Member Avatar for jimfive

Howdy,

I had a virus, one of the ones that pops up and says, viruses detected, click on this to start running the anti-virus software. I CTRL-Alt_Del out of that, and then it usually tells me, jga.exe (or something similar) not responsive. I search on that, its always in the PreFetch and ...\Application Data. Deleting that gets rid of it, but the .exe files atop working. I then go into Safe Mode, and run regedit, and go into HKEY_CLASSES_ROOT\exefile\shell\open\command, and change the top setting, which references the evil executable, and make it match the bottom ( "%1" "* ), and that does the trick. It didn't, so I haven't been able to fix the .exe file thing. Here is teh info I am supposed to post:

GMEROne.log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-27 09:54:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST316081 rev.3.AD
Running: mgwmwkcx.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----

GMERTwo.log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-27 13:16:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST316081 rev.3.AD
Running: mgwmwkcx.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MBAM file:

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

6/27/2011 2:01:01 PM
mbam-log-2011-06-27 (14-01-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 227454
Time elapsed: 36 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Administrator at 14:22:44 on 2011-06-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1318 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070719
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PUStarter] c:\program files\common files\hewlett-packard\hp printer utility dcs\appinterfaces\HPPUDS.exe
mRun: [RunPUTasktray] "c:\program files\hewlett-packard\hp printer utility\hppu.exe" --regkeypath=software\hewlett-packard\hp printer utility\HPPURun --valuename=InstallTTM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hp.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 10.10.10.100
TCP: Interfaces\{A45855FA-B3B7-4FDC-9D1E-304B36F4546C} : DhcpNameServer = 10.10.10.100
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - c:\program files\common files\hewlett-packard\hp printer utility dcs\app\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - c:\program files\hewlett-packard\hp printer utility\hpluCtrls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-4 20328]
S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 136176]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [2007-7-26 17976]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-27 18:05:04 607017 ----a-w- C:\dds.scr
2011-06-27 12:20:45 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-06-27 12:19:16 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-06-27 12:09:53 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-06-24 06:07:50 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{be8ad43e-6a36-42b9-929b-7157bf326cc9}\mpengine.dll
2011-06-16 12:16:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 03:48:32 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 14:31:00 1409 ----a-w- c:\windows\QTFont.for
.
==================== Find3M ====================
.
2011-06-22 12:01:34 306 ----a-w- c:\windows\system32\Winacprd0.dll
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-08 18:00:43 0 --sha-w- c:\documents and settings\all users\application data\wmf.exe
2011-04-08 18:00:43 0 --sha-w- c:\documents and settings\all users\application data\qet.exe
2011-04-08 18:00:43 0 --sha-w- c:\documents and settings\all users\application data\ohl.exe
2011-04-08 18:00:43 0 --sha-w- c:\documents and settings\all users\application data\ndk.exe
2011-04-08 18:00:43 0 --sha-w- c:\documents and settings\all users\application data\lpi.exe
1998-10-01 20:22:12 6128 ----a-w- c:\program files\_SETUP.DLL
1998-10-01 20:20:56 8192 ----a-w- c:\program files\_ISDEL.EXE
.
============= FINISH: 14:23:16.90 ===============

I attached a copy of Attach.txt, it says not to post it unless told to, so I am attaching it instead.

attach.zip (5.45 KB)
  • 3 Contributors
  • 18 Replies
  • 364 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by jimfive
Member Avatar for jimfive

Also, all this was done in Safe Mode. Thanks so much for your help with this!

Jim

Member Avatar for jak0b

in "HKEY_CLASSES_ROOT\exefile\shell\open\command" my default says: "%1" %* and not "%1" "* like you wrote. Maybe that is your problem?
I am running XP sp3.

I removed one of those pest's last week as well, from a friends pc, and was able to start any .exe file from command prompt as long as I didn't click on any of the popup boxes, but just killed them with Alt-F4. And after renaming the malicious exe in the first place, the mbam could remove all traces with a complete scan (including the renamed exe file. :)

Member Avatar for jholland1964

Jim,your MBA-M program is several years out of date,which is why it didn't find anything, because it can't, it's too old and that database does not contain the proper files to look for today's infections.

You need to update that and run it again. Currect version number is 1.51.1200 and current database, as I write this, is 6963. though by the time you read this there likely will have been another one since they release updates multiple times a day.
Since you can't get to Normal mode, instead boot to Safe mode with Networking, this will allow you at least to go online and update that program.
Then run a Full Scan with it, have it Remove Everything found and then Reboot to normal if possible and see if you can use the computer. Post back here with that new MBA-M log.

Also please remove that attached file and copy/paste it's contents here. We don't open attached files here due to risk of possible infection from those files.

Edited by jholland1964 because: n/a
Member Avatar for jimfive

You said:

in "HKEY_CLASSES_ROOT\exefile\shell\open\command" my default says: "%1" %* and not "%1" "* like you wrote. Maybe that is your problem?
I am running XP sp3.

Sorry, mistype, that is also what I had, thanks anyway.

Member Avatar for jimfive

Ok, wowsers, I thought I was getting constant updates from MBAM, can you point out where that is done, so I can set it up? The new software found 6 more issues. I will paste the MBAM info here, and then the attach.txt file after it. Thanks for the help. I will check to see if I am running in normal mode. I figured I might as well send this info out first. Sorry about the attachment, not really thinking about that when I posted.

MBAM LOG:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6966

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/28/2011 8:40:40 AM
mbam-log-2011-06-28 (08-40-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 297178
Time elapsed: 35 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\girish jain\application data\Sun\Java\deployment\cache\6.0\46\46bb576e-197506fd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-224141192-2580517631-749118045-1008\Dc63.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\gifnoc.xtx (Trojan.Agent) -> Quarantined and deleted successfully.


attach.txt (I ran this yesterday, so it was *before* the MBAM log above):

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2007 3:37:33 PM
System Uptime: 6/27/2011 9:30:42 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 0DN075
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 64.25 GiB free.
D: is CDROM ()
F: is FIXED (FAT32) - 298 GiB total, 195.163 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1072: 3/28/2011 8:23:07 AM - System Checkpoint
RP1073: 3/29/2011 2:02:47 AM - Software Distribution Service 3.0
RP1074: 3/30/2011 2:04:31 AM - System Checkpoint
RP1075: 3/31/2011 3:04:24 AM - System Checkpoint
RP1076: 4/1/2011 2:16:44 AM - Software Distribution Service 3.0
RP1077: 4/2/2011 2:34:37 AM - System Checkpoint
RP1078: 4/3/2011 3:34:37 AM - System Checkpoint
RP1079: 4/4/2011 4:34:37 AM - System Checkpoint
RP1080: 4/5/2011 2:16:48 AM - Software Distribution Service 3.0
RP1081: 4/6/2011 2:34:43 AM - System Checkpoint
RP1082: 4/7/2011 3:34:38 AM - System Checkpoint
RP1083: 4/8/2011 2:16:49 AM - Software Distribution Service 3.0
RP1084: 4/11/2011 2:20:57 PM - System Checkpoint
RP1085: 4/12/2011 4:38:00 PM - System Checkpoint
RP1086: 4/13/2011 5:37:43 PM - System Checkpoint
RP1087: 4/14/2011 6:37:43 PM - System Checkpoint
RP1088: 4/15/2011 7:37:44 PM - System Checkpoint
RP1089: 4/16/2011 8:37:37 PM - System Checkpoint
RP1090: 4/17/2011 9:37:37 PM - System Checkpoint
RP1091: 4/18/2011 10:37:44 PM - System Checkpoint
RP1092: 4/19/2011 11:37:46 PM - System Checkpoint
RP1093: 4/20/2011 9:03:59 AM - Installed HP Standard TCP\IP Port Monitor
RP1094: 4/20/2011 9:06:15 AM - Installed HP Web Registration
RP1095: 4/20/2011 9:06:29 AM - Installed HP Proactive Services
RP1096: 4/20/2011 9:06:56 AM - Installed HP Utility.
RP1097: 4/21/2011 10:18:59 AM - System Checkpoint
RP1098: 4/25/2011 8:33:04 AM - Installed OverDrive Media Console
RP1099: 4/26/2011 11:35:02 AM - System Checkpoint
RP1100: 4/27/2011 2:56:03 PM - System Checkpoint
RP1101: 4/28/2011 3:02:28 PM - System Checkpoint
RP1102: 4/29/2011 4:17:44 PM - System Checkpoint
RP1103: 4/30/2011 5:00:39 PM - System Checkpoint
RP1104: 5/1/2011 6:00:39 PM - System Checkpoint
RP1105: 5/2/2011 7:00:45 PM - System Checkpoint
RP1106: 5/3/2011 8:00:40 PM - System Checkpoint
RP1107: 5/4/2011 9:00:22 PM - System Checkpoint
RP1108: 5/5/2011 10:00:20 PM - System Checkpoint
RP1109: 5/9/2011 7:58:34 AM - Software Distribution Service 3.0
RP1110: 5/9/2011 9:12:57 AM - Software Distribution Service 3.0
RP1111: 5/10/2011 1:51:37 AM - Software Distribution Service 3.0
RP1112: 5/11/2011 2:27:00 AM - System Checkpoint
RP1113: 5/12/2011 3:26:58 AM - System Checkpoint
RP1114: 5/13/2011 1:51:47 AM - Software Distribution Service 3.0
RP1115: 5/13/2011 8:01:23 AM - Software Distribution Service 3.0
RP1116: 5/14/2011 8:27:03 AM - System Checkpoint
RP1117: 5/15/2011 9:26:58 AM - System Checkpoint
RP1118: 5/16/2011 7:49:49 AM - Software Distribution Service 3.0
RP1119: 5/17/2011 1:00:59 PM - System Checkpoint
RP1120: 5/18/2011 1:50:20 AM - Software Distribution Service 3.0
RP1121: 5/19/2011 2:18:27 AM - System Checkpoint
RP1122: 5/20/2011 3:18:22 AM - System Checkpoint
RP1123: 5/21/2011 2:06:20 AM - Software Distribution Service 3.0
RP1124: 5/22/2011 2:32:05 AM - System Checkpoint
RP1125: 5/23/2011 3:31:57 AM - System Checkpoint
RP1126: 5/24/2011 2:23:30 AM - Software Distribution Service 3.0
RP1127: 5/25/2011 2:37:31 AM - System Checkpoint
RP1128: 5/26/2011 3:37:15 AM - System Checkpoint
RP1129: 5/27/2011 2:23:18 AM - Software Distribution Service 3.0
RP1130: 5/28/2011 2:37:16 AM - System Checkpoint
RP1131: 5/29/2011 3:37:15 AM - System Checkpoint
RP1132: 5/30/2011 4:37:15 AM - System Checkpoint
RP1133: 5/31/2011 2:23:42 AM - Software Distribution Service 3.0
RP1134: 6/1/2011 2:37:16 AM - System Checkpoint
RP1135: 6/2/2011 3:36:55 AM - System Checkpoint
RP1136: 6/3/2011 2:23:52 AM - Software Distribution Service 3.0
RP1137: 6/4/2011 2:36:55 AM - System Checkpoint
RP1138: 6/5/2011 3:36:54 AM - System Checkpoint
RP1139: 6/6/2011 4:36:55 AM - System Checkpoint
RP1140: 6/7/2011 2:23:33 AM - Software Distribution Service 3.0
RP1141: 6/8/2011 12:11:17 PM - System Checkpoint
RP1142: 6/9/2011 12:18:41 PM - System Checkpoint
RP1143: 6/10/2011 1:51:43 AM - Software Distribution Service 3.0
RP1144: 6/11/2011 2:09:43 AM - System Checkpoint
RP1145: 6/12/2011 3:09:38 AM - System Checkpoint
RP1146: 6/13/2011 4:09:38 AM - System Checkpoint
RP1147: 6/14/2011 1:51:45 AM - Software Distribution Service 3.0
RP1148: 6/15/2011 2:09:43 AM - System Checkpoint
RP1149: 6/16/2011 3:09:33 AM - System Checkpoint
RP1150: 6/16/2011 7:52:31 AM - Software Distribution Service 3.0
RP1151: 6/16/2011 8:19:02 AM - Software Distribution Service 3.0
RP1152: 6/17/2011 2:07:52 AM - Software Distribution Service 3.0
RP1153: 6/18/2011 2:37:30 AM - System Checkpoint
RP1154: 6/19/2011 3:37:24 AM - System Checkpoint
RP1155: 6/20/2011 4:37:24 AM - System Checkpoint
RP1156: 6/20/2011 7:29:10 AM - Software Distribution Service 3.0
RP1157: 6/20/2011 8:06:31 AM - Software Distribution Service 3.0
RP1158: 6/20/2011 11:18:54 AM - Software Distribution Service 3.0
RP1159: 6/21/2011 2:08:09 AM - Software Distribution Service 3.0
RP1160: 6/22/2011 2:24:54 AM - System Checkpoint
RP1161: 6/23/2011 3:24:14 AM - System Checkpoint
RP1162: 6/24/2011 2:07:40 AM - Software Distribution Service 3.0
RP1163: 6/27/2011 8:00:25 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
1Time ver 2.2
2007 Microsoft Office system
32 Bit HP CIO Components Installer
7-Zip 4.44 beta
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader 8.3.0
AIM 7
Alibre 3D Publisher for Google SketchUp
Alibre CAM 1.1
Alibre Design
AutoCAD R14.0
CAD Overlay
CPUID CPU-Z 1.55
Critical Update for Windows Media Player 11 (KB959772)
Dell ETS Factory Installation
DesignCheck 21.01
DivX Web Player
Dombrov Baseball '11
DoubleCAD XT Pro 3
Download Updater (AOL LLC)
Driver Detective
EPSON Printer Software
ESET NOD32 Antivirus
Google Earth Plug-in
Google Update Helper
HandBrake 0.9.5
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Designjet T770 and T1200 Printer Series
HP ICC Profiles
HP Proactive Services
HP Utility
HP Web Registration
IGS Viewer 2.2
Intel(R) Matrix Storage Manager
J2SE Runtime Environment 5.0 Update 6
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lernout & Hauspie TruVoice American English TTS Engine
List-FC v2.00 (remove only)
Machinist ToolBox™ v9.x
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2005
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 9 Essentials
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 2.3
OverDrive Media Console
Palm Desktop
PDFCreator
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roark's Formulas for Excel
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Symantec Technical Support Web Controls
TK Solver 5.0
Uconeer 2.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VisualMill Basic 3.0
WD Diagnostics
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
Wisdom-soft ScreenHunter 5.1 Free
XLC 01_09
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
6/27/2011 8:43:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/27/2011 8:19:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/27/2011 8:11:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm
6/27/2011 8:09:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/27/2011 8:09:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.113 for the Network Card with network address 001AA0216DA0 has been denied by the DHCP server 10.10.10.100 (The DHCP Server sent a DHCPNACK message).
6/24/2011 8:35:29 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
6/21/2011 7:56:24 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
6/21/2011 7:56:24 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
6/21/2011 7:56:24 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
6/21/2011 5:58:38 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer STOCKROOM1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A45855FA-B3B7-4FD. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

Thanks again!

Member Avatar for jimfive

Ok, I booted up in normal mode, and all my .exe files are disassociated. I again looked at the /command folder in the registry, and it looks normal. I am not sure how to fix this part. I think all the viruses are gone though. Thanks for noticing how out of date my MBAM was, I really need to make sure that is self updating. Please let me know how to proceed.

Thanks, Jim

Member Avatar for jholland1964

Please download TDSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);

Run the TDSSKiller.exe file;

Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.
Post back with the log.

Member Avatar for jimfive

Please download TDSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);

Run the TDSSKiller.exe file;

Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed.
Post back with the log.

Hey, thanks for getting back so soon, here is the log of TDSSKiller:

2011/06/28 10:07:16.0453 1540 TDSS rootkit removing tool 2.5.7.0 Jun 28 2011 13:21:55
2011/06/28 10:07:16.0828 1540 ================================================================================
2011/06/28 10:07:16.0843 1540 SystemInfo:
2011/06/28 10:07:16.0843 1540
2011/06/28 10:07:16.0843 1540 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/28 10:07:16.0843 1540 Product type: Workstation
2011/06/28 10:07:16.0843 1540 ComputerName: ENG3
2011/06/28 10:07:16.0843 1540 UserName: Administrator
2011/06/28 10:07:16.0843 1540 Windows directory: C:\WINDOWS
2011/06/28 10:07:16.0843 1540 System windows directory: C:\WINDOWS
2011/06/28 10:07:16.0843 1540 Processor architecture: Intel x86
2011/06/28 10:07:16.0843 1540 Number of processors: 2
2011/06/28 10:07:16.0843 1540 Page size: 0x1000
2011/06/28 10:07:16.0843 1540 Boot type: Safe boot with network
2011/06/28 10:07:16.0843 1540 ================================================================================
2011/06/28 10:07:24.0578 1540 Initialize success
2011/06/28 10:07:29.0515 0488 ================================================================================
2011/06/28 10:07:29.0515 0488 Scan started
2011/06/28 10:07:29.0515 0488 Mode: Manual;
2011/06/28 10:07:29.0515 0488 ================================================================================
2011/06/28 10:07:30.0734 0488 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/28 10:07:30.0796 0488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/28 10:07:30.0843 0488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/28 10:07:30.0859 0488 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/28 10:07:30.0937 0488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/28 10:07:30.0984 0488 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/28 10:07:31.0031 0488 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/28 10:07:31.0093 0488 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/28 10:07:31.0125 0488 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/28 10:07:31.0156 0488 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/28 10:07:31.0187 0488 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/28 10:07:31.0281 0488 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/28 10:07:31.0343 0488 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/28 10:07:31.0406 0488 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/28 10:07:31.0453 0488 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/28 10:07:31.0500 0488 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/28 10:07:31.0531 0488 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/28 10:07:31.0546 0488 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/28 10:07:31.0765 0488 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/06/28 10:07:31.0843 0488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/28 10:07:31.0906 0488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/28 10:07:32.0000 0488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/28 10:07:32.0093 0488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/28 10:07:32.0140 0488 b57w2k (bb1a2a73f993b623f99e03ed2f9e014c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/28 10:07:32.0203 0488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/28 10:07:32.0296 0488 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/28 10:07:32.0343 0488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/28 10:07:32.0421 0488 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/28 10:07:32.0468 0488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/28 10:07:32.0546 0488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/28 10:07:32.0593 0488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/28 10:07:32.0781 0488 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/28 10:07:32.0859 0488 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/28 10:07:32.0937 0488 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2011/06/28 10:07:32.0968 0488 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/28 10:07:33.0000 0488 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/28 10:07:33.0078 0488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/28 10:07:33.0171 0488 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/06/28 10:07:33.0234 0488 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/28 10:07:33.0281 0488 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/28 10:07:33.0343 0488 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/06/28 10:07:33.0421 0488 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/28 10:07:33.0468 0488 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/28 10:07:33.0531 0488 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/28 10:07:33.0656 0488 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/06/28 10:07:33.0718 0488 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/28 10:07:33.0734 0488 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/28 10:07:33.0843 0488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/28 10:07:33.0937 0488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/28 10:07:33.0953 0488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/28 10:07:34.0000 0488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/28 10:07:34.0093 0488 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/28 10:07:34.0187 0488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/28 10:07:34.0312 0488 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/28 10:07:34.0390 0488 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/28 10:07:34.0453 0488 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/28 10:07:34.0515 0488 eamon (30372bcc67d63bee538cdfeca755d81c) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/06/28 10:07:34.0578 0488 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/06/28 10:07:34.0640 0488 epfwtdir (ad414acda67d3020f7a04fb9c8621f01) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/06/28 10:07:34.0687 0488 EPUSBSTOR (9ff9df112f551f34ce7894c7ce41bfee) C:\WINDOWS\system32\DRIVERS\epusbsto.sys
2011/06/28 10:07:34.0796 0488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/28 10:07:34.0859 0488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/28 10:07:34.0890 0488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/28 10:07:34.0921 0488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/28 10:07:34.0953 0488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/28 10:07:34.0984 0488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/28 10:07:35.0015 0488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/28 10:07:35.0078 0488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/28 10:07:35.0187 0488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/28 10:07:35.0281 0488 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/28 10:07:35.0375 0488 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/28 10:07:35.0468 0488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/28 10:07:35.0531 0488 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/28 10:07:35.0546 0488 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/28 10:07:35.0593 0488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/28 10:07:35.0687 0488 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/28 10:07:35.0718 0488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/28 10:07:35.0812 0488 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/28 10:07:35.0875 0488 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/28 10:07:35.0921 0488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/28 10:07:35.0953 0488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/28 10:07:35.0984 0488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/28 10:07:36.0046 0488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/28 10:07:36.0078 0488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/28 10:07:36.0125 0488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/28 10:07:36.0187 0488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/28 10:07:36.0218 0488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/28 10:07:36.0265 0488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/28 10:07:36.0296 0488 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/28 10:07:36.0343 0488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/28 10:07:36.0406 0488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/28 10:07:36.0593 0488 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/28 10:07:36.0640 0488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/28 10:07:36.0703 0488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/28 10:07:36.0765 0488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/28 10:07:36.0859 0488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/28 10:07:36.0906 0488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/28 10:07:36.0953 0488 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/28 10:07:37.0000 0488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/28 10:07:37.0093 0488 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/28 10:07:37.0140 0488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/28 10:07:37.0218 0488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/28 10:07:37.0265 0488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/28 10:07:37.0328 0488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/28 10:07:37.0421 0488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/28 10:07:37.0484 0488 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/28 10:07:37.0546 0488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/28 10:07:37.0593 0488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/28 10:07:37.0656 0488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/28 10:07:37.0703 0488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/28 10:07:37.0781 0488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/28 10:07:37.0843 0488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/28 10:07:37.0906 0488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/28 10:07:38.0000 0488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/28 10:07:38.0093 0488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/28 10:07:38.0203 0488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/28 10:07:38.0437 0488 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/28 10:07:38.0687 0488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/28 10:07:38.0718 0488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/28 10:07:38.0796 0488 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/06/28 10:07:38.0859 0488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/28 10:07:38.0890 0488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/28 10:07:38.0921 0488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/28 10:07:38.0984 0488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/28 10:07:39.0078 0488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/28 10:07:39.0140 0488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/28 10:07:39.0406 0488 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/28 10:07:39.0500 0488 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/28 10:07:39.0640 0488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/28 10:07:39.0671 0488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/28 10:07:39.0734 0488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/28 10:07:39.0796 0488 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/28 10:07:39.0859 0488 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/28 10:07:39.0921 0488 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/28 10:07:39.0953 0488 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/28 10:07:39.0984 0488 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/28 10:07:40.0015 0488 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/28 10:07:40.0093 0488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/28 10:07:40.0187 0488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/28 10:07:40.0265 0488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/28 10:07:40.0343 0488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/28 10:07:40.0390 0488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/28 10:07:40.0468 0488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/28 10:07:40.0531 0488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/28 10:07:40.0593 0488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/28 10:07:40.0656 0488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/28 10:07:40.0812 0488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/28 10:07:40.0890 0488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/28 10:07:40.0937 0488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/28 10:07:41.0125 0488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/28 10:07:41.0312 0488 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/28 10:07:41.0406 0488 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/28 10:07:41.0468 0488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/28 10:07:41.0546 0488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/28 10:07:41.0593 0488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/28 10:07:41.0718 0488 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/28 10:07:41.0859 0488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/28 10:07:41.0953 0488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/28 10:07:42.0062 0488 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/28 10:07:42.0093 0488 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/28 10:07:42.0109 0488 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/28 10:07:42.0140 0488 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/28 10:07:42.0234 0488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/28 10:07:42.0312 0488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/28 10:07:42.0375 0488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/28 10:07:42.0421 0488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/28 10:07:42.0468 0488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/28 10:07:42.0609 0488 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/28 10:07:42.0703 0488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/28 10:07:42.0765 0488 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/28 10:07:42.0828 0488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/28 10:07:42.0906 0488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/28 10:07:42.0968 0488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/28 10:07:43.0046 0488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/28 10:07:43.0109 0488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/28 10:07:43.0156 0488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/28 10:07:43.0234 0488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/28 10:07:43.0328 0488 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/28 10:07:43.0390 0488 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/28 10:07:43.0453 0488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/28 10:07:43.0531 0488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/28 10:07:43.0671 0488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/28 10:07:43.0953 0488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/28 10:07:44.0046 0488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/28 10:07:44.0187 0488 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
2011/06/28 10:07:44.0218 0488 Boot (0x1200) (2621dbdad07b6b0917d308ab09f4dbbc) \Device\Harddisk0\DR0\Partition0
2011/06/28 10:07:44.0250 0488 Boot (0x1200) (711079c8558bb0687861e9a8285d1b1d) \Device\Harddisk1\DR3\Partition0
2011/06/28 10:07:44.0265 0488 ================================================================================
2011/06/28 10:07:44.0265 0488 Scan finished
2011/06/28 10:07:44.0265 0488 ================================================================================
2011/06/28 10:07:44.0296 0340 Detected object count: 0
2011/06/28 10:07:44.0296 0340 Actual detected object count: 0

Thanks,

Jim

Member Avatar for jholland1964

Try running this to correct the problem with the .exe's
http://www.winhelponline.com/exefix_xp.com

run that and reboot. Report back with the results.

Edited by jholland1964 because: n/a
Member Avatar for jimfive

Thanks, but it did not help. I am actually working on regular mode, but here are the problems:
.exe files are not working, I get the "what do you want to use to open this file..."
Word and Excel (also from the System Tray) say: Application not Found
The only thing running next to the clock is Volume & Safely Remove Hardware, etc. and my StartUp Folder is empty.
I can get to the internet by clicking on a link shortcut on my desktop, I can open Excel by opening a specific file on my desktop. I am not sure what to try next. Did my StartUp folder get saved as a diff name on my machine somewhere, or was it completely wiped out?

Thanks,

Jim

Member Avatar for jimfive

Try running this to correct the problem with the .exe's
http://www.winhelponline.com/exefix_xp.com

run that and reboot. Report back with the results.

No, sorry, no change. Not what I was hoping for.

Thank you though, Jim

Member Avatar for jholland1964

Not sure what to tell you Jim, perhaps another will have a fix for you. By the way, you asked about automatic updates with MBA-M, auto updates is only available with the PAID version, not with the Free version.

Member Avatar for jak0b

have you tried to boot from the windows install disk, and select the repair option?

Might be worth it.

You will ofc. revert all settings to defaults, but all your stuff will be in the usual places. :)

Member Avatar for jimfive

Not sure what to tell you Jim, perhaps another will have a fix for you. By the way, you asked about automatic updates with MBA-M, auto updates is only available with the PAID version, not with the Free version.

K, good to know. I will have to remember to go out there and do that.

Thanks,

Jim

Member Avatar for jimfive

Not sure what to tell you Jim, perhaps another will have a fix for you. By the way, you asked about automatic updates with MBA-M, auto updates is only available with the PAID version, not with the Free version.

So, I went back to www.dougknox.com, under WinXP Fixes, and tried a few things. I downloaded:
EXE File Association Fix
Folder Association Fix
LNK (Shortcut) File Association Fix
Internet Explorer Desktop Icon Fix

-reboot-

so far it seems success! As soon as the machine came up, eSET started running, and I had automatically loading standard stuff in the tray. All exe files seem to work now. Unfortunately, I do not know if one or multiple things I downloaded did the trick, but I am up and running, and most important, able to run AutoCAD and Alibre, so I am able to do my job.
Could I hold off a day, make sure all is good, and then close this thread?
In the meantime, THANKS SO MUCH for all the help!

Jim

Member Avatar for jholland1964

That's great Jim. Take as long as you want to be sure things are fixed. That's what we are wanting, things to be fixed and you are the only one who can judge that. Keep us posted.

Member Avatar for jimfive

Everything looks good. I will close out the thread. Thanks for all your help.

Jim

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.