ericm301

And part two: ========== Files - Modified Within 30 Days ========== [2011/05/23 05:14:12 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3B5AEC8-5BC8-4D2E-9E86-90C0F73943C3}.job [2011/05/23 05:13:36 | 000,003,725 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011/05/23 05:13:29 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/23 05:13:29 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/05/23 05:12:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/22 22:11:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2011/05/22 07:58:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/21 07:46:11 | 000,468,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/05/21 07:46:11 | 000,082,986 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/05/16 17:05:47 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.zip [2011/05/16 17:05:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat [2011/05/16 17:03:26 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe [2011/05/13 05:16:41 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe [2011/05/12 20:10:56 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pleasework.zip [2011/05/09 04:58:06 | 004,343,965 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\eric.com [2011/05/09 04:57:04 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BleepingComputer.com.url [2011/05/09 04:48:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/08 23:31:20 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/08 17:08:35 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2011/05/04 17:49:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe [2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\pleasework.exe [2011/04/26 18:42:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable [2011/04/26 18:40:52 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\8vynktox.exe [2011/04/26 18:40:24 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.com [2011/04/26 18:39:59 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe [2011/04/25 07:18:49 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476 [2011/04/25 07:18:48 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19783476r [2011/04/25 07:18:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19783476 [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/21 00:40:39 | 000,044,524 | ---- | C] () -- C:\WINDOWS\System32\drivers\EL99XRUN.OUT [2011/05/21 00:40:39 | 000,018,415 | ---- | C] () -- C:\WINDOWS\System32\drivers\AX88140.sys [2011/05/21 00:40:38 | 000,026,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\eh10nds.sys [2011/05/21 00:40:37 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcrypt.sys [2011/05/21 00:40:37 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\dc_fsf.sys [2011/05/21 00:40:37 | 000,003,073 | ---- | C] () -- C:\WINDOWS\System32\drivers\dummy.sys [2011/05/21 00:40:36 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\3WDRV100.SYS [2011/05/21 00:40:36 | 000,048,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\3WAREGSM.SYS [2011/05/21 00:40:36 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\MV614X.SYS [2011/05/21 00:40:05 | 000,261,325 | ---- | C] () -- C:\WINDOWS\System32\drivers\wavs.ex_ [2011/05/21 00:40:04 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys.vir [2011/05/21 00:40:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\drivers\Toshiba_Qosmio E15_22569.MRK [2011/05/21 00:40:02 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys [2011/05/21 00:40:02 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbios.inf [2011/05/21 00:40:01 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\drivers\RT25USBAP.CAT [2011/05/21 00:39:59 | 000,083,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\ptzipw32.dl_ [2011/05/21 00:39:59 | 000,017,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\printray.ex_ [2011/05/21 00:39:59 | 000,015,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\printray.dl_ [2011/05/21 00:39:58 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2011/05/21 00:39:56 | 000,808,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaedriv.dl_ [2011/05/21 00:39:56 | 000,366,868 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaesw32.ex_ [2011/05/21 00:39:56 | 000,269,587 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaetstp.ou_ [2011/05/21 00:39:56 | 000,191,353 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxsupmon.ex_ [2011/05/21 00:39:56 | 000,125,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaetstk.ou_ [2011/05/21 00:39:56 | 000,122,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaestrn.dl_ [2011/05/21 00:39:56 | 000,109,934 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaealgn.ou_ [2011/05/21 00:39:56 | 000,096,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexpps.ex_ [2011/05/21 00:39:56 | 000,088,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaecln.ou_ [2011/05/21 00:39:56 | 000,088,406 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaeclnk.ou_ [2011/05/21 00:39:56 | 000,062,444 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaealgk.ou_ [2011/05/21 00:39:56 | 000,056,151 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaecaln.ou_ [2011/05/21 00:39:56 | 000,033,981 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxsmunin.ex_ [2011/05/21 00:39:56 | 000,032,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaepp.dl_ [2011/05/21 00:39:56 | 000,031,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\lex_psu.ex_ [2011/05/21 00:39:56 | 000,030,858 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaeui.dl_ [2011/05/21 00:39:56 | 000,024,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaentcp.hl_ [2011/05/21 00:39:56 | 000,023,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaekaln.ou_ [2011/05/21 00:39:56 | 000,019,532 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaeunst.ex_ [2011/05/21 00:39:56 | 000,016,385 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaentui.hl_ [2011/05/21 00:39:56 | 000,013,781 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexreg.ex_ [2011/05/21 00:39:56 | 000,006,559 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxae.inf [2011/05/21 00:39:56 | 000,006,315 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexstat.dl_ [2011/05/21 00:39:56 | 000,005,199 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxsupmon.hl_ [2011/05/21 00:39:56 | 000,004,148 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaehh.hl_ [2011/05/21 00:39:56 | 000,003,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxae.in_ [2011/05/21 00:39:56 | 000,002,989 | ---- | C] () -- C:\WINDOWS\System32\drivers\license.tx_ [2011/05/21 00:39:56 | 000,001,814 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaerme.do_ [2011/05/21 00:39:56 | 000,001,215 | ---- | C] () -- C:\WINDOWS\System32\drivers\lxaentd$.in_ [2011/05/21 00:39:56 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexstat.in_ [2011/05/21 00:39:56 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexwww.ht_ [2011/05/21 00:39:55 | 000,147,385 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexbces.ex_ [2011/05/21 00:39:55 | 000,112,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexp2p32.dl_ [2011/05/21 00:39:55 | 000,107,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexlmpm.dl_ [2011/05/21 00:39:55 | 000,094,858 | ---- | C] () -- C:\WINDOWS\System32\drivers\lex2kusb.dl_ [2011/05/21 00:39:55 | 000,084,845 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexdrvin.ex_ [2011/05/21 00:39:55 | 000,062,930 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexbce.dl_ [2011/05/21 00:39:55 | 000,044,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexgo1.ex_ [2011/05/21 00:39:55 | 000,036,898 | ---- | C] () -- C:\WINDOWS\System32\drivers\ledf.dl_ [2011/05/21 00:39:55 | 000,022,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ldeei.dl_ [2011/05/21 00:39:55 | 000,005,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\lexdwnld.dl_ [2011/05/21 00:39:54 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls [2011/05/21 00:39:54 | 000,084,255 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlp25632.dl_ [2011/05/21 00:39:54 | 000,043,879 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlp256.dl_ [2011/05/21 00:39:53 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2011/05/21 00:39:53 | 000,037,770 | ---- | C] () -- C:\WINDOWS\System32\drivers\duplex2.pr_ [2011/05/21 00:39:53 | 000,037,650 | ---- | C] () -- C:\WINDOWS\System32\drivers\duplex1.pr_ [2011/05/21 00:39:53 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\services [2011/05/21 00:39:53 | 000,003,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam [2011/05/21 00:39:53 | 000,000,799 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol [2011/05/21 00:39:53 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2011/05/21 00:39:53 | 000,000,407 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\networks [2011/05/21 00:39:52 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2011/05/21 00:39:52 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS [2011/05/21 00:39:52 | 000,007,179 | ---- | C] () -- C:\WINDOWS\System32\drivers\contact.hl_ [2011/05/16 17:05:47 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.zip [2011/05/16 17:05:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat [2011/05/13 05:16:34 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe [2011/05/12 20:10:56 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pleasework.zip [2011/05/09 04:58:06 | 004,343,965 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\eric.com [2011/05/09 04:57:04 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BleepingComputer.com.url [2011/05/09 04:48:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/05/09 04:48:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/05/09 04:48:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/05/09 04:48:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/05/09 04:48:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/05/09 04:48:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/08 17:08:35 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2011/04/26 18:42:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable [2011/04/26 18:40:48 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\8vynktox.exe [2011/04/26 18:40:20 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.com [2011/04/26 18:39:58 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe [2011/04/25 07:18:48 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19783476r [2011/04/25 07:18:48 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19783476 [2011/04/25 07:18:45 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19783476 [2011/02/21 16:09:42 | 000,104,156 | ---- | C] () -- C:\WINDOWS\hpoins04.dat [2011/02/21 16:09:42 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat [2010/09/26 13:02:34 | 000,078,231 | ---- | C] () -- C:\WINDOWS\System32\rxtxSerial.dll [2010/09/26 13:02:34 | 000,047,421 | ---- | C] () -- C:\WINDOWS\System32\rxtxParallel.dll [2010/08/31 21:46:00 | 000,029,692 | ---- | C] () -- C:\WINDOWS\System32\sintfnt.dll [2010/08/31 21:46:00 | 000,017,828 | ---- | C] () -- C:\WINDOWS\System32\sintf32.dll [2010/08/31 21:46:00 | 000,012,066 | ---- | C] () -- C:\WINDOWS\System32\sintf16.dll [2009/12/13 15:19:27 | 000,063,748 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/12/07 20:14:28 | 000,008,432 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_audio.Cache [2009/12/07 20:14:28 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image.Cache [2009/11/15 16:35:00 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\keyfile3.drm [2009/08/13 02:41:14 | 000,001,782 | ---- | C] () -- C:\WINDOWS\PFA170.ini [2009/07/27 11:56:56 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin [2009/07/18 10:09:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Dance Kit [2009/07/18 10:09:54 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Owner\Application Data\Contextual Menu Items [2009/07/18 10:09:54 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2009/03/18 16:02:45 | 000,000,291 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2009/03/18 16:02:32 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2009/02/23 17:36:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2008/06/30 13:10:34 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2008/06/30 13:10:31 | 000,177,152 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2008/04/10 16:06:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2008/03/27 13:58:29 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2008/03/27 13:58:27 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2008/03/27 13:54:38 | 000,009,518 | ---- | C] () -- C:\WINDOWS\hplj42504350.ini [2008/03/27 13:54:18 | 000,001,474 | ---- | C] () -- C:\WINDOWS\mariner.ini [2008/03/19 10:41:11 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2008/03/19 10:41:11 | 000,000,013 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2008/03/19 10:41:11 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2008/03/19 10:41:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5170dn.ini [2008/03/19 10:41:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2008/03/19 10:41:10 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2008/03/19 10:41:10 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2008/03/19 10:40:57 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008/03/19 10:40:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/03/19 10:40:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2008/03/14 18:28:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini [2007/09/20 11:52:58 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/07/26 15:22:12 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/22 10:11:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SNMP_PP.DLL [2007/05/09 11:18:50 | 000,038,469 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR [2007/05/09 08:33:45 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\11DEC33AAC.dll [2007/05/04 09:10:35 | 000,000,502 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2007/05/04 09:10:35 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini [2007/05/03 13:05:23 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI [2007/05/03 12:56:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2007/05/03 10:34:44 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2005/10/14 02:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005/10/14 02:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005/10/14 02:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe [2005/10/14 02:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005/10/14 02:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005/10/14 02:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005/10/14 02:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005/10/14 02:56:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL [2005/10/14 02:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2005/10/14 02:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll [2005/10/14 02:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/07/22 17:34:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/07/19 14:22:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2004/07/19 13:23:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2004/07/19 12:54:09 | 000,001,179 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2004/07/19 12:51:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/07/19 12:19:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe [2004/07/19 12:03:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2004/07/19 11:50:29 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2004/07/19 11:50:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2004/07/19 11:50:29 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2004/07/19 11:50:29 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2004/07/19 11:45:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2004/07/19 11:30:38 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\nvudisp.exe [2004/07/19 11:20:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe [2004/07/19 11:11:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe [2004/07/19 10:28:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/07/19 10:25:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/07/19 10:23:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/07/19 10:17:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/07/19 09:50:55 | 000,000,381 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/07/19 09:47:09 | 000,468,946 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/07/19 09:47:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/07/19 09:47:09 | 000,082,986 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/07/19 09:47:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/07/19 09:47:08 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/07/19 09:47:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/07/19 09:47:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/07/19 09:46:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/07/19 09:46:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/07/19 09:46:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/07/19 09:46:27 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/07/19 03:10:26 | 000,004,633 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/07/19 03:09:31 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/06/21 10:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/06/17 10:54:18 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll [2004/06/17 10:47:48 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll [2004/06/17 10:11:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2004/06/01 17:22:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2004/01/13 18:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2003/11/12 03:54:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/07/29 15:33:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll [2003/04/17 12:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2003/04/17 12:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll [2002/06/04 09:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2002/03/29 04:44:54 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\LXSMUNIN.EXE [2002/03/29 04:44:52 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\LEX_PSU.EXE [2002/03/29 04:44:52 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL [1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL [1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL [1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6E9EB6C < End of report >

Here's the log from OTL.exe, in two parts: OTL logfile created on: 5/23/2011 5:14:36 AM - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.51% Memory free 5.36 Gb Paging File | 5.05 Gb Available in Paging File | 94.30% Paging File free Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.44 Gb Total Space | 29.62 Gb Free Space | 39.79% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/22 22:11:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe PRC - [2011/05/03 10:53:45 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe PRC - [2009/08/13 03:52:22 | 000,028,456 | R--- | M] (Sage Software, Inc.) -- C:\Program Files\Sage\Peachtree\PeachtreePrefetcher.exe PRC - [2009/02/03 11:32:00 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\SysInternals\Utilities\procexp.exe PRC - [2008/10/02 09:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/06/10 19:59:56 | 001,422,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2004/07/16 15:24:34 | 000,638,976 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe PRC - [2004/06/29 18:04:10 | 001,077,326 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe PRC - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe PRC - [2004/03/02 13:45:28 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2003/12/16 16:47:42 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe PRC - [2003/12/16 16:43:06 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe PRC - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe PRC - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002/03/29 04:44:54 | 000,794,112 | ---- | M] (Lexmark) -- C:\WINDOWS\system32\LXSUPMON.EXE ========== Modules (SafeList) ========== MOD - [2011/05/22 22:11:15 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9) SRV - File not found [Auto | Stopped] -- -- (psqlWGE) SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart) SRV - [2009/11/02 13:17:00 | 001,098,968 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2) SRV - [2009/03/24 17:21:14 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Galleon\bin\Wrapper.exe -- (Galleon) SRV - [2005/06/10 19:59:56 | 001,422,336 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor) SRV - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc) SRV - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - [2011/04/11 05:49:04 | 000,175,488 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\DAC960NT.SYS -- (dac960nt) DRV - [2011/04/11 05:49:04 | 000,045,462 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\PERC2.SYS -- (perc2) DRV - [2011/04/11 05:49:04 | 000,020,256 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\DPTI2O.SYS -- (dpti2o) DRV - [2010/12/15 04:02:13 | 000,033,912 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv) DRV - [2010/12/15 04:02:06 | 000,010,744 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw) DRV - [2009/07/18 10:48:55 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP) DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/04 09:00:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2007/05/02 09:49:12 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x) DRV - [2007/02/08 06:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog) DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2005/11/30 10:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/06/10 19:58:16 | 000,298,571 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005/01/26 04:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2004/07/10 01:04:52 | 000,822,016 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ttv200x.sys -- (ttv200x) DRV - [2004/07/02 09:50:14 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2004/06/24 10:35:48 | 000,048,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2004/06/03 11:45:22 | 000,057,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2004/06/03 11:44:58 | 000,092,544 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd) DRV - [2004/05/17 15:18:24 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec) DRV - [2004/05/08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2004/05/06 14:35:08 | 000,018,308 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004/04/19 12:02:48 | 000,062,959 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2004/04/09 12:33:36 | 000,045,598 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte) DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/01/30 10:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf) DRV - [2004/01/02 02:52:34 | 001,646,720 | ---- | M] (Intel

So, I got the system to boot on it's own by copying all the sys files from hiren's mini xp to my system32/drivers/ folder. I was able to get my WinXP(Pro) install cd to boot, but some of the drivers were different version numbers, and hiren's matched. Laptop has WinXP, Media Center Edition, which must be based on the Home Edition. Now it boots but no network, no internet. The wireless adapter connects to my router, and gets IP/DNS info, but IE still says 'Offline.' Tried everything I can think of to get it back online, it keeps wanting to connect to my old VPN. Won't delete the connection either. Probably wrecked some settings somewhere... DSS still hangs. TDSSKiller runs (AHA!) but finds nothing (snap!).I can download stuff onto the laptop by booting hiren's cd, connecting and downloading, then booting back into the HD. I ran OTL right before I left for work this morning. I will post its logs this afternoon. Back then...

This is really getting interesting. I'm half expecting to see a black screen, with the words: You are in a maze of twisty little passages, all alike. There is a lamp at your feet. What do you want to do? > Anyway, here's what's going on: Avira scanned and found 8 infected files, Trojan/AntiHosts.Gen and Trojan/Patched.Gen, and some Java exploit sigs. It scanned and cleaned or renamed them, but now the machine won't boot the HD, even to safe mode. I get Windows > BSOD flash > restart > lather > rinse > repeat I am following the instructions on the Avira site, and creating a Windows Boot CD, and will scan after booting that. Back soon...

Avira is scanning my system now. Had an interesting time firguring out how to get the machine to boot the disk. Will post results soon...

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software Run date: 2011-05-16 17:03:43 ----------------------------- 17:03:43.156 OS Version: Windows 5.1.2600 Service Pack 3 17:03:43.156 Number of processors: 1 586 0xD06 17:03:43.156 ComputerName: LAPTOP UserName: Owner 17:03:43.467 Initialize success 17:03:51.268 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 17:03:51.268 Disk 0 Vendor: ST980815A 3.ALC Size: 76222MB BusType: 3 17:03:53.311 Disk 0 MBR read successfully 17:03:53.311 Disk 0 MBR scan 17:03:53.311 Disk 0 unknown MBR code 17:03:55.314 Disk 0 scanning sectors +156103605 17:03:55.754 Disk 0 scanning C:\WINDOWS\system32\drivers 17:04:06.049 Service scanning 17:04:07.531 Disk 0 trace - called modules: 17:04:07.541 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a6821ed]<< 17:04:07.541 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e5ab8] 17:04:07.541 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a7299e8] 17:04:07.551 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6e9940] 17:04:07.551 \Driver\atapi[0x8a7902f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a6821ed 17:04:07.551 Scan finished successfully 17:05:18.934 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat" 17:05:18.944 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt" And: MBR.zip Glad to have a tool actually finish...I was getting worried. Thanks!

TDSSKiller.exe would not run. Both of the other logs are below. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=87e6fb19108ceb4fb610574d614db593 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-13 05:00:50 # local_time=2011-05-12 10:00:50 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=108154 # found=2 # cleaned=2 # scan_time=3654 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\31410a01-3a267a74 Java/Exploit.CVE-2010-3562.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\de78250-1b674732 Java/Exploit.CVE-2009-2843.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=87e6fb19108ceb4fb610574d614db593 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-13 12:09:36 # local_time=2011-05-13 05:09:36 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=108177 # found=0 # cleaned=0 # scan_time=3473 esets_scanner_update returned -1 esets_gle=53251 # version=7 # IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=87e6fb19108ceb4fb610574d614db593 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-13 01:18:26 # local_time=2011-05-13 06:18:26 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=108188 # found=0 # cleaned=0 # scan_time=3374 Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player Adobe Reader 9.4.2 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````

I waited about 10-12 hours. I let it run all day while I was at work. I still am not able to run TDSSKiller, in normal or safe mode. I can't run DDS.com or DDS.scr ESET is running right now, just started downloading signatures. Will let it run tonight, poke at it some more in the morning.

It gets part way through, then hangs at the 'ten minutes' screen. It never starts counting. Thanks, --Eric

Thanks for getting to me. As I am typing this on my laptop, I am watching the infected laptop. All it has is a blue terminal style window and a blinking cursor. I did get through the authorization dialog, but since then, nothing. This is my third attempt. First, I downloaded it, and when I ran it, some service (TiVo protocol/interface handler) warnings and the script error dialog interrupted things. So, I killed the services, and tried a second time. Still nothing. Then I disabled the services, downloaded a fresh ComboFix, restarted, and tried again. So, that's where I'm at. Still looking at the blue terminal window on my desktop, with a blinking cursor... Also, I could never get DDS to run.

Hi, I've been waiting for a response since Friday. I know you are busy, and that you are not the source of my frustration, but I still could use some help. Please? Eric M

Hi, Chris, I have not been able to get TDSSKiller to do anything on the infected machine. When I run it with Process Explorer open, it shows up and dies right away. When I run it on my Win7 machine it opens and scans like it should. Same exact file. Seems to me something is watching for the process so it can defend itself. Something I can't see in any of the tools I have (autoruns and procexp from Sysinternals). My mbam log still shows nothing. Thanks, Eric M

Hi, Chris, I got the logs above, as you can see, but when I downloaded and tried to run TDSSKiller.exe, it did nothing. I tried running it in safe mode from a command prompt, and even that didn't work. I was able to run it on my other laptop. I think I saw another thread mention this problem. I will look, but, meanwhile, if you think of anything, pease let me know. Thanks, Eric M

OTL logfile created on: 4/29/2011 8:26:40 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.44 Gb Total Space | 14.35 Gb Free Space | 19.28% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/29 20:22:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe PRC - [2010/10/18 03:48:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe PRC - [2009/08/13 02:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe PRC - [2009/03/24 17:21:14 | 000,204,800 | ---- | M] () -- C:\Program Files\Galleon\bin\Wrapper.exe PRC - [2009/02/03 11:32:00 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\SysInternals\Utilities\procexp.exe PRC - [2008/10/02 09:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/06/10 19:59:56 | 001,422,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2004/07/16 15:24:34 | 000,638,976 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe PRC - [2004/06/29 18:04:10 | 001,077,326 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe PRC - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe PRC - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe PRC - [2004/03/02 13:45:28 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2003/12/16 16:47:42 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe PRC - [2003/12/16 16:43:06 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe PRC - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe PRC - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002/03/29 04:44:54 | 000,794,112 | ---- | M] (Lexmark) -- C:\WINDOWS\system32\LXSUPMON.EXE ========== Modules (SafeList) ========== MOD - [2011/04/29 20:22:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9) SRV - [2009/11/02 13:17:00 | 001,098,968 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2) SRV - [2009/08/13 02:04:28 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE) SRV - [2009/03/24 17:21:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Galleon\bin\Wrapper.exe -- (Galleon) SRV - [2005/06/10 19:59:56 | 001,422,336 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2003/12/16 16:42:32 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor) SRV - [2003/12/16 16:41:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc) SRV - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - [2010/12/15 04:02:13 | 000,033,912 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv) DRV - [2010/12/15 04:02:06 | 000,010,744 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw) DRV - [2009/07/18 10:48:55 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP) DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/04 09:00:00 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2007/05/02 09:49:12 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x) DRV - [2007/02/08 06:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog) DRV - [2007/02/02 05:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2007/02/02 05:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2005/11/30 10:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/06/10 19:58:16 | 000,298,571 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005/01/26 04:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2004/07/10 01:04:52 | 000,822,016 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ttv200x.sys -- (ttv200x) DRV - [2004/07/02 09:50:14 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2004/06/24 10:35:48 | 000,048,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid) DRV - [2004/06/03 11:45:22 | 000,057,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2004/06/03 11:44:58 | 000,092,544 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd) DRV - [2004/05/17 15:18:24 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec) DRV - [2004/05/08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2004/05/06 14:35:08 | 000,018,308 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004/04/19 12:02:48 | 000,062,959 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2004/04/09 12:33:36 | 000,045,598 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte) DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/01/30 10:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf) DRV - [2004/01/02 02:52:34 | 001,646,720 | ---- | M] (Intel

Thanks for your help. I ran DDS.com and DDS.scr and they both locked up the machine. Here is my mbam log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6459 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 4/27/2011 12:59:40 PM mbam-log-2011-04-27 (12-59-40).txt Scan type: Quick scan Objects scanned: 176666 Time elapsed: 10 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---*** End of mbam log file ***---