Browser/host problem after malware

**jobrown** · 2010-07-24, 01:22

the computer seems to be running fine. I can access Windows update and I'm not getting redirected to other sites when I use Explorer.

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.3.2.2 Jun 30 2010 17:23:49

Scanning Services ...

Scanning Drivers ...

Completed

Results:
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0

Press any key to continue . . .

**IndiGenus** · 2010-07-24, 01:37

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:Files
c:\windows\system32\drivers\tsk35.tmp

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the resulting OTL log

+++++++++++++++

I would like you to run the following scan: Eset Online Scanner
Run with Internet Explorer

Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button, or click the notification bar at the top of the window and choose to install.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes click the Details tab.
Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

**jobrown** · 2010-07-24, 16:12

OTL logfile created on: 7/24/2010 10:08:48 AM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Jonathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 72.92 Gb Free Space | 48.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OPTIPLEX
Current User Name: Jonathan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/05 10:51:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
PRC - [2010/05/20 18:11:48 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/20 18:10:18 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/09 14:01:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/30 18:41:14 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/09/30 18:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/09/30 18:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/08/27 10:50:40 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/06/24 19:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/06/24 19:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/06/24 19:17:34 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/02/20 05:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/22 21:14:54 | 000,921,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2005/12/22 20:21:44 | 000,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2005/12/22 20:15:46 | 000,381,014 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/01/13 00:00:30 | 000,126,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 16:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/27 16:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/03/12 00:00:30 | 000,135,168 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2004/03/12 00:00:30 | 000,090,112 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2004/02/13 10:47:02 | 000,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/18 12:00:00 | 000,200,704 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe

========== Modules (SafeList) ==========

MOD - [2010/07/05 10:51:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/14 22:50:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/30 18:41:08 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 18:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 18:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/08/27 10:50:40 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/20 16:50:30 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/06/24 19:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 19:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/12/22 20:21:44 | 000,061,526 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/03/12 00:00:30 | 000,135,168 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2004/03/12 00:00:30 | 000,090,112 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2004/02/13 10:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jonathan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/14 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100723.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100723.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/31 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/31 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/15 17:44:14 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/20 16:50:02 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/20 16:49:56 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/13 21:50:50 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_600_13487.sys -- (NEOFLTR_600_13487) Juniper Networks TDI Filter Driver (NEOFLTR_600_13487)
DRV - [2008/05/28 12:31:24 | 000,337,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/05/28 12:31:24 | 000,054,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/07/29 09:20:09 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/11/11 16:34:16 | 000,353,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/01 10:15:06 | 000,025,344 | ---- | M] (Iomega) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IABFilt.sys -- (IABFilt)
DRV - [2005/06/29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/01 16:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/24 00:52:00 | 000,007,552 | ---- | M] (PortalPlayer, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\H10USB.sys -- (PortlUSB)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/01 17:23:12 | 000,634,798 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf2.sys -- (sonypvf2)
DRV - [2003/07/01 17:12:32 | 000,430,670 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt2.sys -- (sonypvt2)
DRV - [2003/06/24 10:29:36 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2)
DRV - [2003/06/18 04:21:08 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl2.sys -- (sonypvl2)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

O1 HOSTS File: ([2010/07/17 17:11:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLPSP] c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1278412954625 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://dcconnect.rand.org/dana-cach...erSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/23 19:31:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jonathan\Recent
[2010/07/23 19:20:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/17 17:19:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/17 16:40:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/17 16:35:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/17 16:35:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/17 16:35:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/17 16:35:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/17 16:32:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/17 09:36:31 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2010/07/15 12:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/15 12:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/15 09:09:00 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Jonathan\Desktop\remover.exe
[2010/07/15 09:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\PeaZip
[2010/07/15 09:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2010/07/15 09:07:47 | 006,603,176 | ---- | C] (Giorgio Tani ) -- C:\Documents and Settings\Jonathan\Desktop\peazip-3.2.1.WINDOWS.exe
[2010/07/05 10:51:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2010/07/04 22:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/04 22:36:57 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/04 22:36:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/04 22:36:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/04 22:36:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/04 22:36:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/04 13:10:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/04 13:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/02 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/02 19:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\Threat Expert
[2010/07/02 18:59:51 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/30 23:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/30 23:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 23:17:08 | 000,000,000 | ---D | C] -- C:\c3b08df3689e6543c69b76d6
[2 C:\Documents and Settings\Jonathan\My Documents\*.tmp files -> C:\Documents and Settings\Jonathan\My Documents\*.tmp -> ]
[127 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/24 09:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/24 09:25:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/24 08:19:50 | 000,485,956 | ---- | M] () -- C:\logfile
[2010/07/24 08:07:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/24 08:05:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/24 08:05:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/24 08:05:39 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 19:31:16 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Jonathan\NTUSER.DAT
[2010/07/23 19:31:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jonathan\ntuser.ini
[2010/07/23 17:30:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/23 17:20:28 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\fix.reg
[2010/07/23 17:17:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/23 17:17:39 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\NTREGOPT.lnk
[2010/07/23 17:17:39 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\ERUNT.lnk
[2010/07/23 14:04:51 | 000,029,583 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Training objectives first draft.docx
[2010/07/23 11:58:07 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Delivery of Mental Health Services in the Patient.doc
[2010/07/21 18:20:02 | 003,739,807 | R--- | M] () -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2010/07/21 13:17:10 | 000,260,213 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\JSM 2010 Presentation 07-19-2010.pptx
[2010/07/21 13:14:04 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\SSA Transient Numbers.xls
[2010/07/21 07:51:08 | 000,143,490 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Medical homes issue brief.pdf
[2010/07/17 17:11:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/17 16:40:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/17 15:50:45 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\jamaica.doc
[2010/07/17 09:33:46 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\tdsskiller.zip
[2010/07/17 09:22:06 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe
[2010/07/15 09:08:24 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\PeaZip.lnk
[2010/07/15 09:07:47 | 006,603,176 | ---- | M] (Giorgio Tani ) -- C:\Documents and Settings\Jonathan\Desktop\peazip-3.2.1.WINDOWS.exe
[2010/07/15 09:05:49 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\bootkit_remover.rar
[2010/07/05 13:27:04 | 000,293,376 | ---- | M] () -- C:\7fuz0599.exe
[2010/07/05 10:51:26 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\link.doc
[2010/07/05 10:51:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2010/07/05 08:27:35 | 000,008,886 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\kasp report.html
[2010/07/05 00:42:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Jonathan\My Documents\GA Schools.doc
[2010/07/04 22:36:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/04 22:36:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/04 22:36:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/04 22:36:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/04 22:36:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/04 21:21:32 | 080,398,104 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\jdk-6u20-windows-i586.exe
[2010/07/02 19:25:46 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\HijackThis.lnk
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2010/06/29 23:16:45 | 000,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/29 23:16:45 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/29 23:16:45 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\Documents and Settings\Jonathan\My Documents\*.tmp files -> C:\Documents and Settings\Jonathan\My Documents\*.tmp -> ]
[127 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 17:20:28 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\fix.reg
[2010/07/21 18:16:08 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Jonathan\CFScript.txt
[2010/07/21 17:43:57 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Delivery of Mental Health Services in the Patient.doc
[2010/07/21 13:17:09 | 000,260,213 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\JSM 2010 Presentation 07-19-2010.pptx
[2010/07/21 11:08:58 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\SSA Transient Numbers.xls
[2010/07/21 07:58:03 | 000,029,583 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Training objectives first draft.docx
[2010/07/21 07:51:08 | 000,143,490 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Medical homes issue brief.pdf
[2010/07/17 16:40:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/17 16:40:17 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/17 16:35:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/17 16:35:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/17 16:35:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/17 16:35:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/17 16:35:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/17 16:34:27 | 003,739,807 | R--- | C] () -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2010/07/17 14:52:51 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\jamaica.doc
[2010/07/17 09:33:35 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\tdsskiller.zip
[2010/07/17 09:22:06 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe
[2010/07/15 09:08:24 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\PeaZip.lnk
[2010/07/15 09:05:44 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\bootkit_remover.rar
[2010/07/05 13:27:01 | 000,293,376 | ---- | C] () -- C:\7fuz0599.exe
[2010/07/05 08:27:35 | 000,008,886 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\kasp report.html
[2010/07/05 00:08:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Jonathan\My Documents\GA Schools.doc
[2010/07/04 21:21:32 | 080,398,104 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\jdk-6u20-windows-i586.exe
[2010/07/04 20:59:38 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\link.doc
[2010/07/04 13:10:17 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/04 13:10:04 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\NTREGOPT.lnk
[2010/07/04 13:10:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\ERUNT.lnk
[2010/07/02 19:25:46 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\HijackThis.lnk
[2010/07/02 18:59:53 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/02/15 18:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/11/05 14:40:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2007/11/05 14:40:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2006/08/09 23:41:41 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/08/09 23:41:40 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/08/04 22:02:52 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/08/04 22:02:52 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/08/04 16:00:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/04 15:22:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/07/29 09:24:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/29 09:18:06 | 000,000,190 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/29 08:58:28 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========

< :Files >

< c:\windows\system32\drivers\tsk35.tmp >
[1 c:\windows\system32\drivers\*.tmp files -> c:\windows\system32\drivers\*.tmp -> ]

< >

< :Commands >

< [emptytemp] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

**IndiGenus** · 2010-07-24, 17:19

Okay I will await the results from the ESET scan before we proceed.

**jobrown** · 2010-07-24, 19:53

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=78a2746903e719478e3bf17d62830aec
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-24 03:58:57
# local_time=2010-07-24 11:58:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1782137 1782137 0 0
# compatibility_mode=1024 16777215 100 0 4127922 4127922 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 4102176 77564434 0 0
# scanned=173045
# found=104
# cleaned=0
# scan_time=5456
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153730.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153734.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153735.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153736.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153737.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153738.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153739.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153740.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153741.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153742.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153749.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153753.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153754.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225130.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225131.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225132.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225133.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225134.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225135.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225136.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225138.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225139.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101639.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101640.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101641.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101642.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101643.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101644.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101645.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232814.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232822.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232823.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232824.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232825.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232826.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232827.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232828.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232829.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232830.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232831.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232832.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232833.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232834.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232835.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233406.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233408.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233409.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233410.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233411.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233412.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233413.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233414.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233415.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073036.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073037.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073038.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073039.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073040.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073041.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073042.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073043.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073044.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163932.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163933.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163934.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163935.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163936.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163937.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163938.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163939.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163940.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174038.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174039.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174040.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174041.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174042.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174043.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174044.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174045.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174046.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174047.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233849.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233851.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233852.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233853.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233854.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233857.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233858.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233859.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233900.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233901.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233902.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233903.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233904.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101124.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101126.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101127.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101128.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101129.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101130.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101131.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101132.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101133.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101134.backup Win32/Qhost trojan 00000000000000000000000000000000 I

**IndiGenus** · 2010-07-25, 15:46

Just need to clean out some leftovers. The items ESET found are the infected backup hosts files that were created when you used OTM to solve your HOSTS issue. They will be cleaned out when we clean up the tools.

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log

**jobrown** · 2010-07-25, 17:26

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Jonathan
->Temp folder emptied: 1479810 bytes
->Temporary Internet Files folder emptied: 57579202 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 6035 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 4842 bytes
->Flash cache emptied: 20064 bytes

User: Regina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 12118833 bytes
->Flash cache emptied: 579 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 153312311 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 68224 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 11621251 bytes
RecycleBin emptied: 41361 bytes

Total Files Cleaned = 226.00 mb

OTL by OldTimer - Version 3.2.7.1 log created on 07252010_105702

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6DA9.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6DB4.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E33.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E40.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E92.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E9D.tmp not found!
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\UH6SF40L\welcome[4].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\UH6SF40L\_;ord=0[2].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\md[1].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\showthread[1].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\st[2] moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\_;ord=0[3].htm moved successfully.

Registry entries deleted on Reboot...

Thread: Browser/host problem after malware

Thread Tools

Display

Hybrid View

Posting Permissions