Solved Generic Win32 Error and Trogan

[Resolved] Generic Win32 Error and Trogan

Hi,
I got polluted with virus's about a week ago, I think coming from VMWare that I had to use for school...had to take my computer somewhere to be fixed, but they didn't fix it completely. I found random folders of the VMWare that I've removed. But when I would go to a search engine it would redirect me to an advertisement. So knew I still had something, and I every so often get the Error that pops up Generic Win32 Services Error. I have AVG AntiVirus, plus AVG Tune-up. and ran Registry Mechanic and have even the Glary Utilities. What is still showing up is when I run a scan on the anti-virus is:

Trogan Horse
C:\WINDOWS\system32\svchost.exe(1528):\memory_001a0000

Trogan Horse
C:\WINDOWS\explorer.exe(156)

After the scan it will have these listed twice each, once showing it was removed and the other two have question marks beside them saying not removed.

Also I don't know if this has anything to do with this, but my computer never did this before, but the tool bar at the bottom of my computer, which should be blue will all of a sudden flicker then go like a silver color.

I've done all sorts of scans, registry runs (which it took me two days to get into my registry, but can now). I'm just stuck with this. I've looked through some of the threads and seen the same issues but most seem to have more so I was afraid to follow those seeing they had more issues I didn't want to make a bigger mess.

I am running in Windows XP Home Edition
Pent 4

Any suggestions on getting rid of these 3 issues??

Rhonda

 

I went through step 1, said it removed 6 threats, went on to step 2, loaded the GMER, it froze up, had to manually shut my computer down, now my computer is just stuck on the Welcome screen when I try to start up??????

 

Ok....started in Safe Mode....then restarted....will go back to Step 2. Sorry

 

not so sure on this GMER, I know you said it's just a scanner, but tried to run again and again locks up, started in Safe Mode thought I'd run it there well then I loose my mouse and key board, that did that the other night too trying to run in safe mode. Having trouble getting it to restart again...is this GMER something that has to be done? Or another way around it?

 

ok...sorry my computer is being difficult, tried again, froze again....opened in safe mode....soon as I go to the internet to get the GMER I loose mouse and keyboard...will skip for now and go on.

 

ok, I can't copy the command line prompt, but I don't know if to exit it out or what it is giving me choices.
Options:
1.Dump the MBR of a physical disk to file
2. Restore the MBR of a physical disk with a standard boot code
3. Exit

Above it has the Device names and MBR Status.
I have an External drive also.
My first it says:
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

I his enter and got the options above but haven't done anymore.....

 

Ok, There is 4 logs, maybe where I was turning my computer on and off (?)....I'll post all 4...

First:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 5274

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/9/2010 4:30:10 PM
mbam-log-2010-12-09 (16-30-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 216041
Time elapsed: 1 hour(s), 19 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B1CD2E19-5DA5-4602-B1DA-6ADF055FB412}\RP1\A0000004.exe (Trojan.Qhosts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1CD2E19-5DA5-4602-B1DA-6ADF055FB412}\RP1\A0000005.exe (Trojan.Qhosts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1CD2E19-5DA5-4602-B1DA-6ADF055FB412}\RP1\A0000006.exe (Trojan.Qhosts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1CD2E19-5DA5-4602-B1DA-6ADF055FB412}\RP1\A0000007.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.


Second:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/17/2010 6:03:47 PM
mbam-log-2010-12-17 (18-03-47).txt

Scan type: Full scan (C:\|G:\|)
Objects scanned: 0
Time elapsed: 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Third:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/17/2010 6:13:31 PM
mbam-log-2010-12-17 (18-13-31).txt

Scan type: Quick scan
Objects scanned: 153394
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\rhonda curfman\application data\whitesmoketranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)



Fourth:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/17/2010 6:17:35 PM
mbam-log-2010-12-17 (18-17-35).txt

Scan type: Quick scan
Objects scanned: 153447
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Now on with the DDS...Thanks for hanging in this with me

 

Here is the Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/5/2009 8:47:17 PM
System Uptime: 12/17/2010 7:36:03 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0U2424
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 41.687 GiB free.
D: is Removable
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 466 GiB total, 452.776 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
70 Free Fonts plus 70 Free Graphics Bonus
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.4.1
Algebrator 5.0
Apple Application Support
Apple Software Update
Ask Toolbar
Avery Wizard 3.1
AVG 2011
AVG PC Tuneup 2011
BCM V.92 56K Modem
Bejeweled Blitz
BIAS SoundSoap PE 2.1
BufferChm
C6300
C6300_Help
Cards_Calendar_OrderGift_DoMorePlugout
CDDRV_Installer
Cisco Packet Tracer 5.2.1
Creative MediaSource
CustomerResearchQFolder
Dealio Toolbar v4.0.2
Dell ResourceCD
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Driver Installer
eSupportQFolder
Facebook Plug-In
Glary Utilities 2.30.0.1066
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Card Games 2007
Hoyle Table Games 2004
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
IIS6 Manager
IncrediMail
IncrediMail 2.0
IncrediMail JunkFilter Plus
Intel Application Accelerator RAID Edition
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Internet Information Services (IIS) 7 Manager
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 23
JunkFilterPlus
jZip
KhalInstallWrapper
Logitech Registration
Logitech SetPoint
Magentic
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 3.7
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 98
Microsoft FrontPage 98 Server Extensions
Microsoft Image Composer 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Motorola Driver Installation
Mozilla Firefox (3.6.13)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Nokia Connectivity Adapter Cable DKU-5
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
PanoStandAlone
PhotoMail Maker
Pinnacle Instant DVD Recorder
proDAD Vitascene 1.0
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PSSWCORE
QuickTime
Registry Mechanic 5.1
Ruckus Buck's Dangerous Mines
Sansa Media Converter
Scan
Search Settings v1.2.3
Secunia PSI
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic MyDVD
Sonic RecordNow!
Sound Blaster Audigy 2
Status
Studio 11
Studio Ultimate
Toolbox
Topo USA 2.0
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
VideoToolkit01
WebFldrs XP
WebReg
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.2
WinZip 12.1
Yahoo! Desktop Login
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

12/17/2010 6:59:16 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/17/2010 6:26:34 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/17/2010 5:49:16 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 5:49:16 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 5:49:16 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 5:49:16 PM, error: Service Control Manager [7034] - The IAA Event Monitor service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 5:49:15 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
12/17/2010 5:49:15 PM, error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 5:44:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/16/2010 5:44:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/16/2010 11:09:10 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuauclt.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
12/16/2010 11:08:44 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wups.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
12/16/2010 11:08:31 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wucltui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
12/16/2010 11:08:18 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wuauserv.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.4.3790.5512.
12/16/2010 11:07:53 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wuaueng1.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.4.3790.5512.
12/16/2010 11:07:53 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuaueng.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
12/16/2010 11:05:08 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
12/16/2010 11:03:25 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuweb.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.4.7600.226.
12/16/2010 10:18:19 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/10/2010 9:45:07 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
12/10/2010 9:43:46 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
12/10/2010 9:43:35 AM, error: SRService [104] - The System Restore initialization process failed.
12/10/2010 8:55:27 AM, error: Service Control Manager [7000] - The 61883 Unit Device service failed to start due to the following error: A device attached to the system is not functioning.
12/10/2010 2:09:44 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
12/10/2010 10:44:01 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
12/10/2010 10:43:31 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

==== End Of File ===========================

 

Here is the DDS.TXT


DDS (Ver_10-12-12.02) - NTFSx86
Run by Rhonda Curfman at 20:22:57.04 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3711.3014 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Rhonda Curfman\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
Trusted Zone: csx.com
Trusted Zone: csx.com\connect
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: ungzpa - ungzpa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rhonda~1\applic~1\mozilla\firefox\profiles\xmr41m2r.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - prefs.js: network.proxy.ftp - ftp.cantewindsfarm.com
FF - prefs.js: network.proxy.ftp_port - 21
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\rhonda curfman\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\rhonda curfman\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {6180D64C-C74C-4EFB-818C-46FCE887E393} - c:\documents and settings\rhonda curfman\local settings\application data\{6180D64C-C74C-4EFB-818C-46FCE887E393}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-7 380928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 kdqvju;kdqvju; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2009-12-5 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2009-12-5 73856]

=============== Created Last 30 ================

2010-12-17 23:00:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 23:00:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 23:00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 03:28:41 -------- d-----w- c:\program files\Ask.com
2010-12-17 02:39:44 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-12-17 02:39:44 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-12-17 01:14:39 -------- d-----w- c:\docume~1\rhonda~1\locals~1\applic~1\Apple
2010-12-17 01:13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-17 01:13:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-17 01:13:46 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-16 23:10:54 -------- d-----w- c:\program files\Secunia
2010-12-16 21:26:39 -------- d-----w- c:\windows\system32\NtmsData
2010-12-16 06:45:15 -------- d-----w- c:\docume~1\rhonda~1\applic~1\AVG
2010-12-10 15:24:35 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-10 13:56:20 0 ----a-w- c:\windows\Dcuca.bin
2010-12-10 13:56:17 -------- d-----w- c:\docume~1\rhonda~1\locals~1\applic~1\{6180D64C-C74C-4EFB-818C-46FCE887E393}
2010-12-10 13:30:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-08 21:38:18 -------- d-----w- c:\docume~1\rhonda~1\applic~1\Malwarebytes
2010-12-08 21:38:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-08 21:02:21 98816 ----a-w- c:\windows\sed.exe
2010-12-08 21:02:21 89088 ----a-w- c:\windows\MBR.exe
2010-12-08 21:02:21 256512 ----a-w- c:\windows\PEV.exe
2010-12-08 21:02:21 161792 ----a-w- c:\windows\SWREG.exe
2010-12-08 19:43:59 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-12-08 19:43:59 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-12-07 10:09:31 -------- d-----w- c:\docume~1\rhonda~1\applic~1\4ADF157A5CA4FB0A16ADCC5139194D6F
2010-12-05 00:45:45 -------- d-----w- c:\docume~1\rhonda~1\locals~1\applic~1\VMware
2010-12-04 23:26:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-04 23:26:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-20 01:31:53 -------- d-----w- c:\docume~1\rhonda~1\locals~1\applic~1\Identities

==================== Find3M ====================

2010-12-16 19:11:06 90112 ----a-w- c:\windows\Updreg.EXE
2010-12-16 19:11:05 12288 ----a-r- c:\windows\Twunk_32.dll
2010-12-16 19:11:05 12288 ----a-r- c:\windows\Twunk_16.dll
2010-12-16 19:11:01 356352 ----a-w- c:\windows\system32\wpdsp.dll
2010-12-16 19:11:01 331776 ----a-w- c:\windows\system32\wpdmtpdr.dll
2010-12-16 19:11:00 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2010-12-16 19:11:00 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2010-12-16 19:11:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-16 19:09:53 28672 ----a-w- c:\windows\system32\dbnmpntw.dll
2010-12-16 19:06:49 184320 ----a-w- c:\windows\PSCONV.EXE
2010-12-16 19:06:49 176128 ----a-w- c:\windows\READREG.EXE
2010-12-16 19:06:08 49152 ----a-w- c:\windows\MIDIDEF.EXE
2010-12-16 19:04:38 20480 ----a-w- c:\windows\INRES.DLL
2010-12-16 19:03:04 94208 ----a-w- c:\windows\DEVREG.DLL
2010-12-16 19:02:58 57344 ----a-w- c:\windows\BCMSMD2K.exe
2010-12-16 19:02:58 49152 ----a-w- c:\windows\CTDCRES.DLL
2010-12-16 19:02:58 151552 ----a-w- c:\windows\BCMSMU.exe
2010-12-16 19:02:58 122880 ----a-w- c:\windows\BCMSMMSG.exe
2010-12-16 15:03:14 212992 ----a-w- c:\windows\system32\MFPLAT.dll
2009-09-01 03:43:04 9577800 ----a-w- c:\program files\winzip121.exe
2009-03-08 13:02:20 1431504 ----a-w- c:\program files\PrinterSpoolerFixWizard.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y080L0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AF40555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8af467b0]; MOV EAX, [0x8af4682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8B1F8AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8AF07560]
\Driver\atapi[0x8B1EE288] -> IRP_MJ_CREATE -> 0x8AF40555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_6Y080L0__________________________YAR41BW0#32593637344d4556202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AF4039B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 20:24:59.31 ===============

 

Ok here is the report from the TDSSKiller:


2010/12/17 20:55:28.0718 ================================================================================
2010/12/17 20:55:28.0718 SystemInfo:
2010/12/17 20:55:28.0718
2010/12/17 20:55:28.0718 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/17 20:55:28.0734 Product type: Workstation
2010/12/17 20:55:28.0734 ComputerName: CANTEWINDSFARM
2010/12/17 20:55:28.0734 UserName: Rhonda Curfman
2010/12/17 20:55:28.0734 Windows directory: C:\WINDOWS
2010/12/17 20:55:28.0734 System windows directory: C:\WINDOWS
2010/12/17 20:55:28.0734 Processor architecture: Intel x86
2010/12/17 20:55:28.0734 Number of processors: 1
2010/12/17 20:55:28.0734 Page size: 0x1000
2010/12/17 20:55:28.0734 Boot type: Normal boot
2010/12/17 20:55:28.0734 ================================================================================
2010/12/17 20:55:38.0140 Initialize success
2010/12/17 20:56:07.0515 ================================================================================
2010/12/17 20:56:07.0515 Scan started
2010/12/17 20:56:07.0515 Mode: Manual;
2010/12/17 20:56:07.0515 ================================================================================
2010/12/17 20:56:08.0968 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/12/17 20:56:10.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/17 20:56:10.0718 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/17 20:56:11.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/17 20:56:12.0281 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/17 20:56:12.0859 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/17 20:56:15.0671 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/17 20:56:17.0031 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/17 20:56:17.0531 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/17 20:56:18.0390 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/17 20:56:18.0890 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/17 20:56:19.0531 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/12/17 20:56:20.0171 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/12/17 20:56:20.0671 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/12/17 20:56:21.0375 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/12/17 20:56:21.0859 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/12/17 20:56:22.0515 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/12/17 20:56:23.0140 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/12/17 20:56:23.0718 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/12/17 20:56:24.0734 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/12/17 20:56:25.0859 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/12/17 20:56:26.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/17 20:56:27.0359 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2010/12/17 20:56:27.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/17 20:56:28.0375 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/17 20:56:29.0171 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/17 20:56:29.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/17 20:56:30.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/17 20:56:32.0328 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/12/17 20:56:32.0953 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/12/17 20:56:33.0781 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/12/17 20:56:34.0437 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/12/17 20:56:35.0265 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/12/17 20:56:36.0640 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
2010/12/17 20:56:37.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/17 20:56:37.0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/17 20:56:38.0890 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/17 20:56:39.0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/17 20:56:40.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/17 20:56:40.0906 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/17 20:56:41.0359 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/12/17 20:56:41.0890 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/12/17 20:56:42.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/17 20:56:42.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/17 20:56:43.0437 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
2010/12/17 20:56:43.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/17 20:56:44.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/17 20:56:44.0953 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/17 20:56:45.0515 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/17 20:56:46.0015 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/17 20:56:46.0546 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/17 20:56:47.0296 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/12/17 20:56:47.0906 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/12/17 20:56:48.0390 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/17 20:56:49.0375 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/17 20:56:49.0937 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/17 20:56:50.0484 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/17 20:56:51.0156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/17 20:56:52.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/17 20:56:53.0359 iaStor (50b56e7de809be4b8f4d24b3f0381520) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/12/17 20:56:54.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/17 20:56:54.0781 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/17 20:56:55.0218 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/17 20:56:55.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/17 20:56:56.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/17 20:56:56.0843 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/17 20:56:57.0421 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/17 20:56:58.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/17 20:56:58.0531 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/17 20:56:59.0015 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/17 20:56:59.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/17 20:57:00.0203 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/17 20:57:01.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/17 20:57:01.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/17 20:57:02.0140 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/12/17 20:57:02.0656 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/12/17 20:57:03.0468 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/12/17 20:57:04.0015 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2010/12/17 20:57:04.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/17 20:57:04.0875 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/17 20:57:05.0359 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/17 20:57:05.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/17 20:57:06.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/17 20:57:06.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/17 20:57:07.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/17 20:57:08.0515 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/17 20:57:09.0171 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/12/17 20:57:09.0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/17 20:57:10.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/17 20:57:10.0546 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/17 20:57:11.0156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/17 20:57:11.0687 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/17 20:57:12.0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/17 20:57:12.0656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/17 20:57:13.0171 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/17 20:57:13.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/17 20:57:14.0234 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/17 20:57:14.0703 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/17 20:57:15.0203 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/17 20:57:15.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/17 20:57:16.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/17 20:57:16.0765 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/17 20:57:17.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/17 20:57:17.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/17 20:57:18.0390 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/17 20:57:18.0859 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2010/12/17 20:57:19.0375 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/17 20:57:20.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/17 20:57:20.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/17 20:57:22.0562 nv (2282ad3b19b00967c6e48531c25bfe01) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/17 20:57:24.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/17 20:57:25.0250 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/17 20:57:25.0859 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/17 20:57:26.0859 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/12/17 20:57:27.0468 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/12/17 20:57:28.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/17 20:57:28.0609 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/17 20:57:29.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/17 20:57:29.0828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/17 20:57:33.0750 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/17 20:57:34.0765 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/17 20:57:39.0906 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/12/17 20:57:40.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/17 20:57:41.0281 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/17 20:57:41.0781 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/12/17 20:57:42.0718 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/17 20:57:43.0578 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/12/17 20:57:47.0062 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/17 20:57:47.0578 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/17 20:57:48.0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/17 20:57:48.0750 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/17 20:57:49.0546 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/17 20:57:50.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/17 20:57:51.0000 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/17 20:57:51.0609 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/17 20:57:52.0343 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/12/17 20:57:52.0906 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/17 20:57:53.0375 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/17 20:57:53.0921 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
2010/12/17 20:57:54.0421 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/17 20:57:54.0984 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/17 20:57:55.0515 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/17 20:57:56.0078 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/17 20:57:57.0187 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/17 20:57:58.0078 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/17 20:57:58.0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/17 20:57:59.0375 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/17 20:57:59.0984 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/17 20:58:00.0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/17 20:58:01.0109 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/17 20:58:01.0609 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\WINDOWS\System32\drivers\swmsflt.sys
2010/12/17 20:58:02.0218 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\WINDOWS\system32\DRIVERS\swnc8u56.sys
2010/12/17 20:58:02.0718 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\WINDOWS\system32\DRIVERS\swumx56.sys
2010/12/17 20:58:04.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/17 20:58:05.0562 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/17 20:58:06.0234 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/17 20:58:06.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/17 20:58:07.0312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/17 20:58:08.0203 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/17 20:58:09.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/17 20:58:09.0875 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/17 20:58:10.0453 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/17 20:58:11.0031 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/17 20:58:11.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/17 20:58:12.0140 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/17 20:58:12.0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/17 20:58:13.0234 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/17 20:58:13.0734 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/17 20:58:14.0328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/17 20:58:14.0828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/17 20:58:16.0156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/17 20:58:16.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/17 20:58:17.0328 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/12/17 20:58:18.0265 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/17 20:58:18.0812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/17 20:58:19.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/17 20:58:19.0875 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/17 20:58:20.0406 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/17 20:58:20.0562 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/17 20:58:20.0593 ================================================================================
2010/12/17 20:58:20.0593 Scan finished
2010/12/17 20:58:20.0593 ================================================================================
2010/12/17 20:58:20.0609 Detected object count: 1
2010/12/17 20:59:49.0984 \HardDisk0 - will be cured after reboot
2010/12/17 20:59:49.0984 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/17 20:59:55.0250 Deinitialize success