Browser/host problem after malware

Status
Not open for further replies.
Backup Your Registry with ERUNT

* Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
* For version with the Installer:
Use the setup program to install ERUNT on your computer
* For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Open Notepad (press Start->Run, enter notepad and press OK)
Copy everything inside the code box below (Starting with Windows Registry Editor Version 5.00) and paste it into a new notepad file.
Change the Save As Type to All Files and save it as fix.reg to your Desktop.

Note: Please copy and paste all the text at once, and check that there is NO blank line above REGEDIT4 and one blank line at the bottom.
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCI]
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,70,00,63,00,69,00,2e,00,73,00,79,\
  00,73,00,00,00

Then double-click on the fix.reg file, and when it prompts to merge say yes.

Please run combofix again and post the log.
 
ComboFix 10-07-21.01 - Jonathan 07/23/2010 17:24:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2759 [GMT -4:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-17 21:19 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-15 16:50 . 2010-07-15 16:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\documents and settings\Jonathan\Application Data\PeaZip
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\program files\PeaZip
2010-07-05 17:27 . 2010-07-05 17:27 293376 ----a-w- C:\7fuz0599.exe
2010-07-05 02:37 . 2010-07-05 02:37 -------- d-----w- c:\program files\Sun
2010-07-05 02:36 . 2010-07-05 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 17:10 . 2010-07-23 21:17 -------- d-----w- c:\program files\ERUNT
2010-07-02 23:25 . 2010-07-02 23:25 -------- d-----w- c:\program files\Trend Micro
2010-07-02 23:17 . 2010-07-02 23:17 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Threat Expert
2010-06-30 03:17 . 2010-06-30 03:17 -------- d-----w- C:\c3b08df3689e6543c69b76d6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 21:23 . 2009-02-15 21:43 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-22 11:14 . 2010-06-01 10:57 6159294 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-22 11:12 . 2008-02-06 20:48 -------- d-----w- c:\program files\Spyware Doctor
2010-07-21 12:05 . 2008-02-06 20:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-17 23:57 . 2006-08-04 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-17 13:35 . 2010-07-17 13:35 68224 ----a-w- c:\windows\system32\drivers\tsk35.tmp
2010-07-05 02:34 . 2006-07-29 13:13 -------- d-----w- c:\program files\Java
2010-07-01 02:55 . 2010-07-01 03:01 1584128 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB7B.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB79.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB7A.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB78.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB77.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB76.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB75.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB73.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB74.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB72.tmp
2010-07-01 02:53 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB71.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB70.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6F.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6E.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB6D.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6B.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6C.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB69.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6A.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB68.tmp
2010-07-01 02:51 . 2010-07-01 02:51 1584128 ----a-w- c:\windows\Internet Logs\xDBB32.tmp
2010-07-01 02:50 . 2010-07-01 02:50 8192 ----a-w- c:\windows\Internet Logs\xDBB05.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAF3.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF4.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAF1.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF2.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEF.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF0.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAED.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEE.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEC.tmp
2010-07-01 02:48 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAEA.tmp
2010-07-01 02:48 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEB.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8704 ----a-w- c:\windows\Internet Logs\xDBAE9.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8192 ----a-w- c:\windows\Internet Logs\xDBAE8.tmp
2010-07-01 02:48 . 2010-07-01 02:48 24064 ----a-w- c:\windows\Internet Logs\xDBAE7.tmp
2010-06-29 21:26 . 2010-05-25 11:59 439816 ----a-w- c:\documents and settings\Jonathan\Application Data\Real\Update\setup3.10\setup.exe
2010-06-19 01:52 . 2007-12-08 23:19 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-06-19 01:52 . 2007-12-08 23:17 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-06-14 14:31 . 2004-08-11 21:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 13:53 . 2007-09-24 01:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Apple Computer
2010-05-31 23:45 . 2010-05-31 23:45 503808 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcp71.dll
2010-05-31 23:45 . 2010-05-31 23:45 499712 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\jmc.dll
2010-05-31 23:45 . 2010-05-31 23:45 348160 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcr71.dll
2010-05-31 23:45 . 2010-05-31 23:45 61440 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-sse.dll
2010-05-31 23:45 . 2010-05-31 23:45 12800 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-d3d.dll
2010-05-27 11:08 . 2010-05-27 11:08 49674 ----a-w- c:\windows\Internet Logs\GLB40_2nd_2010_05_27_00_01_01.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49307 ----a-w- c:\windows\Internet Logs\GLB39_2nd_2010_05_26_23_59_44.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49226 ----a-w- c:\windows\Internet Logs\GLB32_2nd_2010_05_26_23_59_31.dmp.zip
2010-05-27 03:49 . 2009-02-15 18:34 -------- d-----w- c:\program files\AVG
2010-05-27 03:47 . 2010-05-27 03:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\CheckPoint
2010-05-27 03:46 . 2009-02-15 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-27 03:45 . 2010-05-27 03:45 -------- d-----w- c:\program files\CheckPoint
2010-05-27 03:45 . 2010-05-27 03:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-27 02:59 . 2006-08-04 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-27 02:11 . 2010-05-27 02:11 -------- d-----w- c:\documents and settings\Regina\Application Data\Malwarebytes
2010-05-27 02:06 . 2010-05-27 02:06 -------- d-----w- c:\documents and settings\Regina\Application Data\Apple Computer
2010-05-20 22:10 . 2010-05-27 03:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-20 22:10 . 2010-05-27 03:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-20 22:10 . 2010-05-27 03:45 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-06 10:41 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 21:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-23 18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-23 18:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-07-17_21.11.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 11:33 . 2010-07-23 11:33 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
+ 2004-08-04 03:07 . 2008-04-13 17:36 68224 c:\windows\system32\drivers\pci.sys
- 2004-08-04 03:07 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys
+ 2004-08-04 03:07 . 2008-04-13 17:36 68224 c:\windows\system32\dllcache\pci.sys
+ 2010-07-23 11:46 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-23-2010\ERDNT.EXE
+ 2010-07-22 11:20 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-22-2010\ERDNT.EXE
+ 2010-07-21 11:40 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-21-2010\ERDNT.EXE
+ 2010-07-20 00:36 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-19-2010\ERDNT.EXE
+ 2010-07-18 12:25 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-18-2010\ERDNT.EXE
+ 2010-07-23 21:18 . 2005-10-20 16:02 163328 c:\windows\ERDNT\7-23-2010\ERDNT.EXE
+ 2010-07-23 11:46 . 2010-07-23 11:46 3395584 c:\windows\ERDNT\AutoBackup\7-23-2010\Users\00000002\UsrClass.dat
+ 2010-07-23 11:46 . 2010-07-23 11:46 9334784 c:\windows\ERDNT\AutoBackup\7-23-2010\Users\00000001\NTUSER.DAT
+ 2010-07-22 11:20 . 2010-07-22 11:20 3395584 c:\windows\ERDNT\AutoBackup\7-22-2010\Users\00000002\UsrClass.dat
+ 2010-07-22 11:20 . 2010-07-22 11:20 9318400 c:\windows\ERDNT\AutoBackup\7-22-2010\Users\00000001\NTUSER.DAT
+ 2010-07-21 11:39 . 2010-07-21 11:39 3395584 c:\windows\ERDNT\AutoBackup\7-21-2010\Users\00000002\UsrClass.dat
+ 2010-07-21 11:39 . 2010-07-21 11:39 9318400 c:\windows\ERDNT\AutoBackup\7-21-2010\Users\00000001\NTUSER.DAT
+ 2010-07-20 00:36 . 2010-07-20 00:36 3395584 c:\windows\ERDNT\AutoBackup\7-19-2010\Users\00000002\UsrClass.dat
+ 2010-07-20 00:36 . 2010-07-20 00:36 9318400 c:\windows\ERDNT\AutoBackup\7-19-2010\Users\00000001\NTUSER.DAT
+ 2010-07-18 12:25 . 2010-07-18 12:25 3395584 c:\windows\ERDNT\AutoBackup\7-18-2010\Users\00000002\UsrClass.dat
+ 2010-07-18 12:25 . 2010-07-18 12:25 9318400 c:\windows\ERDNT\AutoBackup\7-18-2010\Users\00000001\NTUSER.DAT
+ 2010-07-23 21:19 . 2010-07-23 21:19 3395584 c:\windows\ERDNT\7-23-2010\Users\00000002\UsrClass.dat
+ 2010-07-23 21:19 . 2010-07-23 21:19 9334784 c:\windows\ERDNT\7-23-2010\Users\00000001\NTUSER.DAT
+ 2006-08-23 12:59 . 2010-07-02 19:39 34045896 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
JHSecure VPN Client.lnk - c:\program files\JHSecure\VPN Client\vpngui.exe [2006-8-9 1524776]
Kodak EasyShare software.lnk - c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-8 118784]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-7-29 921704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jonathan\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [8/29/2006 5:41 PM 25344]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [8/4/2006 10:22 PM 19478]
R1 NEOFLTR_600_13487;Juniper Networks TDI Filter Driver (NEOFLTR_600_13487);c:\windows\system32\drivers\NEOFLTR_600_13487.sys [8/13/2008 9:50 PM 64160]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [8/4/2006 10:22 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [8/4/2006 10:22 PM 430670]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [8/4/2006 4:26 PM 135168]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [7/29/2006 9:15 AM 61526]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [5/31/2010 5:47 PM 102448]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [8/4/2006 10:22 PM 64093]
S2 gupdate1c99473f33209e4;Google Update Service (gupdate1c99473f33209e4);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 6:30 PM 133104]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [6/24/2004 12:52 AM 7552]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 6:41 PM 116664]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11 PM 56448]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd23

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\PRISMAPI.DLL
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(4452)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-23 17:32:13
ComboFix-quarantined-files.txt 2010-07-23 21:32
ComboFix2.txt 2010-07-21 22:37
ComboFix3.txt 2010-07-17 21:16

Pre-Run: 80,549,703,680 bytes free
Post-Run: 80,554,008,576 bytes free

- - End Of File - - F28C0642571F99F9E9E44059DB31641F
 
Okay good, please run TDSSKiller one more time and post the log.

Let me know how it's running at this point too please.
 
the computer seems to be running fine. I can access Windows update and I'm not getting redirected to other sites when I use Explorer.

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.3.2.2 Jun 30 2010 17:23:49

Scanning Services ...

Scanning Drivers ...

Completed

Results:
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0

Press any key to continue . . .
 
Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :Files
c:\windows\system32\drivers\tsk35.tmp

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the resulting OTL log

+++++++++++++++

I would like you to run the following scan: Eset Online Scanner
Run with Internet Explorer
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button, or click the notification bar at the top of the window and choose to install.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
 
OTL logfile created on: 7/24/2010 10:08:48 AM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Jonathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 72.92 Gb Free Space | 48.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OPTIPLEX
Current User Name: Jonathan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/05 10:51:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
PRC - [2010/05/20 18:11:48 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/20 18:10:18 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/09 14:01:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/30 18:41:14 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/09/30 18:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/09/30 18:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/08/27 10:50:40 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/06/24 19:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/06/24 19:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/06/24 19:17:34 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/02/20 05:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/22 21:14:54 | 000,921,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2005/12/22 20:21:44 | 000,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2005/12/22 20:15:46 | 000,381,014 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/01/13 00:00:30 | 000,126,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 16:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/27 16:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/03/12 00:00:30 | 000,135,168 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2004/03/12 00:00:30 | 000,090,112 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2004/02/13 10:47:02 | 000,155,648 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/06/18 12:00:00 | 000,200,704 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe


========== Modules (SafeList) ==========

MOD - [2010/07/05 10:51:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/14 22:50:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/30 18:41:08 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 18:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 18:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/08/27 10:50:40 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/08/20 16:50:30 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/06/24 19:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 19:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/12/22 20:21:44 | 000,061,526 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\JHSecure\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/03/12 00:00:30 | 000,135,168 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2004/03/12 00:00:30 | 000,090,112 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2004/02/13 10:47:02 | 000,155,648 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jonathan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/14 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100723.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100723.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/31 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/31 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/15 17:44:14 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/20 16:50:02 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/20 16:49:56 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/13 21:50:50 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_600_13487.sys -- (NEOFLTR_600_13487) Juniper Networks TDI Filter Driver (NEOFLTR_600_13487)
DRV - [2008/05/28 12:31:24 | 000,337,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/05/28 12:31:24 | 000,054,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/07/29 09:20:09 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/11/11 16:34:16 | 000,353,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/01 10:15:06 | 000,025,344 | ---- | M] (Iomega) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IABFilt.sys -- (IABFilt)
DRV - [2005/06/29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/01 16:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/24 00:52:00 | 000,007,552 | ---- | M] (PortalPlayer, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\H10USB.sys -- (PortlUSB)
DRV - [2004/02/13 10:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/01 17:23:12 | 000,634,798 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvf2.sys -- (sonypvf2)
DRV - [2003/07/01 17:12:32 | 000,430,670 | ---- | M] (Sony Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\sonypvt2.sys -- (sonypvt2)
DRV - [2003/06/24 10:29:36 | 000,064,093 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sonypvd2.sys -- (sonypvd2)
DRV - [2003/06/18 04:21:08 | 000,019,478 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sonypvl2.sys -- (sonypvl2)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2010/07/17 17:11:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLPSP] c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\JHSecure VPN Client.lnk = C:\Program Files\JHSecure\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1278412954625 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://dcconnect.rand.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/23 19:31:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jonathan\Recent
[2010/07/23 19:20:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/17 17:19:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/17 16:40:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/17 16:35:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/17 16:35:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/17 16:35:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/17 16:35:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/17 16:32:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/17 09:36:31 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2010/07/15 12:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/15 12:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/15 09:09:00 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Jonathan\Desktop\remover.exe
[2010/07/15 09:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\PeaZip
[2010/07/15 09:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2010/07/15 09:07:47 | 006,603,176 | ---- | C] (Giorgio Tani ) -- C:\Documents and Settings\Jonathan\Desktop\peazip-3.2.1.WINDOWS.exe
[2010/07/05 10:51:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2010/07/04 22:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/04 22:36:57 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/04 22:36:57 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/04 22:36:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/04 22:36:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/04 22:36:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/04 13:10:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/04 13:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/02 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/02 19:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\Threat Expert
[2010/07/02 18:59:51 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/30 23:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/30 23:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/29 23:17:08 | 000,000,000 | ---D | C] -- C:\c3b08df3689e6543c69b76d6
[2 C:\Documents and Settings\Jonathan\My Documents\*.tmp files -> C:\Documents and Settings\Jonathan\My Documents\*.tmp -> ]
[127 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/24 09:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/24 09:25:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/24 08:19:50 | 000,485,956 | ---- | M] () -- C:\logfile
[2010/07/24 08:07:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/24 08:05:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/24 08:05:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/24 08:05:39 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 19:31:16 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Jonathan\NTUSER.DAT
[2010/07/23 19:31:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jonathan\ntuser.ini
[2010/07/23 17:30:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/23 17:20:28 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\fix.reg
[2010/07/23 17:17:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/23 17:17:39 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\NTREGOPT.lnk
[2010/07/23 17:17:39 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\ERUNT.lnk
[2010/07/23 14:04:51 | 000,029,583 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Training objectives first draft.docx
[2010/07/23 11:58:07 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Delivery of Mental Health Services in the Patient.doc
[2010/07/21 18:20:02 | 003,739,807 | R--- | M] () -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2010/07/21 13:17:10 | 000,260,213 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\JSM 2010 Presentation 07-19-2010.pptx
[2010/07/21 13:14:04 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\SSA Transient Numbers.xls
[2010/07/21 07:51:08 | 000,143,490 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Medical homes issue brief.pdf
[2010/07/17 17:11:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/17 16:40:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/17 15:50:45 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\jamaica.doc
[2010/07/17 09:33:46 | 000,981,780 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\tdsskiller.zip
[2010/07/17 09:22:06 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe
[2010/07/15 09:08:24 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\PeaZip.lnk
[2010/07/15 09:07:47 | 006,603,176 | ---- | M] (Giorgio Tani ) -- C:\Documents and Settings\Jonathan\Desktop\peazip-3.2.1.WINDOWS.exe
[2010/07/15 09:05:49 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\bootkit_remover.rar
[2010/07/05 13:27:04 | 000,293,376 | ---- | M] () -- C:\7fuz0599.exe
[2010/07/05 10:51:26 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\link.doc
[2010/07/05 10:51:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2010/07/05 08:27:35 | 000,008,886 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\kasp report.html
[2010/07/05 00:42:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Jonathan\My Documents\GA Schools.doc
[2010/07/04 22:36:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/04 22:36:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/04 22:36:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/04 22:36:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/04 22:36:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/04 21:21:32 | 080,398,104 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\jdk-6u20-windows-i586.exe
[2010/07/02 19:25:46 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\HijackThis.lnk
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2010/06/29 23:16:45 | 000,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/29 23:16:45 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/29 23:16:45 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\Documents and Settings\Jonathan\My Documents\*.tmp files -> C:\Documents and Settings\Jonathan\My Documents\*.tmp -> ]
[127 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 17:20:28 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\fix.reg
[2010/07/21 18:16:08 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Jonathan\CFScript.txt
[2010/07/21 17:43:57 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Delivery of Mental Health Services in the Patient.doc
[2010/07/21 13:17:09 | 000,260,213 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\JSM 2010 Presentation 07-19-2010.pptx
[2010/07/21 11:08:58 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\SSA Transient Numbers.xls
[2010/07/21 07:58:03 | 000,029,583 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Training objectives first draft.docx
[2010/07/21 07:51:08 | 000,143,490 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Medical homes issue brief.pdf
[2010/07/17 16:40:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/17 16:40:17 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/17 16:35:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/17 16:35:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/17 16:35:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/17 16:35:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/17 16:35:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/17 16:34:27 | 003,739,807 | R--- | C] () -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2010/07/17 14:52:51 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\jamaica.doc
[2010/07/17 09:33:35 | 000,981,780 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\tdsskiller.zip
[2010/07/17 09:22:06 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe
[2010/07/15 09:08:24 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\PeaZip.lnk
[2010/07/15 09:05:44 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\bootkit_remover.rar
[2010/07/05 13:27:01 | 000,293,376 | ---- | C] () -- C:\7fuz0599.exe
[2010/07/05 08:27:35 | 000,008,886 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\kasp report.html
[2010/07/05 00:08:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Jonathan\My Documents\GA Schools.doc
[2010/07/04 21:21:32 | 080,398,104 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\jdk-6u20-windows-i586.exe
[2010/07/04 20:59:38 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\link.doc
[2010/07/04 13:10:17 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/04 13:10:04 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\NTREGOPT.lnk
[2010/07/04 13:10:04 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\ERUNT.lnk
[2010/07/02 19:25:46 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\HijackThis.lnk
[2010/07/02 18:59:53 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/02/15 18:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/11/05 14:40:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2007/11/05 14:40:21 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2006/08/09 23:41:41 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/08/09 23:41:40 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/08/04 22:02:52 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/08/04 22:02:52 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/08/04 16:00:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/04 15:22:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/07/29 09:24:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/29 09:18:06 | 000,000,190 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/29 08:58:28 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== Custom Scans ==========


< :Files >

< c:\windows\system32\drivers\tsk35.tmp >
[1 c:\windows\system32\drivers\*.tmp files -> c:\windows\system32\drivers\*.tmp -> ]

< >

< :Commands >

< [emptytemp] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA5F15C4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=78a2746903e719478e3bf17d62830aec
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-24 03:58:57
# local_time=2010-07-24 11:58:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1782137 1782137 0 0
# compatibility_mode=1024 16777215 100 0 4127922 4127922 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 4102176 77564434 0 0
# scanned=173045
# found=104
# cleaned=0
# scan_time=5456
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153730.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153734.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153735.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153736.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153737.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153738.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153739.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153740.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153741.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153742.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153749.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153753.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-153754.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225130.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225131.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225132.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225133.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225134.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225135.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225136.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225138.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100523-225139.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101639.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101640.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101641.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101642.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101643.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101644.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100525-101645.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232814.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232822.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232823.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232824.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232825.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232826.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232827.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232828.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232829.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232830.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232831.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232832.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232833.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232834.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-232835.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233406.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233408.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233409.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233410.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233411.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233412.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233413.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233414.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100526-233415.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073036.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073037.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073038.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073039.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073040.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073041.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073042.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073043.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100527-073044.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163932.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163933.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163934.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163935.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163936.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163937.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163938.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163939.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100604-163940.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174038.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174039.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174040.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174041.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174042.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174043.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174044.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174045.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174046.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100620-174047.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233849.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233851.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233852.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233853.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233854.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233857.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233858.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233859.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233900.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233901.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233902.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233903.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100630-233904.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101124.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101126.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101127.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101128.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101129.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101130.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101131.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101132.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101133.backup Win32/Qhost trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts.20100702-101134.backup Win32/Qhost trojan 00000000000000000000000000000000 I
 
Just need to clean out some leftovers. The items ESET found are the infected backup hosts files that were created when you used OTM to solve your HOSTS issue. They will be cleaned out when we clean up the tools.

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Jonathan
->Temp folder emptied: 1479810 bytes
->Temporary Internet Files folder emptied: 57579202 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 6035 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 4842 bytes
->Flash cache emptied: 20064 bytes

User: Regina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 12118833 bytes
->Flash cache emptied: 579 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 153312311 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 68224 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 11621251 bytes
RecycleBin emptied: 41361 bytes

Total Files Cleaned = 226.00 mb


OTL by OldTimer - Version 3.2.7.1 log created on 07252010_105702

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6DA9.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6DB4.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E33.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E40.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E92.tmp not found!
File\Folder C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF6E9D.tmp not found!
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\UH6SF40L\welcome[4].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\UH6SF40L\_;ord=0[2].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\md[1].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\showthread[1].htm moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\st[2] moved successfully.
C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\R7J0U3WA\_;ord=0[3].htm moved successfully.

Registry entries deleted on Reboot...
 
If all is still running well I think we can wrap it up.

Uninstall Combofix
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
The above procedure will:
  • Delete the following: ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.

++++++++++++++++++++

Uninstall OTL and related files/folders/tools
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Anything else that is still left that we used can also be deleted.

Now that you are clean please take some time to read through TonyKlein's So how did I get infected in the first place?
 
Thanks so much for your help. I'm so grateful that my computer is running again. I appreciate all the time and effort you put into helping me.
 
Status
Not open for further replies.
Back
Top