[2008/01/18 21:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 01:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2010/11/14 00:33:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2010/11/14 00:33:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2010/11/14 00:33:11 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/18 23:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/18 23:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/18 23:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/18 23:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 01:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 06:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 06:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Parisa\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/06 03:49:49 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/10/05 17:43:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/10/05 17:43:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >



OTL Extras logfile created on: 3/7/2012 2:43:12 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Parisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.71% Memory free
6.18 Gb Paging File | 4.64 Gb Available in Paging File | 75.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 554.50 Gb Free Space | 59.53% Space Free | Partition Type: NTFS

Computer Name: PARISA-PC | User Name: Parisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF27F10-F885-49CE-96E1-2C1C07178AD5}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{11C2B03D-DC6D-4CDE-BF43-A69F06A2642B}" = lport=139 | protocol=6 | dir=in | app=system |
"{1820F47E-AE91-4BE2-9608-A8546863532A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1C4B6D29-84B3-4ECF-BB8C-40A921DE23CD}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{33453052-5A70-4356-A5AE-7405F59D6BC1}" = rport=138 | protocol=17 | dir=out | app=system |
"{62ADC8B7-4422-42D3-9BB3-F9B7DB366F5C}" = rport=137 | protocol=17 | dir=out | app=system |
"{635DD672-35AC-4064-93E7-CF5238621A5A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{6F88F08C-E327-4B42-A996-0B8DB2F6033C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{75C67ACE-B347-4AE3-9D10-76CFF7ECC73A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{780B263A-6D70-415F-8D84-FB5CCBE904CE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8FD05655-655E-4A8D-BB43-C135F97F0F5F}" = rport=139 | protocol=6 | dir=out | app=system |
"{93D0EA6D-A7FE-436C-AE98-3BEE7F0BC576}" = lport=137 | protocol=17 | dir=in | app=system |
"{998241FC-831B-4CBD-9F15-E5AC7904CFD0}" = lport=445 | protocol=6 | dir=in | app=system |
"{B678CA0C-BBF3-448B-A523-536DF2864F89}" = rport=445 | protocol=6 | dir=out | app=system |
"{BFEEB2DA-5E4B-4B2C-93AA-4C8F55582EEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D942F246-CAA4-4FED-A5C2-F8C2C9B6A21F}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0325177C-8845-4424-9D95-135F1875941C}" = dir=in | app=d:\setup\hpznui01.exe |
"{069ACCDB-9D96-46C9-9686-B6488268A1BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{10940C26-C36F-4B4F-A286-D52E24C78E97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{2AD0707C-67C0-4782-A807-EC867F9EFC13}" = protocol=6 | dir=in | app=c:\users\parisa\appdata\local\akamai\netsession_win.exe |
"{3433955E-275F-415A-96DD-CB04A27117D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{35D6EB27-007C-4881-8D47-8073E73F9560}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{37BBA18F-371D-4AA3-928A-74F1774D31B0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{3B433A87-94BC-457C-9EA7-4F19303E22AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{42BF4E00-ECF0-4555-B8DC-B103B0A2E1F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{446E06C7-291C-48FA-8751-2694D60C41BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{44919FDB-922E-4431-B75F-E4A459492592}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{44E145B3-31B7-497D-ADD4-45C38E39850F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{51491123-F8E4-42F0-9494-107824C6D240}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{5313118C-6FDB-484C-B77F-3704DE23D1EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{540A8E36-6A7E-4594-B5EA-6A6858868D4D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5B41D267-0026-497E-905A-EDEE7CEBFFA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B42E4A2-60AA-4B33-88C6-A4FED725BB2E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{6ADD393D-8584-4FF2-B17F-B35ADAD757EE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6B038067-3004-4B38-AFCD-28797A7E1C29}" = protocol=17 | dir=in | app=c:\users\parisa\appdata\local\akamai\netsession_win.exe |
"{6F23BAE3-6148-4534-8B7B-25DA3C0C4565}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{744C23DE-C50D-4A36-A75E-0D5C8F9B0A06}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7A24F870-1B2A-4C2F-9F7E-A029C7C05C89}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7CCE6EFC-1D7E-49DB-8F9F-EDC15807C1D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{84623CAC-C4F7-4B54-AA08-70AA712BC937}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8C424B0E-9020-49A4-A396-A6E993FCDB8C}" = protocol=17 | dir=in | app=c:\users\parisa\appdata\roaming\dropbox\bin\dropbox.exe |
"{8D8A90C1-2886-4CD5-A6FE-9C60CD5C32F5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{97AB2FF6-7313-4D18-B819-A3E5D6F2FA33}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B7F4E05E-3C0E-4B80-AD1B-3BAEB6E62242}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{BF2EA008-A805-4294-9ABC-0AF2CEEE0E97}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C52B0566-48A7-46F4-BFA9-4F53926FF2FC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C5B59426-3958-4647-B976-24AE80A152D5}" = protocol=6 | dir=in | app=c:\users\parisa\appdata\roaming\dropbox\bin\dropbox.exe |
"{DA531B2F-7AAA-40F1-A9F4-63C9BC42F769}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E82DB5F6-61A6-4CEB-BFA4-3FDE80B5108A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EDBDAAAA-BCED-4AA9-8BFB-B9E05532A560}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{F768F04F-247D-4B23-B10A-18B303717919}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FFAF0EE3-AC48-4948-A439-14872153DC9B}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"TCP Query User{89462720-483E-43D1-BDE2-4AADF057102B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9BEBF665-909A-4302-9406-506BC981E5BB}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{A9AD2D49-33CB-4A1E-949E-7E3933E5AB61}C:\program files\masterwriter 2.0\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\masterwriter 2.0\jre6\bin\java.exe |
"TCP Query User{BBDBEB3D-AFCA-4782-85AE-927A6E8A0980}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C5AC8148-3518-470E-93A4-3C6E5FB59C71}C:\program files\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files\leechftp\leechftp.exe |
"UDP Query User{314B9D30-B874-4961-81A5-4D80B99C0C3F}C:\program files\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files\leechftp\leechftp.exe |
"UDP Query User{62D20243-BDD2-46D1-A3FC-E707844186F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{70B70000-83EE-4847-8BE7-B0CF35A564BA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F648C7B6-7582-4A1C-B34A-FEDC49CD9447}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{F7F6679E-E02B-4E83-B01F-B38FCB9A8CEF}C:\program files\masterwriter 2.0\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\masterwriter 2.0\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A423-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Accountant Edition 2010
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}" = Microsoft SQL Server 2008 R2 Native Client
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F141715-E144-48C0-8562-D193B7AB85BC}" = Microsoft SQL Server Compact 4.0 ENU
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3BC1AB78-2D98-4906-84B5-4230B5420DCC}" = Offline Course Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.3.7
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66F0E678-69C2-4C46-BA95-117DF28C87E4}" = Microsoft WebMatrix
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F98BA-338E-49a1-9D79-D786A83E6621}" = HP Officejet Pro 8000 A809 Series
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{854ADF56-8C3A-429E-8A20-2B75E8E15DC5}" = SmartFTP Client
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A51500FE-6408-4305-B071-B961F691A4CE}" = Microsoft SQL Server Compact 4.0 Web Tools ENU
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{C46640C0-93FE-4CD7-8B5E-EB0E92C4C2C9}" = Adobe Photoshop Lightroom 3.4.1
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC5F786F-0733-46AC-8160-972A6906A872}" = WD SmartWare
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AudibleManager" = AudibleManager
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Calibrize_is1" = Calibrize 2.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DynDNSUpdater" = DynDNS Updater
"freeftp" = Free FTP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)
"ImgBurn" = ImgBurn
"Leather Craftsmen's Print2Bind 1.2" = Leather Craftsmen's Print2Bind 1.2
"LeechFTP" = LeechFTP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NIS" = Norton Internet Security
"Photodex Presenter" = Photodex Presenter
"PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.1
"PROR" = Microsoft Office Professional 2007
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RadLab_is1" = RadLab v1.1.8
"Shop for HP Supplies" = Shop for HP Supplies
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"The Extractor1.4.2.2" = The Extractor
"The Extractor1.4.3" = The Extractor
"The Extractor1.4.3.2" = The Extractor
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2733553700-3808856118-2079038621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Bay Photo" = Bay Photo
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"PopImapTroubleshooter" = POP and IMAP Troubleshooter
"ROES.whcc" = ROES.whcc
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2011 3:40:29 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2043

Error - 11/14/2011 3:40:30 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2011 3:40:30 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3089

Error - 11/14/2011 3:40:30 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3089

Error - 11/14/2011 3:40:31 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2011 3:40:31 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4118

Error - 11/14/2011 3:40:31 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4118

Error - 11/14/2011 3:40:32 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/14/2011 3:40:32 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5319

Error - 11/14/2011 3:40:32 AM | Computer Name = Parisa-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5319

[ System Events ]
Error - 3/7/2012 6:20:18 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/7/2012 6:20:18 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 3/7/2012 6:20:18 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/7/2012 6:20:18 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/7/2012 6:20:18 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/7/2012 6:20:18 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/7/2012 6:20:25 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 3/7/2012 6:20:25 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/7/2012 6:23:09 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/7/2012 6:23:09 PM | Computer Name = Parisa-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#8 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 07 March 2012 - 06:30 PM

OTL fix even after reboot norton says computer has the trojan.zeroaccess!inf and it says to remove it manually here is the link below. at this point should I run the combo fix? it gave me some problem. even though i had uninstalled AVG, it prompted me that AVG antivirus & scanner were running. Please tell me what I should do as it looks like the virus is still in my computer.

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2011-122009-5305-99&vid=41454&product=Norton%20Internet%20Security&version=19.5.0.145&plang=sym:EN&layouttype=&buildname=&heartbeatID=6EE90B6C-2C30-4D49-BBEF-C7AF8782A65E&vendorid=1000170&skup=21171849&skum=21171849&skuf=21171505&endpointid=%7B6EE90B6C-2C30-4D49-BBEF-C7AF8782A65E%7D&partnerid=1000170&lic_type=512&lic_attr=21123089&osvers=6.0&oslocale=iso:USA


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Error: No service named zebrceb was found to stop!
Service\Driver key zebrceb not found.
File C:\Windows\System32\bdftdif.dll not found.
Registry value HKEY_USERS\S-1-5-21-2733553700-3808856118-2079038621-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
Registry key HKEY_USERS\S-1-5-21-2733553700-3808856118-2079038621-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B57B59EB-983D-4A5D-B734-55463194BFC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B57B59EB-983D-4A5D-B734-55463194BFC3}\ not found.
HKU\S-1-5-21-2733553700-3808856118-2079038621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "http://mn.iamwired.net/websearch.php?src=tops&search=" removed from browser.search.defaulturl
Prefs.js: "http://mn.iamwired.net/" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: "http://mn.iamwired.net/websearch.php?src=tops&search=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6082770f-f27d-11df-950b-b0f9e9c4e768}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6082770f-f27d-11df-950b-b0f9e9c4e768}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6082770f-f27d-11df-950b-b0f9e9c4e768}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6082770f-f27d-11df-950b-b0f9e9c4e768}\ not found.
File E:\unlock.exe autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e04be1fe-efb0-11df-b2f0-001d6013d1b9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e04be1fe-efb0-11df-b2f0-001d6013d1b9}\ not found.
File K:\WDSetup.exe not found.
zebrceb removed from NetSvcs value successfully!
File C:\Windows\System32\bdftdif.dll not found.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
File C:\Windows\System32\eq30F.com.d not found.
File C:\Windows\System32\eq30F.com.d not found.
File C:\ProgramData\CfTRTvU.dat not found.
File C:\Windows\System32\dds_trash_log.cmd not found.
File C:\Windows\System32\QtGuiTR4.dll not found.
File C:\Windows\System32\QtSvgTR4.dll not found.
File C:\Windows\System32\QtCoreTR4.dll not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\tasks\At*.job not found.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\Parisa\Desktop\cmd.bat deleted successfully.
C:\Users\Parisa\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Parisa\Desktop\cmd.bat deleted successfully.
C:\Users\Parisa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Parisa
->Temp folder emptied: 21883805 bytes
->Temporary Internet Files folder emptied: 3029175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9670407 bytes
->Flash cache emptied: 343 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171333217 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 196.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Parisa
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Parisa
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03072012_151544

Files\Folders moved on Reboot...
File\Folder C:\Users\Parisa\AppData\Local\Temp\~DFCD83.tmp not found!
File\Folder C:\Users\Parisa\AppData\Local\Temp\~DFDAC0.tmp not found!
File\Folder C:\Users\Parisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{5D0DE951-668E-4B0C-B5AE-C7388B776288}.tmp not found!
File\Folder C:\Users\Parisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1E7A0C77-0017-4102-B4DC-2C4F40E37143}.tmp not found!
File\Folder C:\Users\Parisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{946D3D5E-B497-4CC3-A807-9A312BAE9C59}.tmp not found!
File\Folder C:\Windows\temp\etilqs_2yj7Tfjky9llzeyh7yVG not found!
File\Folder C:\Windows\temp\etilqs_v5MYz6xb3OanbXvyMDcD not found!

Registry entries deleted on Reboot...

Edited by parishale, 07 March 2012 - 06:31 PM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 AM

Posted 08 March 2012 - 01:33 AM

Good Evening parishale!

So as I followed your instruction # 1 my computer was fine. But when I ran Combofix, my computer kept rebooting and after the reboot norton said "Auto protect is processing security risk Trojan.zeroacess!inf. so I decided to do this all over.

So I ran the tdsskiller again and it found zero access again. but when i rebooted it said it was still there... so I ran TDSkiller again and found something else that it said to skip so I did.
here is the report with the zeroaccess removal

Okay, thanks for that information!

When you ran ComboFix did you ensure that Norton was disabled for the duration of the scan?

Please run the AVG Removal tool for me.

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.

I'd really like to see if you can get ComboFix to run for you, as it'll help us out tremendously with this infection.

Let me know how that goes.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 08 March 2012 - 01:09 PM

Here is the combofix log file.
Can you please tell me how I can get this file back? if i can't get it back how can i create one? C:\Windows\System32\drivers\etc\hosts
Also Norton is still detecting the Trojan.zeroaccess rootkit activity 4. do you recommend to click on the removal tool norton informed me to download to remove the zeroaccess virus out?





ComboFix 12-03-08.02 - Parisa 03/08/2012 9:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.2015 [GMT -8:00]
Running from: c:\users\Parisa\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~f926.tmp
c:\users\Parisa\AppData\Roaming\Google Talk
c:\users\Parisa\AppData\Roaming\inst.exe
c:\users\Parisa\AppData\Roaming\Local
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\300.4499247.avi&b=205.ddr
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\600.4324394.avi&b=121.ddr
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\9.ddi
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\korhrrvomibe.avi.ddr
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.Bikini.Girls.From.The.Lost.Planet.2006_ns.avi(2).ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.Bikini.Girls.From.The.Lost.Planet.2006_ns.avi(3).ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.Bikini.Girls.From.The.Lost.Planet.2006_ns.avi(4).ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.Bikini.Girls.From.The.Lost.Planet.2006_ns.avi(5).ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.Bikini.Girls.From.The.Lost.Planet.2006_ns.avi.ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.Caligula_1979_CD2_ns.avi(2).ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.Caligula_1979_CD2_ns.avi.ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\300.4499247.avi&b=205
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\600.4324394.avi&b=121.ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\korhrrvomibe.avi
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\top.chef.s08e01.history.never.repeats.hdtv.xvid-momentum_ns.avi(2).ddp
c:\users\Parisa\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\top.chef.s08e01.history.never.repeats.hdtv.xvid-momentum_ns.avi.ddp
c:\users\Parisa\Taskmgr.exe
c:\windows\$NtUninstallKB37602$\2957976237\cfg.ini
c:\windows\iun6002.exe
c:\windows\system32\acpi.dll
c:\windows\system32\AEAudioService.dll
c:\windows\system32\atitool.dll
c:\windows\system32\backupexecagentaccelerator.dll
c:\windows\system32\backupexecnotificationserver.dll
c:\windows\system32\btnetfilter.dll
c:\windows\system32\cwcwdm.dll
c:\windows\system32\defragfs.dll
c:\windows\system32\delldmi.dll
c:\windows\system32\Gdiplus.dll
c:\windows\system32\oracle_load_balancer_60_server-forms6ip9.dll
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_yediex
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 17:48 . 2012-03-08 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 17:48 . 2012-03-08 17:53 -------- d-----w- c:\users\Parisa\AppData\Local\temp
2012-03-07 19:33 . 2012-03-07 19:33 -------- d-----w- c:\users\Parisa\AppData\Local\CrashDumps
2012-03-07 19:19 . 2012-03-07 19:19 -------- d-----w- C:\_OTL
2012-03-06 17:25 . 2012-03-07 22:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-05 18:06 . 2012-03-06 18:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-05 18:06 . 2012-03-06 17:51 -------- d-----w- c:\program files\Symantec
2012-03-05 18:06 . 2012-03-06 17:51 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-05 07:13 . 2012-03-07 19:03 -------- d-----w- c:\windows\system32\drivers\NIS
2012-03-05 07:13 . 2012-03-05 07:13 -------- d-----w- c:\program files\Norton Internet Security
2012-03-05 07:13 . 2012-03-05 21:15 -------- d-----w- c:\programdata\Norton
2012-03-05 07:03 . 2012-03-05 07:03 -------- d-----w- c:\program files\NortonInstaller
2012-02-29 02:41 . 2012-02-29 02:41 -------- d-----w- c:\program files\MySQL
2012-02-28 20:13 . 2012-02-28 20:15 -------- d-----w- c:\program files\Microsoft WebMatrix
2012-02-28 20:07 . 2012-02-28 20:07 -------- d-----w- c:\windows\system32\1033
2012-02-28 20:02 . 2012-02-29 02:42 -------- d-----w- c:\program files\IIS Express
2012-02-28 20:00 . 2012-02-28 20:00 -------- d-----w- c:\program files\IIS
2012-02-28 19:57 . 2012-02-28 20:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-28 19:56 . 2012-02-28 20:16 -------- d-----w- c:\program files\Microsoft ASP.NET
2012-02-28 19:25 . 2012-02-28 19:25 -------- d-----w- c:\program files\Microsoft
2012-02-14 20:01 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:01 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:01 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-09 06:33 . 2012-02-09 06:33 -------- d-----w- c:\programdata\Photojunction
2012-02-09 06:33 . 2012-02-09 06:33 -------- d-----w- c:\users\Parisa\AppData\Roaming\Photojunction
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 22:18 . 2011-06-16 04:14 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-06 17:26 . 2010-11-18 19:33 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-25 02:08 . 2011-09-21 17:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-11-14 08:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-13 05:07 . 2011-12-13 05:07 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-12-10 23:24 . 2010-11-16 17:50 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 14:40 . 2012-03-02 21:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Akamai NetSession Interface"="c:\users\Parisa\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"OLPSYNCH"="c:\program files\Offline Course Player\OlpSynch.exe" [2009-08-21 42288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-12-20 1483016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
.
c:\users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Parisa\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-07 01:39 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 21:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-30 04:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 22:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 22:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-30 04:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 20:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-02-08 02:51 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nuvaud2
asp.net_2.0.50727
ntuneservice
tvicport
enethusb
onecaremp
pccsmcfd
cwafeventrouter
rtl8139
snmptrapdservice
amon
rbfilter
sndo763
tvtfilter
slee_81_service
epgspooler
u81xmgmt
vaiomediaplatform-mobile-gateway
swmx00
basic2
alpham1
tavsvc
wintabservice
oracle_load_balancer_60_client-forms6i
evian
wmxlcore
zy202_xp
pcouffin
stcagent
appnapi
srvloc
roammgr
iastor
bdrsdrv
nmwcdcm
servidor
s616obex
wandrv
mcsysmon
hpfecp20
ssisvr32
fd16_700
camdrl
o2flash
udfreadr_xp
server
se2dbus
mailservice
lockmgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 22:14]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 22:14]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000Core.job
- c:\users\Parisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 10:05]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000UA.job
- c:\users\Parisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 10:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
Trusted Zone: download.com\www
Trusted Zone: microsoftelearning.com\dynamics
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-54340251.sys
SafeBoot-80560222.sys
AddRemove-The Extractor1.4.2.2 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-08 09:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x6E694C00
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB37602$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:75,6c,bf,ca,60,fa,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\mswsock.dll
mswsock.dll 75600000 241664 \\.\globalroot\systemroot\system32\mswsock.dll
.
- - - - - - - > 'Explorer.exe'(4724)
c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe
c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-03-08 09:59:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 17:59
.
Pre-Run: 595,447,230,464 bytes free
Post-Run: 595,034,595,328 bytes free
.
- - End Of File - - 14F4C441FE3D76FBA3850CD021AEB236

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 AM

Posted 09 March 2012 - 01:14 AM

Good Evening parishale!

Can you please tell me how I can get this file back? if i can't get it back how can i create one? C:\Windows\System32\drivers\etc\hosts

When you ran the OTL fix, it should have reset your host file, so a host file should still be present. Does it look like it's missing?

Also Norton is still detecting the Trojan.zeroaccess rootkit activity 4. do you recommend to click on the removal tool norton informed me to download to remove the zeroaccess virus out?

I need to take a look at their removal tool, and see what it's all about.

I'd like to have you run ComboFix again, and see what that log file reports. If it prompts you to update, please allow it to do so.

Also run this tool for me:

Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 09 March 2012 - 06:20 PM

I ran combo fix last night and as soon as I did, my computer crashed, I could only log into safe mode and I had no internet access..so I ran it at least 5 times and same thing kept happening... So I decided to run DSKILLER again and for the time being its allowing me to log in normal mode.


Were you able to review the link for the manual removal tool for zeroaccess norton provided me? I really can't keep running combo fix because it messes up everything and it looks like you only log in around 10pm to 12am my time (pacific standard time California) due to the reason I don't have much access to you, the process is taking so long... are we close to the end? I know you are a volunteer and I hope you know I am very appreciative of all your help and direction; I just wish I could take care of this soon because I have not been able to do anything since Sunday when this happened.

I am attaching the 1st log for combo fix I ran last night before it ruined everything and the mbr log and I have also pasted the latest combofix log I ran just now after the DSSKILLER was ran.



ComboFix 12-03-08.02 - Parisa 03/08/2012 22:51:13.2.2 - x86 NETWORK
Running from: c:\users\Parisa\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB37602$\2957976237\@
c:\windows\$NtUninstallKB37602$\2957976237\cfg.ini
c:\windows\$NtUninstallKB37602$\2957976237\Desktop.ini
c:\windows\$NtUninstallKB37602$\2957976237\L\qnbwvoto
c:\windows\$NtUninstallKB37602$\2957976237\U\00000001.@
c:\windows\$NtUninstallKB37602$\2957976237\U\00000002.@
c:\windows\$NtUninstallKB37602$\2957976237\U\00000004.@
c:\windows\$NtUninstallKB37602$\2957976237\U\80000000.@
c:\windows\$NtUninstallKB37602$\2957976237\U\80000004.@
c:\windows\$NtUninstallKB37602$\2957976237\U\80000032.@
c:\windows\$NtUninstallKB37602$\2957976237\version
c:\windows\$NtUninstallKB37602$\3186169634
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\elosystemservice.dll
c:\windows\system32\enxpsvr.dll
c:\windows\system32\EPSON_EB_RPCV4_01.dll
c:\windows\system32\hcf_msft.dll
c:\windows\system32\incdrm.dll
c:\windows\system32\intelroam.dll
c:\windows\system32\KMW_SYS.dll
c:\windows\system32\LC7981.dll
c:\windows\system32\lxdj_device.dll
c:\windows\system32\mcvsrte.dll
c:\windows\system32\mssql$microsoftsmlbiz.dll
c:\windows\system32\NETMDUSB.dll
c:\windows\system32\P17xfi.dll
c:\windows\system32\pepifilter.dll
c:\windows\system32\pwisvc.dll
c:\windows\system32\s116nd5.dll
c:\windows\system32\s217mdm.dll
c:\windows\system32\SaiNtSub.dll
c:\windows\system32\sansaservice.dll
c:\windows\system32\se2Bnd5.dll
c:\windows\system32\SE2Cmgmt.dll
c:\windows\system32\SECYPUSB.dll
c:\windows\system32\SNMP.dll
c:\windows\system32\SQLAgent$MICROSOFTBCM.dll
c:\windows\system32\tfsndrct.dll
c:\windows\system32\uiusys.dll
c:\windows\system32\usbprint.dll
c:\windows\system32\w810obex.dll
c:\windows\system32\wanusb.dll
c:\windows\$NtUninstallKB37602$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npptnt2
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-07 19:33 . 2012-03-07 19:33 -------- d-----w- c:\users\Parisa\AppData\Local\CrashDumps
2012-03-07 19:19 . 2012-03-07 19:19 -------- d-----w- C:\_OTL
2012-03-06 17:25 . 2012-03-07 22:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-05 18:06 . 2012-03-06 18:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-03-05 18:06 . 2012-03-06 17:51 -------- d-----w- c:\program files\Symantec
2012-03-05 18:06 . 2012-03-06 17:51 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-05 07:13 . 2012-03-07 19:03 -------- d-----w- c:\windows\system32\drivers\NIS
2012-03-05 07:13 . 2012-03-05 07:13 -------- d-----w- c:\program files\Norton Internet Security
2012-03-05 07:13 . 2012-03-05 21:15 -------- d-----w- c:\programdata\Norton
2012-03-05 07:03 . 2012-03-05 07:03 -------- d-----w- c:\program files\NortonInstaller
2012-02-29 02:41 . 2012-02-29 02:41 -------- d-----w- c:\program files\MySQL
2012-02-28 20:13 . 2012-02-28 20:15 -------- d-----w- c:\program files\Microsoft WebMatrix
2012-02-28 20:07 . 2012-02-28 20:07 -------- d-----w- c:\windows\system32\1033
2012-02-28 20:02 . 2012-02-29 02:42 -------- d-----w- c:\program files\IIS Express
2012-02-28 20:00 . 2012-02-28 20:00 -------- d-----w- c:\program files\IIS
2012-02-28 19:57 . 2012-02-28 20:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-28 19:56 . 2012-02-28 20:16 -------- d-----w- c:\program files\Microsoft ASP.NET
2012-02-28 19:25 . 2012-02-28 19:25 -------- d-----w- c:\program files\Microsoft
2012-02-14 20:01 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:01 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:01 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-09 06:33 . 2012-02-09 06:33 -------- d-----w- c:\programdata\Photojunction
2012-02-09 06:33 . 2012-02-09 06:33 -------- d-----w- c:\users\Parisa\AppData\Roaming\Photojunction
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 22:18 . 2011-06-16 04:14 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-06 17:26 . 2010-11-18 19:33 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-25 02:08 . 2011-09-21 17:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-11-14 08:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-13 05:07 . 2011-12-13 05:07 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-12-10 23:24 . 2010-11-16 17:50 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 14:40 . 2012-03-02 21:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Akamai NetSession Interface"="c:\users\Parisa\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"OLPSYNCH"="c:\program files\Offline Course Player\OlpSynch.exe" [2009-08-21 42288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-12-20 1483016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
.
c:\users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Parisa\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-07 01:39 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 21:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-30 04:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 22:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 22:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-30 04:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 20:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-02-08 02:51 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nuvaud2
asp.net_2.0.50727
ntuneservice
tvicport
enethusb
onecaremp
pccsmcfd
cwafeventrouter
rtl8139
snmptrapdservice
amon
rbfilter
sndo763
tvtfilter
slee_81_service
epgspooler
u81xmgmt
vaiomediaplatform-mobile-gateway
swmx00
basic2
alpham1
tavsvc
wintabservice
oracle_load_balancer_60_client-forms6i
evian
wap3gx
GoogleDesktopManager-010708-104812
npptnt2
SRTSPL
ghoststartservice
wmxlcore
zy202_xp
pcouffin
stcagent
appnapi
srvloc
roammgr
iastor
bdrsdrv
nmwcdcm
servidor
s616obex
wandrv
mcsysmon
hpfecp20
ssisvr32
fd16_700
camdrl
o2flash
udfreadr_xp
server
se2dbus
mailservice
lockmgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 22:14]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 22:14]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000Core.job
- c:\users\Parisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 10:05]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000UA.job
- c:\users\Parisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 10:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: download.com\www
Trusted Zone: microsoftelearning.com\dynamics
FF - ProfilePath - c:\users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:75,6c,bf,ca,60,fa,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1552)
c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
Completion time: 2012-03-08 23:12:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-09 07:12
ComboFix2.txt 2012-03-08 17:59
.
Pre-Run: 598,355,038,208 bytes free
Post-Run: 598,147,526,656 bytes free
.
- - End Of File - - 33C7905393726E2BCC404CD15A2174D4

this is the latest combofix i ran after I was able to log in normal mode

ComboFix 12-03-08.02 - Parisa 03/09/2012 15:53:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3060.1572 [GMT -8:00]
Running from: c:\users\Parisa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB37602$
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 00:06 . 2012-03-10 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 07:12 . 2012-03-10 00:07 -------- d-----w- c:\users\Parisa\AppData\Local\temp
2012-03-07 19:33 . 2012-03-07 19:33 -------- d-----w- c:\users\Parisa\AppData\Local\CrashDumps
2012-03-07 19:19 . 2012-03-07 19:19 -------- d-----w- C:\_OTL
2012-03-06 17:25 . 2012-03-09 23:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-05 07:13 . 2012-03-09 23:39 -------- d-----w- c:\programdata\Norton
2012-02-29 02:41 . 2012-02-29 02:41 -------- d-----w- c:\program files\MySQL
2012-02-28 20:13 . 2012-02-28 20:15 -------- d-----w- c:\program files\Microsoft WebMatrix
2012-02-28 20:07 . 2012-02-28 20:07 -------- d-----w- c:\windows\system32\1033
2012-02-28 20:02 . 2012-02-29 02:42 -------- d-----w- c:\program files\IIS Express
2012-02-28 20:00 . 2012-02-28 20:00 -------- d-----w- c:\program files\IIS
2012-02-28 19:57 . 2012-02-28 20:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-28 19:56 . 2012-02-28 20:16 -------- d-----w- c:\program files\Microsoft ASP.NET
2012-02-28 19:25 . 2012-02-28 19:25 -------- d-----w- c:\program files\Microsoft
2012-02-14 20:01 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 20:01 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 20:01 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-09 06:33 . 2012-02-09 06:33 -------- d-----w- c:\programdata\Photojunction
2012-02-09 06:33 . 2012-02-09 06:33 -------- d-----w- c:\users\Parisa\AppData\Roaming\Photojunction
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 23:07 . 2011-06-16 04:14 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-06 17:26 . 2010-11-18 19:33 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-25 02:08 . 2011-09-21 17:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-11-14 08:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-13 05:07 . 2011-12-13 05:07 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2012-02-16 14:40 . 2012-03-02 21:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Parisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Akamai NetSession Interface"="c:\users\Parisa\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"OLPSYNCH"="c:\program files\Offline Course Player\OlpSynch.exe" [2009-08-21 42288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-12-20 1483016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
.
c:\users\Parisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Parisa\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-02-07 01:39 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 21:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-30 04:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 22:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 22:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-30 04:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 20:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-02-08 02:51 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
nuvaud2
asp.net_2.0.50727
ntuneservice
tvicport
enethusb
onecaremp
pccsmcfd
cwafeventrouter
rtl8139
snmptrapdservice
amon
rbfilter
sndo763
tvtfilter
slee_81_service
epgspooler
u81xmgmt
vaiomediaplatform-mobile-gateway
swmx00
basic2
alpham1
tavsvc
wintabservice
oracle_load_balancer_60_client-forms6i
evian
wap3gx
GoogleDesktopManager-010708-104812
npptnt2
SRTSPL
ghoststartservice
wmxlcore
zy202_xp
pcouffin
stcagent
appnapi
srvloc
roammgr
iastor
bdrsdrv
nmwcdcm
servidor
s616obex
wandrv
mcsysmon
hpfecp20
ssisvr32
fd16_700
camdrl
o2flash
udfreadr_xp
server
se2dbus
mailservice
lockmgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 22:14]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 22:14]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000Core.job
- c:\users\Parisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 10:05]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2733553700-3808856118-2079038621-1000UA.job
- c:\users\Parisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 10:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: download.com\www
Trusted Zone: microsoftelearning.com\dynamics
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Parisa\AppData\Roaming\Mozilla\Firefox\Profiles\ij0gk9pi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-63635782.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-09 16:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Parisa\AppData\Local\Temp\WERE9BA.tmp.resp.erc.xml 0 bytes
c:\users\Parisa\AppData\Local\Temp\WERE9BB.tmp.resp 0 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:75,6c,bf,ca,60,fa,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-09 16:10:48
ComboFix-quarantined-files.txt 2012-03-10 00:10
ComboFix2.txt 2012-03-09 07:12
ComboFix3.txt 2012-03-08 17:59
.
Pre-Run: 595,275,988,992 bytes free
Post-Run: 595,168,448,512 bytes free
.
- - End Of File - - 526BBADDC1E7FF216B07F65850A900A6

Edited by parishale, 09 March 2012 - 07:36 PM.


#13 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 09 March 2012 - 07:29 PM

here is the MBR scan... Also the computer still says it has the zero access virus


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 16:26:52
-----------------------------
16:26:52.925 OS Version: Windows 6.0.6002 Service Pack 2
16:26:52.926 Number of processors: 2 586 0xF0D
16:26:52.927 ComputerName: PARISA-PC UserName: Parisa
16:27:22.529 Initialize success
16:27:28.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:27:28.328 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
16:27:28.490 Disk 0 MBR read successfully
16:27:28.494 Disk 0 MBR scan
16:27:28.497 Disk 0 Windows VISTA default MBR code
16:27:28.622 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
16:27:28.628 Disk 0 scanning sectors +1953521664
16:27:28.705 Disk 0 scanning C:\Windows\system32\drivers
16:27:37.993 Service scanning
16:27:54.298 Modules scanning
16:28:00.953 Disk 0 trace - called modules:
16:28:00.979 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:28:00.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f48968]
16:28:00.989 3 CLASSPNP.SYS[8a3a88b3] -> nt!IofCallDriver -> [0x8533f918]
16:28:00.997 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85313b98]
16:28:01.003 Scan finished successfully
16:28:05.979 Disk 0 MBR has been saved successfully to "C:\Users\Parisa\Desktop\MBR.dat"
16:28:05.987 The log file has been saved successfully to "C:\Users\Parisa\Desktop\aswMBR.txt"
16:28:20.506 Disk 0 MBR has been saved successfully to "C:\Users\Parisa\Desktop\MBR.dat"
16:28:20.512 The log file has been saved successfully to "C:\Users\Parisa\Desktop\aswMBR.txt"

Edited by parishale, 09 March 2012 - 07:30 PM.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:05 AM

Posted 10 March 2012 - 01:12 AM

Good Evening parishale!

Sorry to hear you had trouble with ComboFix.

Were you able to review the link for the manual removal tool for zeroaccess norton provided me? I really can't keep running combo fix because it messes up everything and it looks like you only log in around 10pm to 12am my time (pacific standard time California) due to the reason I don't have much access to you, the process is taking so long... are we close to the end? I know you are a volunteer and I hope you know I am very appreciative of all your help and direction; I just wish I could take care of this soon because I have not been able to do anything since Sunday when this happened.

I did have a chance to review that link for the manual removal tool for ZeroAccess. I'm not too sure how useful that's going to be in this instance, as the link says it hasn't been updated since December, and this varaint you are infected with is newer than that.

I apologize for being a bit scarce lately, I usually try to log in and respond to my users in the morning as well, but I've been a bit busy this week and haven't been able to do so. If you really need your computer back the quickest and fastest option is going to be to reformat and re-install your operating system.

I'm going to ask that you try and use a Siref (ZeroAccess) removal tool from ESET.

It looks like it was updated on the 6th, so I think we may have better luck with trying it.

Please visit this link here; http://kb.eset.com/esetkb/index?page=content&id=SOLN2895

Follow the instructions under Remove Zero.Access (Siref)

Lets see how that goes.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 parishale

parishale
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 10 March 2012 - 12:08 PM

Thank you again I am very grateful for all your help and I know you are busy I ran the remove tool and it said
"win32/sirefef.A not found on your computer (as I recall AVG was saying i had sirefef.er)
Checking for the latest variant of Sirefef aka ZeroAccess"
and it dosen't do anything after that

also its really weird but I downloaded norton 30 day trial version a few days ago but it says its expired... does this have something to do with zeroaccess?

if you think that its going to be hard to get the virus out I am open to reformatting if you give me step by step instructions. But I do prefer to be able to fix it without reformatting because I have some softwares that I have lost the CD... how does that work? will I lose everything?

If worse case scenario we had to reformat; can I back up the files I need in my external hard drive or would the virus "jump" in there too?

One more thing. My windows wants to do updates can i do them? Also Java wants to update too... let me know if its safe

Edited by parishale, 10 March 2012 - 06:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users