Here is the latest logs. So far the searches don't look to be redirected. Also so far no Norton alerts. Computer seems to be running better. It is still slow at login upon reboot otherwise it seems to be fine.
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8910ECA-A68A-4DF1-97A7-DAD2D537B344}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8910ECA-A68A-4DF1-97A7-DAD2D537B344}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{B8910ECA-A68A-4DF1-97A7-DAD2D537B344}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8910ECA-A68A-4DF1-97A7-DAD2D537B344}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\gusvc deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 7451011 bytes
->Flash cache emptied: 1100 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: administrator.CORP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: gregs
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 19757456 bytes
->Flash cache emptied: 1594636 bytes
User: gsweigert
->Temp folder emptied: 111817978 bytes
->Temporary Internet Files folder emptied: 9053576 bytes
->Java cache emptied: 18604308 bytes
->Flash cache emptied: 1224340 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 15885 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 52871499 bytes
->Flash cache emptied: 23463 bytes
User: shipping
->Temp folder emptied: 49124996 bytes
->Temporary Internet Files folder emptied: 15171849 bytes
->Java cache emptied: 1752462 bytes
->Flash cache emptied: 93084 bytes
%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2439435 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77494508 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 352.00 mb
OTM by OldTimer - Version 3.1.16.0 log created on 09132010_121529
Files moved on Reboot...
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\XTVFOAMN\Type=click&FlightID=10216&AdID=14543&TargetID=820&Segments=1,11,910&Targets=42,820&Values=25,31,43,51,60,72,84,91,100,110,150,155,202,207,285,489,564,695,715,830,872,939[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\XTVFOAMN\Type=click&FlightID=10660&AdID=15350&TargetID=2784&Segments=1,11,1054,1317,1403,2304,2529,2931,2947,2955,2964,2995,3017&Targets=42,963,1229,1283,2130,2344,2715,2733,2741[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\XTVFOAMN\Type=click&FlightID=10923&AdID=15710&TargetID=2524&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2958,2997&Targets=42,6,111,268,1757,2131,23[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\XTVFOAMN\Type=click&FlightID=10929&AdID=15716&TargetID=820&Segments=1,11,910&Targets=42,820&Values=25,31,43,51,60,72,82,91,100,110,150,155,202,207,285,489,564,695,715,830,872,939[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\XTVFOAMN\Type=click&FlightID=10929&AdID=15716&TargetID=820&Segments=1,11,910&Targets=42,820&Values=25,31,43,51,60,72,82,91,100,110,150,155,202,207,285,489,564,695,715,830,872,939[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\TXIO0954\%2Fnews%3Ftmpl%3Dstory%26u%3D%2Fap%2F20050730%2Fap_on_bi_ge%2Fcafta_winners_losers_summary_box_1&cc=260&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=3&u_java=true not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\TXIO0954\Type=click&FlightID=10660&AdID=15350&TargetID=2784&Segments=1,11,1054,1317,1403,2304,2529,2931,2947,2955,2964,2995,3017&Targets=42,963,1229,1283,2130,2344,2715,2733,2741[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\TXIO0954\Type=click&FlightID=10923&AdID=15710&TargetID=2524&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2948,2997,3038&Targets=42,6,111,268,1757,21[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\TXIO0954\Type=click&FlightID=10923&AdID=15710&TargetID=2524&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2948,2997,3038&Targets=42,6,111,268,1757,21[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\TXIO0954\Type=click&FlightID=10929&AdID=15716&TargetID=820&Segments=1,11,910&Targets=42,820&Values=25,31,43,51,60,72,84,91,100,110,150,155,202,207,285,489,564,695,715,830,872,939[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\SN3V68XX\AAAAAAAAAAAJf5B0YAAAAA,,http%3A%2F%2Fmessaging%2Emyspace%2Ecom%2Findex%2Ecfm%3Ffuseaction%3Dmail%2Einbox%26mytoken%3D9e9251d3%2Dbd35%2D4d3c%2D9b41%2D6879c850e17a,;ord=1174927767 not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\OY5H8EFN\activity;src=690334;met=1;v=1;pid=11539515;aid=18074418;ko=0;cid=11013831;rid=11031727;rv=1;×tamp=1123161897325;eid1=2;ecn1=1;etm1=6;eid2=1048;ecn2=1;etm2=0;[1].gif not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\OY5H8EFN\article;sz=300x250;src=MAGS;zn=article;pub=Production+Technology+News;cat=business;cat=manufacturing;pageid=DocG;memb=guest;kw=Vertical+Plate+Saw;ord=228416085243224[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\OY5H8EFN\article;sz=300x250;src=MAGS;zn=article;pub=Production+Technology+News;cat=business;cat=manufacturing;pageid=DocG;memb=guest;kw=Vertical+Plate+Saw;ord=673118233680724[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\OY5H8EFN\Type=click&FlightID=10663&AdID=15351&TargetID=2782&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2958,2997,3038&Targets=42,6,111,268,1757,21[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\OY5H8EFN\Type=click&FlightID=10663&AdID=15351&TargetID=2782&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2958,2997,3038&Targets=42,6,111,268,1757,21[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\OY5H8EFN\Type=click&FlightID=10923&AdID=15710&TargetID=2524&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2958,2997&Targets=42,6,111,268,1757,2131,23[1].htm not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\M2DJGMI7\Type=click&FlightID=10216&AdID=14543&TargetID=820&Segments=1,11,910&Targets=42,820&Values=25,31,43,51,60,72,84,91,100,110,150,155,202,207,285,489,564,695,715,830,872,939[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\M2DJGMI7\Type=click&FlightID=10663&AdID=15351&TargetID=2782&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2958,2997,3038&Targets=42,6,111,268,1757,21[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\M2DJGMI7\Type=click&FlightID=10923&AdID=15710&TargetID=2524&Segments=1,11,12,122,284,1914,2305,2528,2538,2667,2668,2723,2724,2864,2932,2958,2997&Targets=42,6,111,268,1757,2131,23[1] not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\9GCV9L8X\0YAAAAA,,http%3A%2F%2Fdesk%2Emyspace%2Ecom%2Fhtml%2Eng%2Fsite%3Dmyspace%26position%3Dskyscraper%26page%3D14000000%26rand%3D0251937950%26acnt%3D2%26schoolpage%3D0,;ord=1174921646 not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\9GCV9L8X\om%2Fsearch%3Fq%3DADC%2BBroadband%2C%2BShakopee%2C%2BMN%26hl%3Den%26lr%3D%26start%3D10%26sa%3DN&cc=522&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=-300&u_his=25&u_java=true not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\2H3K147Y\0YAAAAA,,http%3A%2F%2Fdelb%2Emyspace%2Ecom%2Fhtml%2Eng%2Fsite%3Dmyspace%26position%3Dleaderboard%26page%3D14000019%26rand%3D894386050%26acnt%3D1%26schoolpage%3D0,;ord=1174927762 not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\2H3K147Y\0YAAAAA,,http%3A%2F%2Fdesk%2Emyspace%2Ecom%2Fhtml%2Eng%2Fsite%3Dmyspace%26position%3Dskyscraper%26page%3D14000016%26rand%3D9711690760%26acnt%3D2%26schoolpage%3D0,;ord=1174921649 not found!
File C:\Documents and Settings\gsweigert\Local Settings\Temp\Temporary Internet Files\Content.IE5\2H3K147Y\AAAANPhB0YAAAAA,,http%3A%2F%2Fdelb%2Emyspace%2Ecom%2Fhtml%2Eng%2Fsite%3Dmyspace%26position%3Dleaderboard%26page%3D%26rand%3D011958965%26acnt%3D1%26schoolpage%3D0,;ord=1174921683 not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PMVUK7RE\012060130569[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PMVUK7RE\12109-72992-6712-3[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PMVUK7RE\afr[1].php not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PMVUK7RE\ddc[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PMVUK7RE\login_status[1].php not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PMVUK7RE\st[3] not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\PMVUK7RE\video[1].txt not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O46MBVMH\12109-72992-6712-0[1].htm not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O46MBVMH\control[1].xml moved successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O46MBVMH\iframe3[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O46MBVMH\st[4] not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HQKRIBB2\ads[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HQKRIBB2\afr[1].php not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HQKRIBB2\fw-nonplayer-banner[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HQKRIBB2\fw-nonplayer-banner[2].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HQKRIBB2\iframe3[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HQKRIBB2\xd_receiver[1].htm not found!
File C:\Documents and Settings\shipping\Local Settings\Temp\~DF7459.tmp not found!
File C:\Documents and Settings\shipping\Local Settings\Temp\~DF7469.tmp not found!
File C:\Documents and Settings\shipping\Local Settings\Temp\~DF79AC.tmp not found!
File C:\Documents and Settings\shipping\Local Settings\Temp\~DF79E0.tmp not found!
File C:\Documents and Settings\shipping\Local Settings\Temp\~DF7BD0.tmp not found!
File C:\Documents and Settings\shipping\Local Settings\Temp\~DF7BE0.tmp not found!
C:\Documents and Settings\shipping\Local Settings\Temporary Internet Files\Content.IE5\UXXGRDM9\viewtopic[1].php moved successfully.
C:\Documents and Settings\shipping\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_bc.dat not found!
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.08 (written by random/random)
Run by shipping at 2010-09-13 12:30:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 2046 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:30:14 PM, on 9/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\QuickTime\qttask.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\MCUI32.EXE
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\MCUI32.EXE
C:\Documents and Settings\shipping\Desktop\RSIT.exe
C:\Program Files\trend micro\shipping.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell.com/F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... -
res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebook.com/controls/Fac ... oader5.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -
http://www.linkedin.com/cab/LinkedInCon ... ontrol.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {B151B524-F451-4036-9663-B3944FA710DF} (ExecuteAgent2p Class) -
http://support.ticomix.net/ENUclientPro.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://globalspecevents.webex.com/clie ... eatgpc.cabO16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/fi ... tup161.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{93E70402-90B7-4204-923C-45B8B8AE3701}: NameServer = 192.168.1.190,68.94.156.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{93E70402-90B7-4204-923C-45B8B8AE3701}: NameServer = 192.168.1.190,68.94.156.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{93E70402-90B7-4204-923C-45B8B8AE3701}: NameServer = 192.168.1.190,68.94.156.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
--
End of file - 12307 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-12 394608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL [2010-05-13 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-07-21 321312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-09 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll [2010-02-12 506720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-21 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-21 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-12 394608]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-13 278192]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll [2010-02-12 506720]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"NA1Messenger"=C:\UPS\WSTD\UPSNA1Msgr.exe [2009-12-01 24576]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DVDTray"=C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe [2004-09-03 65536]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe [2010-02-12 240992]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-05 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
UPS WorldShip Messaging Utility.lnk - C:\UPS\WSTD\WSTDMessaging.exe
UPS WorldShip PLD Reminder Utility.lnk - C:\UPS\WSTD\wstdPldReminder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NofolderOptions"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\pvsw\bin\w3dbsmgr.exe"="C:\pvsw\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\pvsw\bin\w3dbsmgr.exe"="C:\pvsw\bin\w3dbsmgr.exe:*:Disabled:Database Service Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-09-13 12:15:29 ----D---- C:\_OTM
2010-09-13 12:12:14 ----D---- C:\Program Files\ERUNT
2010-09-13 10:45:59 ----A---- C:\TDSSKiller.2.4.2.1_13.09.2010_10.45.59_log.txt
2010-09-13 10:43:29 ----D---- C:\Program Files\trend micro
2010-09-13 10:43:22 ----D---- C:\rsit
2010-09-13 10:06:41 ----D---- C:\Documents and Settings\shipping\Application Data\Malwarebytes
2010-09-13 10:06:03 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-13 10:06:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-13 10:06:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-13 10:06:01 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-10 09:36:41 ----D---- C:\Program Files\HiJackThis
2010-09-09 15:31:22 ----ASH---- C:\hiberfil.sys
2010-09-08 14:05:56 ----D---- C:\Program Files\MSN Toolbar
2010-09-08 14:03:50 ----D---- C:\Program Files\MSN Toolbar Installer
2010-09-08 14:01:35 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-08 13:59:13 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-08 13:59:13 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-08 13:59:13 ----A---- C:\WINDOWS\system32\java.exe
2010-09-08 13:59:13 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-08 11:49:27 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2010-09-08 11:49:26 ----A---- C:\WINDOWS\system32\RcdScan.dll
2010-09-08 11:49:00 ----N---- C:\WINDOWS\system32\drivers\omci.sys
2010-09-08 11:22:53 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-08 10:54:38 ----HDC---- C:\WINDOWS\ie8
======List of files/folders modified in the last 1 months======
2010-09-13 12:26:50 ----A---- C:\WINDOWS\wstdUPSWSHIP.INI
2010-09-13 12:26:25 ----D---- C:\WINDOWS\Prefetch
2010-09-13 12:25:58 ----D---- C:\WINDOWS\Temp
2010-09-13 12:21:38 ----SHD---- C:\System Volume Information
2010-09-13 12:20:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-13 12:20:26 ----D---- C:\WINDOWS\SYSTEM32
2010-09-13 12:20:26 ----D---- C:\WINDOWS
2010-09-13 12:12:14 ----RD---- C:\Program Files
2010-09-13 11:59:49 ----SHD---- C:\WINDOWS\CSC
2010-09-13 10:46:00 ----D---- C:\WINDOWS\system32\DRIVERS
2010-09-13 10:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2010-09-13 09:47:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-13 09:44:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 09:40:58 ----SHD---- C:\WINDOWS\Installer
2010-09-13 09:40:51 ----HD---- C:\Config.Msi
2010-09-13 09:40:51 ----D---- C:\Program Files\Java
2010-09-13 09:40:50 ----D---- C:\Program Files\Common Files\Java
2010-09-13 09:39:10 ----D---- C:\WINDOWS\system32\appmgmt
2010-09-13 09:30:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-13 09:26:17 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-09-13 09:20:03 ----HD---- C:\WINDOWS\INF
2010-09-09 15:52:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-09-09 15:52:27 ----SD---- C:\WINDOWS\Tasks
2010-09-09 10:33:17 ----D---- C:\WINDOWS\system32\drivers\ETC
2010-09-08 14:07:53 ----D---- C:\Program Files\MSN
2010-09-08 14:06:30 ----D---- C:\Program Files\Microsoft
2010-09-08 14:04:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-08 11:49:02 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-08 10:58:05 ----D---- C:\WINDOWS\Help
2010-09-08 10:58:05 ----D---- C:\Program Files\Internet Explorer
2010-09-08 10:56:25 ----D---- C:\WINDOWS\WBEM
2010-09-08 10:56:25 ----D---- C:\WINDOWS\system32\en-us
2010-09-08 10:56:10 ----D---- C:\WINDOWS\Media
2010-09-08 10:40:51 ----D---- C:\WINDOWS\ie8updates
2010-09-08 10:33:10 ----D---- C:\WINDOWS\network diagnostic
2010-09-07 15:00:53 ----D---- C:\UPS
2010-09-07 14:39:35 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-07 14:36:59 ----SD---- C:\Documents and Settings\shipping\Application Data\Microsoft
2010-09-07 14:36:52 ----D---- C:\WINDOWS\AppPatch
2010-09-03 09:07:04 ----D---- C:\tempinst
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-04-21 43528]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-11-05 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-21 173104]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2007-05-01 16896]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS [2010-04-21 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS [2010-04-21 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS [2010-05-05 361904]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100909.001\IDSxpx86.sys []
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100913.004\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100913.004\NAVEX15.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2007-07-02 16800]
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winusb;WinUSB Service; C:\WINDOWS\system32\DRIVERS\WinUSB.SYS [2006-11-02 39368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2007-05-23 122880]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-07-20 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2005-05-04 9150464]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-25 126392]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2005-05-03 323584]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
2010/09/13 12:32:19.0203 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/13 12:32:19.0203 ================================================================================
2010/09/13 12:32:19.0203 SystemInfo:
2010/09/13 12:32:19.0203
2010/09/13 12:32:19.0203 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/13 12:32:19.0203 Product type: Workstation
2010/09/13 12:32:19.0203 ComputerName: GREG
2010/09/13 12:32:19.0203 UserName: shipping
2010/09/13 12:32:19.0203 Windows directory: C:\WINDOWS
2010/09/13 12:32:19.0203 System windows directory: C:\WINDOWS
2010/09/13 12:32:19.0203 Processor architecture: Intel x86
2010/09/13 12:32:19.0203 Number of processors: 1
2010/09/13 12:32:19.0203 Page size: 0x1000
2010/09/13 12:32:19.0203 Boot type: Normal boot
2010/09/13 12:32:19.0203 ================================================================================
2010/09/13 12:32:19.0781 Initialize success
2010/09/13 12:32:23.0656 ================================================================================
2010/09/13 12:32:23.0656 Scan started
2010/09/13 12:32:23.0656 Mode: Manual;
2010/09/13 12:32:23.0656 ================================================================================
2010/09/13 12:32:25.0234 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/13 12:32:25.0437 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/13 12:32:25.0625 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/13 12:32:25.0875 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/13 12:32:26.0078 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/09/13 12:32:26.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/13 12:32:26.0468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/13 12:32:26.0656 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/13 12:32:26.0843 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/13 12:32:27.0000 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/13 12:32:27.0218 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/13 12:32:27.0437 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/13 12:32:27.0656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/13 12:32:27.0843 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/13 12:32:28.0031 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/13 12:32:28.0187 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/13 12:32:28.0406 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/13 12:32:28.0609 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/13 12:32:28.0828 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/13 12:32:29.0046 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/13 12:32:29.0218 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/13 12:32:29.0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/13 12:32:29.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/13 12:32:29.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/13 12:32:30.0140 BHDrvx86 (8f6d9ce8af24f09de6b020b2c09e27d9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
2010/09/13 12:32:30.0343 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2010/09/13 12:32:30.0515 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2010/09/13 12:32:30.0703 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2010/09/13 12:32:30.0843 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/13 12:32:31.0000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/13 12:32:31.0265 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
2010/09/13 12:32:31.0468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/13 12:32:31.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/13 12:32:31.0843 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/13 12:32:32.0015 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/13 12:32:32.0281 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/13 12:32:32.0515 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/13 12:32:32.0828 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/13 12:32:33.0125 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/13 12:32:33.0703 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/13 12:32:34.0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/13 12:32:35.0078 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/13 12:32:35.0359 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/13 12:32:35.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/13 12:32:36.0250 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/09/13 12:32:36.0796 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/09/13 12:32:37.0078 dot4ufd (0a57b5876530febb4ebf6ad501864f96) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys
2010/09/13 12:32:37.0453 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/13 12:32:37.0921 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/13 12:32:38.0421 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/13 12:32:38.0703 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/13 12:32:38.0921 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/13 12:32:39.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/13 12:32:39.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/13 12:32:39.0500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/13 12:32:39.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/13 12:32:39.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/13 12:32:40.0046 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/13 12:32:40.0281 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/13 12:32:40.0578 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/13 12:32:40.0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/13 12:32:40.0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/13 12:32:41.0187 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/13 12:32:41.0359 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/13 12:32:41.0531 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/13 12:32:41.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/13 12:32:41.0906 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/13 12:32:42.0109 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/13 12:32:42.0218 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/13 12:32:42.0453 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/09/13 12:32:42.0796 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100909.001\IDSxpx86.sys
2010/09/13 12:32:42.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/13 12:32:43.0187 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/13 12:32:43.0390 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/13 12:32:43.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/13 12:32:44.0062 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/13 12:32:44.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/13 12:32:44.0406 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/13 12:32:44.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/13 12:32:44.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/13 12:32:44.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/13 12:32:45.0125 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/13 12:32:45.0312 Kbdclass (f7deae15849e13e8a33287fc997b075f) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/13 12:32:45.0312 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdclass.sys. Real md5: f7deae15849e13e8a33287fc997b075f, Fake md5: 463c1ec80cd17420a542b7f36a36f128
2010/09/13 12:32:45.0328 Kbdclass - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/13 12:32:45.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/13 12:32:45.0656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/13 12:32:46.0031 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/13 12:32:46.0218 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/13 12:32:46.0421 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/13 12:32:46.0625 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/13 12:32:46.0750 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/13 12:32:47.0000 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/13 12:32:47.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/13 12:32:47.0421 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/13 12:32:47.0671 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/13 12:32:47.0890 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/13 12:32:48.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/13 12:32:48.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/13 12:32:48.0406 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/13 12:32:48.0656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/13 12:32:49.0031 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100913.004\NAVENG.SYS
2010/09/13 12:32:49.0953 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100913.004\NAVEX15.SYS
2010/09/13 12:32:50.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/13 12:32:50.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/13 12:32:50.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/13 12:32:50.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/13 12:32:51.0156 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/13 12:32:51.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/13 12:32:51.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/13 12:32:51.0765 NetworkX (c4186dbf1e59f8207a0ecba9e1826d08) C:\WINDOWS\system32\ckldrv.sys
2010/09/13 12:32:51.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/13 12:32:52.0250 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/13 12:32:52.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/13 12:32:53.0015 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/13 12:32:53.0234 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/13 12:32:53.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/13 12:32:53.0640 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/09/13 12:32:53.0953 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/13 12:32:54.0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/13 12:32:54.0375 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/13 12:32:54.0609 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/13 12:32:54.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/13 12:32:55.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/13 12:32:55.0593 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/13 12:32:55.0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/13 12:32:56.0015 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/13 12:32:56.0218 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/13 12:32:56.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/13 12:32:56.0562 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/13 12:32:56.0781 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/13 12:32:56.0984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/13 12:32:57.0218 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/13 12:32:57.0531 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/13 12:32:57.0750 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/13 12:32:57.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/13 12:32:58.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/13 12:32:58.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/13 12:32:58.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/13 12:32:58.0687 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/13 12:32:58.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/13 12:32:59.0218 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/13 12:32:59.0421 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/13 12:32:59.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/13 12:32:59.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/13 12:33:00.0093 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/13 12:33:00.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/13 12:33:00.0546 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/13 12:33:00.0828 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/13 12:33:01.0078 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2010/09/13 12:33:01.0359 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/13 12:33:01.0546 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/13 12:33:01.0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/13 12:33:02.0046 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
2010/09/13 12:33:02.0265 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
2010/09/13 12:33:02.0578 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/13 12:33:02.0765 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/13 12:33:02.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/13 12:33:03.0171 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/13 12:33:03.0390 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/13 12:33:03.0609 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS
2010/09/13 12:33:03.0796 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
2010/09/13 12:33:03.0984 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/13 12:33:04.0187 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
2010/09/13 12:33:04.0406 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
2010/09/13 12:33:04.0562 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/13 12:33:04.0781 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/13 12:33:04.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/13 12:33:05.0218 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/13 12:33:05.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/13 12:33:05.0687 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/13 12:33:05.0890 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/13 12:33:06.0093 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/13 12:33:06.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/13 12:33:06.0546 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/13 12:33:06.0750 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/13 12:33:06.0968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/13 12:33:07.0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/13 12:33:07.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/13 12:33:07.0578 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/13 12:33:07.0765 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/13 12:33:07.0984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/13 12:33:08.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/13 12:33:08.0390 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/13 12:33:08.0593 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/13 12:33:08.0796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/13 12:33:09.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/13 12:33:09.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/13 12:33:09.0437 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/13 12:33:09.0843 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/13 12:33:10.0062 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2010/09/13 12:33:10.0171 ================================================================================
2010/09/13 12:33:10.0171 Scan finished
2010/09/13 12:33:10.0171 ================================================================================
2010/09/13 12:33:10.0187 Detected object count: 1
2010/09/13 12:33:34.0250 Kbdclass (f7deae15849e13e8a33287fc997b075f) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/13 12:33:34.0250 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\kbdclass.sys. Real md5: f7deae15849e13e8a33287fc997b075f, Fake md5: 463c1ec80cd17420a542b7f36a36f128
2010/09/13 12:33:36.0046 Backup copy found, using it..
2010/09/13 12:33:36.0296 C:\WINDOWS\system32\DRIVERS\kbdclass.sys - will be cured after reboot
2010/09/13 12:33:36.0296 Rootkit.Win32.TDSS.tdl3(Kbdclass) - User select action: Cure
2010/09/13 12:33:43.0171 Deinitialize success