Dell.com >

Forums > Tech Support Topics > Virus & Spyware > Malware Removal > Bamajim

Bamajim

Common Links

Latest post 11/09/2009 12:22 PM by rspangl. 20 replies.

Back to forum | Previous | Next

Page 2 of 2

rspangl

Joined on 10/24/2009

Posts: 17

Points 295

Bamajim

27 Oct 2009 12:17PM

Antivirus System Pro has taken over my (other) computer. Cannot use internet, cannot run Hijack this, cannot boot in safe mode. I was not able to scan with Malwarebytes Anti-Malware. In a Google search on the subject, I found and ran combofix (no idea what I was doing here). As a result I've been able to run Anti-Malware, but still not able to run Hijack This, internet. I ran the following log. Please let me know If you can help, given what I've gotten myself into. If not, I'm not sure where to go next. But, I'll wait to hear from you before moving on. Thanks!

Following is text file from Filelister.

+++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.1                                 +
+                                                                    +
+ By bamajim / SpywareHammer.com                 +
+++++++++++++++++++++++++++++++++

Report ran on --->>> 10/25/2009 12:08:38 PM

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======

BHO: (NO NAME) - {fa9fc5c9-e865-4cfc-a8f5-a5630712beb4} - jejobadi.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[SoundMAXPnP] = C:\Program Files\Analog Devices\Core\smax4pnp.exe
[igfxtray] = C:\WINDOWS\system32\igfxtray.exe
[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe
[igfxpers] = C:\WINDOWS\system32\igfxpers.exe
[Symantec PIF AlertEng] = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
[Carbonite Backup] = C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HP Software Update] = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[calc] = rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
[Malwarebytes Anti-Malware (reboot)] = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[fajatezigu] = Rundll32.exe "pekuveme.dll",s

====== HKCU\~\Run Keys ======

[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe
[swg] = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /background
[Yjafosi8kdf98winmdkmnkmfnwe] = C:\DOCUME~1\Ron\LOCALS~1\Temp\win32.exe
[calc] = rundll32.exe C:\DOCUME~1\Ron\ntuser.dll,_IWMPEvents@0

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\ NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\ NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\ NameServer=

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

10/24/2009 4:23:31 PM    16572635    C:\ComboFix
10/24/2009 4:23:31 PM    8861    C:\ComboFix\N_
10/24/2009 4:18:57 PM    6176546    C:\Qoobox
10/24/2009 4:25:14 PM    14439    C:\Qoobox\BackEnv
10/24/2009 4:25:14 PM    124    C:\Qoobox\LastRun
10/24/2009 4:18:57 PM    6161983    C:\Qoobox\Quarantine
10/24/2009 4:26:48 PM    6147449    C:\Qoobox\Quarantine\C
10/24/2009 4:41:23 PM    1598436    C:\Qoobox\Quarantine\C\Documents and Settings
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data
10/24/2009 4:41:23 PM    1051682    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\22002915
10/24/2009 4:41:24 PM    49459    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly
10/24/2009 4:41:24 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Desktop
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs
10/24/2009 4:41:25 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs\Startup
10/24/2009 4:41:26 PM    290371    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey
10/24/2009 4:41:26 PM    28681    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Application Data
10/24/2009 4:41:26 PM    68232    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Cookies
10/24/2009 4:41:27 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Desktop
10/24/2009 4:41:28 PM    143995    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings
10/24/2009 4:41:28 PM    55434    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Application Data
10/24/2009 4:41:28 PM    88561    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Temporary Internet Files
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs
10/24/2009 4:41:30 PM    24205    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    47753    C:\Qoobox\Quarantine\C\Documents and Settings\Patty
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    108434    C:\Qoobox\Quarantine\C\Documents and Settings\Ron
10/24/2009 4:41:31 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Desktop
10/24/2009 4:41:32 PM    58979    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\My Documents
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs
10/24/2009 4:41:32 PM    24197    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs\Startup
10/24/2009 4:41:33 PM    1084310    C:\Qoobox\Quarantine\C\Program Files
10/24/2009 4:41:33 PM    34446    C:\Qoobox\Quarantine\C\Program Files\Common Files
10/24/2009 4:41:33 PM    257280    C:\Qoobox\Quarantine\C\Program Files\qpmynv
10/24/2009 4:41:33 PM    397325    C:\Qoobox\Quarantine\C\Program Files\Shared
10/24/2009 4:41:34 PM    395259    C:\Qoobox\Quarantine\C\Program Files\WinPcap
10/24/2009 4:41:36 PM    3464703    C:\Qoobox\Quarantine\C\WINDOWS
10/24/2009 4:41:37 PM    3224576    C:\Qoobox\Quarantine\C\WINDOWS\system32
10/24/2009 4:41:38 PM    32000    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
10/24/2009 4:18:57 PM    14534    C:\Qoobox\Quarantine\Registry_backups
10/24/2009 4:25:14 PM    0    C:\Qoobox\Test
10/24/2009 4:25:14 PM    0    C:\Qoobox\TestC
10/25/2009 12:08:38 PM    2075    32    C:\Files.txt
10/13/2009 7:43:20 AM    534827008    38    C:\hiberfil.sys
10/23/2009 3:14:59 PM    52736    32    C:\ldvx.exe
10/23/2009 3:14:57 PM    114640    32    C:\qsdhs.exe
10/20/2009 8:18:00 PM    1044771    C:\WINDOWS\$NtUninstallKB954155_WM9$
10/20/2009 8:18:00 PM    630827    C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst
9/8/2009 10:13:58 PM    785101    C:\WINDOWS\$NtUninstallKB956844$
9/8/2009 10:13:58 PM    632013    C:\WINDOWS\$NtUninstallKB956844$\spuninst
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$\spuninst
10/4/2009 12:33:30 AM    2128325    C:\WINDOWS\$NtUninstallKB968389$
10/4/2009 12:33:30 AM    637509    C:\WINDOWS\$NtUninstallKB968389$\spuninst
9/8/2009 10:13:50 PM    3007559    C:\WINDOWS\$NtUninstallKB968816_WM9$
9/8/2009 10:13:50 PM    630799    C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst
10/20/2009 8:02:15 PM    2067399    C:\WINDOWS\$NtUninstallKB969059$
10/20/2009 8:02:16 PM    631751    C:\WINDOWS\$NtUninstallKB969059$\spuninst
8/25/2009 7:11:17 PM    843668    C:\WINDOWS\$NtUninstallKB970653-v3$
8/25/2009 7:11:17 PM    645524    C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst
10/20/2009 7:56:03 PM    9025068    C:\WINDOWS\$NtUninstallKB971486$
10/20/2009 7:56:03 PM    635052    C:\WINDOWS\$NtUninstallKB971486$\spuninst
10/20/2009 7:53:40 PM    769057    C:\WINDOWS\$NtUninstallKB973525$
10/20/2009 7:53:40 PM    629793    C:\WINDOWS\$NtUninstallKB973525$\spuninst
10/20/2009 8:01:54 PM    879066    C:\WINDOWS\$NtUninstallKB974112$
10/20/2009 8:01:55 PM    631740    C:\WINDOWS\$NtUninstallKB974112$\spuninst
10/20/2009 8:00:49 PM    688904    C:\WINDOWS\$NtUninstallKB974571$
10/20/2009 8:00:49 PM    631560    C:\WINDOWS\$NtUninstallKB974571$\spuninst
10/20/2009 8:01:30 PM    926204    C:\WINDOWS\$NtUninstallKB975025$
10/20/2009 8:01:30 PM    631292    C:\WINDOWS\$NtUninstallKB975025$\spuninst
10/20/2009 7:51:06 PM    765286    C:\WINDOWS\$NtUninstallKB975467$
10/20/2009 7:51:06 PM    631654    C:\WINDOWS\$NtUninstallKB975467$\spuninst
10/24/2009 4:25:14 PM    61541938    C:\WINDOWS\ERDNT
10/24/2009 4:25:14 PM    61541698    C:\WINDOWS\ERDNT\Hiv-backup
10/24/2009 4:25:46 PM    6643712    C:\WINDOWS\ERDNT\Hiv-backup\Users
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
10/24/2009 4:25:46 PM    5812224    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
10/24/2009 4:25:46 PM    339968    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
8/25/2009 8:38:55 PM    15367    32    C:\WINDOWS\cosawesoha._dl
8/25/2009 8:38:55 PM    14070    32    C:\WINDOWS\duhe._dl
10/24/2009 4:25:26 PM    80412    32    C:\WINDOWS\grep.exe
9/12/2009 3:31:17 PM    68940    32    C:\WINDOWS\hpoins05.dat
9/12/2009 3:31:17 PM    19696    0    C:\WINDOWS\hpomdl05.dat
8/25/2009 8:38:55 PM    15228    32    C:\WINDOWS\inoxiwymet.ban
10/20/2009 8:17:57 PM    8738    32    C:\WINDOWS\KB954155.log
9/8/2009 10:13:57 PM    7786    32    C:\WINDOWS\KB956844.log
10/20/2009 8:18:29 PM    6817    32    C:\WINDOWS\KB958869.log
9/13/2009 1:33:33 AM    19736    32    C:\WINDOWS\KB968389.log
9/8/2009 10:13:50 PM    6805    32    C:\WINDOWS\KB968816.log
10/16/2009 10:21:57 AM    13964    32    C:\WINDOWS\KB969059.log
8/25/2009 7:11:12 PM    3757    32    C:\WINDOWS\KB970653-v3.log
10/20/2009 7:54:41 PM    10097    32    C:\WINDOWS\KB971486.log
9/8/2009 10:12:14 PM    7756    32    C:\WINDOWS\KB971961-IE8.log
10/20/2009 7:52:18 PM    6936    32    C:\WINDOWS\KB973525.log
10/16/2009 10:22:02 AM    14107    32    C:\WINDOWS\KB974112.log
10/21/2009 6:27:29 PM    13424    32    C:\WINDOWS\KB974455-IE8.log
10/16/2009 10:21:43 AM    14518    32    C:\WINDOWS\KB974571.log
10/16/2009 10:21:52 AM    14070    32    C:\WINDOWS\KB975025.log
10/16/2009 10:21:04 AM    16245    32    C:\WINDOWS\KB975467.log
10/24/2009 4:25:26 PM    31232    32    C:\WINDOWS\NIRCMD.exe
8/25/2009 8:38:55 PM    19272    32    C:\WINDOWS\ovezydyz.dl
10/24/2009 4:25:26 PM    236544    32    C:\WINDOWS\PEV.exe
10/24/2009 4:25:26 PM    98816    32    C:\WINDOWS\sed.exe
10/24/2009 4:25:26 PM    161792    32    C:\WINDOWS\SWREG.exe
10/24/2009 4:25:26 PM    136704    32    C:\WINDOWS\SWSC.exe
10/24/2009 4:25:26 PM    212480    32    C:\WINDOWS\SWXCACLS.exe
8/25/2009 8:38:55 PM    19895    32    C:\WINDOWS\zibela._dl
10/24/2009 4:25:26 PM    68096    32    C:\WINDOWS\zip.exe
10/16/2009 2:00:10 PM    145408    32    C:\WINDOWS\system32\41-v5.exe
9/12/2009 3:30:58 PM    581632    32    C:\WINDOWS\system32\hpotscl.dll
9/12/2009 3:30:58 PM    229376    32    C:\WINDOWS\system32\hpovst08.dll
9/12/2009 3:30:37 PM    196608    32    C:\WINDOWS\system32\hpzcoi12.dll
9/12/2009 3:30:38 PM    393216    32    C:\WINDOWS\system32\hpzcon12.dll
9/12/2009 3:30:39 PM    139345    32    C:\WINDOWS\system32\hpzlnt12.dll
9/24/2009 3:15:33 PM    0    32    C:\WINDOWS\system32\ISHARE
8/26/2009 4:15:37 PM    17731    32    C:\WINDOWS\system32\jucaxyhu.lib
9/5/2009 1:54:48 AM    69632    32    C:\WINDOWS\system32\QuickTime.qts
9/5/2009 1:54:48 AM    94208    32    C:\WINDOWS\system32\QuickTimeVR.qtx
8/25/2009 8:38:55 PM    15521    32    C:\WINDOWS\system32\sydyji.exe
8/25/2009 8:38:55 PM    13811    32    C:\WINDOWS\system32\ysuva.dat

====== Files under "\Administrator\Startup" Last 60 Days======

====== Files under "\All Users\Startup" Last 60 Days======

9/12/2009 3:41:24 PM 1808 32 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
9/12/2009 3:47:15 PM 798 32 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

====== Files and Folders under "\Program Files" Last 60 Days======

10/8/2009 10:19:29 PM    14932253    C:\Program Files\Auslogics
10/12/2009 3:30:38 PM    0    C:\Program Files\CS
9/12/2009 3:40:32 PM    4141261    C:\Program Files\Hewlett-Packard
9/13/2009 1:56:30 AM    112137144    C:\Program Files\iTunes

====== Files under "\System32\Drivers" Last 60 Days======

====== Files Deleted under "%Temp%" ======

41 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891\Data
9/13/2009 1:56:30 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
9/13/2009 1:58:46 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86
9/13/2009 1:58:46 AM    133968    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86
8/25/2009 8:38:55 PM    12868    32    C:\Documents and Settings\All Users\Application Data\gubokiby.dl
8/25/2009 8:38:55 PM    15299    32    C:\Documents and Settings\All Users\Application Data\igezicahun.ban
8/25/2009 8:38:55 PM    17063    32    C:\Documents and Settings\All Users\Application Data\tanyvo.db

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\CUCore Agent
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKLM\Software\microsoft\shared tools\msconfig\startupreg\dla
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKLM\Software\microsoft\shared tools\msconfig\startupreg\IntelMeM
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\mmtask
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKLM\Software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Replay Center
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKLM\Software\microsoft\shared tools\msconfig\startupreg\swg
HKLM\Software\microsoft\shared tools\msconfig\startupreg\TkBellExe

====== Services ( Services that are Whitelisted are not shown) ======

ASAPIW2k (ASAPIW2K)- C:\WINDOWS\system32\drivers\ASAPIW2k.sys - Manual/Running
Avc (AVC Device)- C:\WINDOWS\system32\DRIVERS\avc.sys - Manual/Stopped
bvrp_pci (bvrp_pci)- - Manual/Stopped
drvmcdb (drvmcdb)- C:\WINDOWS\system32\drivers\drvmcdb.sys - Boot/Running
drvnddm (drvnddm)- C:\WINDOWS\system32\drivers\drvnddm.sys - Auto/Running
DSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - Manual/Stopped
dsunidrv (DellSupport UniDriver)- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys - Auto/Running
E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
FANTOM (LEGO MINDSTORMS NXT Driver)- C:\WINDOWS\system32\DRIVERS\fantom.sys - Manual/Stopped
FTD2XX (FTD2XX.SYS FT8U2XX device driver)- C:\WINDOWS\system32\Drivers\FTD2XX.sys - Manual/Stopped
grmnusb (grmnusb)- C:\WINDOWS\system32\drivers\grmnusb.sys - Manual/Stopped
Hardlock (Hardlock)- \??\C:\WINDOWS\system32\drivers\hardlock.sys - Auto/Running
Haspnt (Haspnt)- \??\C:\WINDOWS\system32\drivers\Haspnt.sys - Auto/Running
IntelC51 (IntelC51)- C:\WINDOWS\system32\DRIVERS\IntelC51.sys - Manual/Running
IntelC52 (IntelC52)- C:\WINDOWS\system32\DRIVERS\IntelC52.sys - Manual/Running
IntelC53 (IntelC53)- C:\WINDOWS\system32\DRIVERS\IntelC53.sys - Manual/Running
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
MarvinBus (Pinnacle Marvin Bus)- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys - Manual/Running
MCSTRM (MCSTRM)- - Auto/Stopped
mohfilt (mohfilt)- C:\WINDOWS\system32\DRIVERS\mohfilt.sys - Manual/Running
MSDV (Microsoft DV Camera and VCR)- C:\WINDOWS\system32\DRIVERS\msdv.sys - Manual/Stopped
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
PCLEPCI (PCLEPCI)- \??\C:\WINDOWS\system32\drivers\pclepci.sys - System/Running
RioS50 (RioS50 driver)- C:\WINDOWS\system32\Drivers\RioS50.sys - Manual/Stopped
senfilt (senfilt)- C:\WINDOWS\system32\drivers\senfilt.sys - Manual/Running
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
smwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Running
sscdbhk5 (sscdbhk5)- C:\WINDOWS\system32\drivers\sscdbhk5.sys - System/Running
ssrtln (ssrtln)- C:\WINDOWS\system32\drivers\ssrtln.sys - System/Running
tfsnboio (tfsnboio)- C:\WINDOWS\system32\dla\tfsnboio.sys - Auto/Running
tfsncofs (tfsncofs)- C:\WINDOWS\system32\dla\tfsncofs.sys - Auto/Running
tfsndrct (tfsndrct)- C:\WINDOWS\system32\dla\tfsndrct.sys - Auto/Running
tfsndres (tfsndres)- C:\WINDOWS\system32\dla\tfsndres.sys - Auto/Running
tfsnifs (tfsnifs)- C:\WINDOWS\system32\dla\tfsnifs.sys - Auto/Running
tfsnopio (tfsnopio)- C:\WINDOWS\system32\dla\tfsnopio.sys - Auto/Running
tfsnpool (tfsnpool)- C:\WINDOWS\system32\dla\tfsnpool.sys - Auto/Running
tfsnudf (tfsnudf)- C:\WINDOWS\system32\dla\tfsnudf.sys - Auto/Running
tfsnudfa (tfsnudfa)- C:\WINDOWS\system32\dla\tfsnudfa.sys - Auto/Running
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Stopped
WpdUsb (WpdUsb)- C:\WINDOWS\system32\Drivers\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

OTOY
WebEx
Ad-Aware
Adobe Flash Player 10 ActiveX
Audacity 1.2.6
Audible Download Manager
Backyard Baseball 2003
Carbonite
chundate ScreenSaver
Focus MP3 Recorder Pro 3.4
FTDI FTD2XX USB Drivers
Game Maker 7.0
Garfield 25th Anniversary Screen Saver
HASP4 Device Drivers
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Pinnacle Hollywood FX for Studio
HP Image Zone 4.7
HP Extended Capabilities 4.7
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Internet Explorer 8
iPod for Windows 2006-03-23
SmartSound Quicktracks Plugin
DesignPro 5.0 Limited Edition
iPod for Windows 2005-09-23
Chessmaster 10th Edition
Intel(R) 537EP V9x DF PCI Modem
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Security Update for Windows XP (KB893066)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Update for Windows XP (KB925720)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Hotfix for Windows XP (KB961118)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows Internet Explorer 7 (KB963027)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Security Update for Windows XP (KB968537)
Security Update for Windows Media Player (KB968816)
Security Update for Windows XP (KB969059)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Hotfix for Windows XP (KB970653-v3)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Update for Windows Internet Explorer 8 (KB971930)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows Media Player (KB973540)
Update for Windows XP (KB973815)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Kid Pix Studio Deluxe
Life of Christ
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Macromedia Shockwave Player
Magic Music Editor v5.3.12.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
My Way Search Assistant
NetStudio Easy Web Graphics
Microsoft National Language Support Downlevel APIs
Operation
Photo Finale
Picasa 3
PolderbitS Sound Recorder and Editor
proDAD Heroglyph 1.0
Intel(R) PRO Network Adapters and Drivers
Radiotracker 3.0.1.37
RealPlayer
rwss Screen Saver
screensaver
skiStunt
SSH2Deluxe Screen Saver
Learn2 Player (Uninstall Only)
Tax Forms Assistant
Tax Forms Helper 2004 6.5
Tax Forms Helper 2006 7.5
Tax Forms Helper 2008 8.5
The Game Of Life
TI-84 Plus Dreams Screen Saver
TurboTax 2008
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Type To Learn
V CAST Music with Rhapsody
VeggieTalesJonah
Viewpoint Media Player
Where in the USA is Carmen Sandiego?
Where in the USA is Carmen Sandiego?
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
WinPcap 3.1 beta4
World Book Illustrated Atlas
Yahoo! Toolbar
Zoombinis Logical Journey(TM)
Microsoft Office 2000 SR-1 Small Business
Microsoft Office 2000 SR-1 Disc 2
Macromedia Flash Player
Bonjour
Sonic RecordNow Data
Apple Application Support
Scan
Microsoft Plus! Photo Story 2 LE
MyLearnExpress
Sonic DLA
SA23xx Device Manager
ScannerCopy
HP Product Assistant
Intel(R) PROSet for Wired Connections
Fax
Google Toolbar for Internet Explorer
MSXML 6 Service Pack 2 (KB954459)
InstantShare
Copy
Click to Meet Conference Client
iPod for Windows 2006-03-23
TrayApp
Sonic MyDVD LE
Maestro ActivityMaker
Google Toolbar for Internet Explorer
Java(TM) 6 Update 13
cp_dwShrek2Albums1
TurboTax 2008 WinPerUserEducation
TurboTax ItsDeductible 2005
Unload
Sonic Update Manager
Java(TM) 6 Update 7
Windows Media Player 10
HP PSC & OfficeJet 4.7
WebFldrs XP
NetZeroInstallers
Internet Explorer Default Page
TurningPoint 2008
MSXML 4.0 SP2 (KB927978)
CueTour
MyLearnExpress
ProductContext
LEGO® MINDSTORMS® NXT - English Language Pack
Modem On Hold
ChessBase 9
Google Earth
Jasc Paint Shop Photo Album 5
LEGO® MINDSTORMS® NXT Software v1.0
Readme
Math
2600
SmartSound Quicktracks Plugin
Sonic CinePlayer MP3 Creation Pack
Safari
Dell Driver Reset Tool
PanoStandAlone
AOLIcon
CreativeProjects
PhotoGallery
HP Software Update
AiO_Scan
PowerDVD 5.5
Destinations
Apple Software Update
Photo Click
Microsoft Plus! Digital Media Edition Installer
2600Trb
BufferChm
cp_dwShrek2Cards1
EarthLink setup files
TurboTax 2008 WinPerFedFormset
Jasc Paint Shop Pro Studio, Dell Editon
My Way Search Assistant
Modem Event Monitor
Get High Speed Internet!
HPSystemDiagnostics
Harry Potter II
AnswerWorks 4.0 Runtime - English
DellSupport
Modem Helper
e-Sword
DING!
SkinsHP1
Fall of Jericho
AiOSoftware
MSXML 4.0 SP2 (KB954430)
Ten Thumbs 4.3.1
QFolder
TurboTax 2008 WinPerReleaseEngine
Intel(R) Extreme Graphics 2 Driver
DocProc
Auslogics Registry Cleaner
Musicmatch® Jukebox
Compatibility Pack for the 2007 Office system
Microsoft FrontPage 2002
Microsoft PowerPoint 2002
e-Sword
DesignPro 5.0 Limited Edition
QuickProjects
Rio Music Manager
Studio 9
PrintScreen
Microsoft .NET Framework 3.0 Service Pack 2
QuickTime
CP_AtenaShokunin1Config
Apple Mobile Device Support
Sonic RecordNow Audio
Dell Media Experience
Adobe Reader 7.0
Garfield Desktop Comic
Dell Picture Studio v3.0
WordPerfect Office 12
TurboTax 2008 wohiper
TurboTax ItsDeductible 2006
Sonic RecordNow Copy
TurboTax 2008 wrapper
TurboTax 2008 WinPerTaxSupport
SONICblue Real Service Providers
Studio 9 Content CD/DVD
Director
MarketResearch
e-Sword Bible Screen Saver
Harry Potter - Quidditch World Cup
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 2.0 Service Pack 2
2600_Help
Microsoft .NET Framework 1.1
WebReg
DocumentViewer
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
The Incredibles: Rise of The Underminer
iPod for Windows 2005-09-23
LiveUpdate Notice (Symantec Corporation)
AnswerWorks 5.0 English Runtime
TWC User Controls
Ad-Aware
Auslogics Disk Defrag
LEGO® MINDSTORMS® NXT Driver
Google SketchUp Viewer
The Incredibles - When Danger Calls
TurboTax 2008 WinPerProgramHelp
Chessmaster 10th Edition
WexTech AnswerWorks
iTunes
Maestro ActivityMaker
Quicken 2009
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Social Studies and Science
Garmin Communicator Plugin
CreativeProjectsTemplates

======== Other Info ========

TOTAL PHYSICAL RAM: 535 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

OS Type: Microsoft Windows XP Home Edition
Build: 5.1.2600
Service Pack: 2.0

====== Files with Hidden Attributes======

C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\NTUSER.DAT
C:\Documents and Settings\Administrator\IECompatCache\index.dat
C:\Documents and Settings\Administrator\IETldCache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081020090817\index.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081720090824\index.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009082620090827\index.dat
C:\Documents and Settings\Administrator\PrivacIE\index.dat

==End of Report==

Post Points: 20

20 Replies:

rspangl

Joined on 10/24/2009

Posts: 17

Points 295

Re: Bamajim

02 Nov 2009 07:55PM

Following is the combofix log. Hope I ran everything ok, as it said it ran in reduced functionality mode.

ComboFix 09-10-23.01 - Administrator 11/02/2009 20:27.3.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.354 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\cfscript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\windows\system32\jejobadi.dll"
"c:\windows\system32\pedisasa.dll"
"c:\windows\system32\toluboli.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\makezimu.dll
c:\windows\system32\pedisasa.dll
c:\windows\system32\romabotu.dll
c:\windows\system32\toluboli.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-02 02:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 02:45 . 2009-11-02 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 02:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 20:05 . 2009-10-31 20:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-31 20:04 . 2009-10-31 20:04 149336 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 20:01 . 2009-10-31 20:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-10-31 03:02 . 2009-10-31 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\64759637
2009-10-12 19:30 . 2009-10-12 19:30 -------- d-----w- c:\program files\Common Files\CSUninstall
2009-10-09 02:19 . 2009-10-09 21:14 -------- d-----w- c:\program files\Auslogics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 20:04 . 2005-08-19 00:57 -------- d-----w- c:\program files\Google
2009-10-22 19:47 . 2005-12-31 05:01 -------- d-----w- c:\program files\Crossword Weaver
2009-09-27 20:10 . 2005-06-13 22:18 -------- d-----w- c:\program files\Common Files\Corel
2009-09-27 20:10 . 2008-07-13 03:50 -------- d-----w- c:\program files\Corel
2009-09-27 20:06 . 2005-06-13 22:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 20:04 . 2005-11-15 02:55 -------- d-----w- c:\program files\Nancy Drew
2009-09-23 20:41 . 2005-11-12 03:46 -------- d-----w- c:\documents and settings\Patty\Application Data\Apple Computer
2009-09-20 20:04 . 2005-10-21 14:58 -------- d-----w- c:\documents and settings\Lindsey\Application Data\Apple Computer
2009-09-18 01:39 . 2005-11-01 02:54 -------- d-----w- c:\documents and settings\Kelly\Application Data\Apple Computer
2009-09-13 17:21 . 2009-02-03 01:37 115972 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-13 05:58 . 2009-09-13 05:56 -------- d-----w- c:\program files\iTunes
2009-09-13 05:58 . 2009-09-13 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 05:57 . 2005-10-19 00:35 -------- d-----w- c:\program files\iPod
2009-09-13 05:57 . 2008-05-03 19:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-13 05:50 . 2005-10-19 00:37 -------- d-----w- c:\program files\QuickTime
2009-09-12 19:58 . 2009-09-12 19:31 68940 ----a-w- c:\windows\hpoins05.dat
2009-09-12 19:48 . 2009-09-12 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-12 19:46 . 2005-08-07 03:49 -------- d-----w- c:\program files\Common Files\HP
2009-09-12 19:41 . 2005-08-07 03:20 -------- d-----w- c:\program files\HP
2009-09-12 19:41 . 2009-09-12 19:40 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-11 14:33 . 2004-08-10 17:51 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 19:12 . 2009-09-08 19:12 -------- d-----w- c:\documents and settings\Lindsey\Application Data\Malwarebytes
2009-09-04 20:45 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 17:51 916480 ------w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-06-04 01:08 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-12-26 03:41 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:16 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 00:38 . 2009-08-26 00:38 11360 ----a-w- c:\program files\Common Files\lokenosude._sy
2009-08-17 13:30 . 2009-08-17 13:30 19370 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\uxicacybu.com
2009-08-17 13:30 . 2009-08-17 13:30 17531 ----a-w- c:\program files\Common Files\lepozigu.dll
2009-08-17 13:30 . 2009-08-17 13:30 17421 ----a-w- c:\windows\voqoxepad.pif
2009-08-17 13:30 . 2009-08-17 13:30 14567 ----a-w- c:\documents and settings\All Users\Application Data\dexa.scr
2009-08-17 13:30 . 2009-08-17 13:30 13318 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\muxon.dat
2009-08-17 13:30 . 2009-08-17 13:30 13146 ----a-w- c:\documents and settings\Lindsey\Application Data\wihazicefu.pif
2009-08-17 13:30 . 2009-08-17 13:30 19939 ----a-w- c:\program files\Common Files\kavunida.scr
2009-08-17 13:30 . 2009-08-17 13:30 18156 ----a-w- c:\documents and settings\Lindsey\Application Data\tarif.bin
2009-08-17 13:30 . 2009-08-17 13:30 12704 ----a-w- c:\program files\Common Files\ybejuwi._dl
2009-08-17 13:30 . 2009-08-17 13:30 12310 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\ydoxono.dll
2009-08-17 13:30 . 2009-08-17 13:30 10992 ----a-w- c:\program files\Common Files\vuhuwylo.com
2009-08-14 21:15 . 2005-08-10 19:27 149336 ----a-w- c:\documents and settings\Patty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 20:59 . 2005-08-07 21:58 149336 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 19:57 . 2005-08-07 15:37 149336 ----a-w- c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 23:24 . 2004-08-10 18:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-10 18:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-06-16 03:17 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-10 18:02 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 17:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-10 18:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-10 18:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-24 20:08 . 2008-07-13 03:59 88 --sh--r- c:\windows\system32\9497AC6F27.sys
2009-07-31 03:02 . 2009-07-31 03:02 53248 --sha-w- c:\windows\system32\gipidiwu.dll
2009-07-31 03:02 . 2009-07-31 03:02 53248 --sha-w- c:\windows\system32\hofalobu.dll
2009-07-24 20:08 . 2008-07-13 03:52 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-31 03:02 . 2009-07-31 03:02 1054752 --sha-w- c:\windows\system32\vasidifu.exe
2009-07-31 19:48 . 2009-07-31 19:48 92160 --sha-w- c:\windows\system32\vonibusa.dll
2009-07-31 03:02 . 2009-07-31 03:02 53248 --sha-w- c:\windows\system32\yonevena.dll
2009-07-31 03:02 . 2009-07-31 03:02 39424 --sha-w- c:\windows\system32\zubadira.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-10-29_21.18.19   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-29 18:03 . 2009-10-29 18:03 16384              c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2009-11-03 01:31 . 2009-11-03 01:31 16384              c:\windows\temp\Perflib_Perfdata_6a8.dat
- 2009-10-29 18:03 . 2009-10-29 18:03 16384              c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2009-11-03 01:31 . 2009-11-03 01:31 16384              c:\windows\temp\Perflib_Perfdata_648.dat
+ 2004-08-10 17:51 . 2009-11-03 01:18 71732              c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-10-21 00:25 71732              c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2009-10-21 00:25 442466              c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2009-11-03 01:18 442466              c:\windows\system32\perfh009.dat
+ 2009-07-17 14:24 . 2009-11-01 20:14 245760              c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-17 14:24 . 2009-10-24 12:50 245760              c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa9fc5c9-e865-4cfc-a8f5-a5630712beb4}]
2009-07-31 03:02 53248 --sha-w- c:\windows\system32\yonevena.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-07 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"64759637"="c:\documents and settings\All Users\Application Data\64759637\64759637.exe" [2009-10-31 1054752]
"velikolaw"="c:\windows\system32\vonibusa.dll" [2009-07-31 92160]
"fajatezigu"="gipidiwu.dll" - c:\windows\system32\gipidiwu.dll [2009-07-31 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\Kelly\Start Menu\Programs\Startup\
DesktopComic.exe [2006-4-13 1056291]
PowerReg Scheduler V3.exe [2006-6-13 225280]

c:\documents and settings\Lindsey\Start Menu\Programs\Startup\
DesktopComic.exe [2006-4-13 1056291]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{d8bf6737-77a4-4d07-8ab6-1eb5494ea88c}"= "c:\windows\system32\vonibusa.dll" [2009-07-31 92160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"firifapek"= {d8bf6737-77a4-4d07-8ab6-1eb5494ea88c} - c:\windows\system32\vonibusa.dll [2009-07-31 92160]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli gipidiwu.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\vssvc.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgalry.exe"=
"c:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteUI.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/8/2009 1:22 PM 64160]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 12:37 PM 13088]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 2:55 PM 39424]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [9/28/2006 11:59 AM 34639]
S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [11/10/2005 7:47 PM 12661]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:22]

2009-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{5813F25E-005A-408D-9FE3-953A4E35C839}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {6964E06D-0446-43AF-A657-E65920D2E4CC} - hxxp://rep.liebert.com/eforms/lqq/OrderForms/HeatRejection/SAFM-8540-29E/3h/distinct/HeatRejection.CAB
DPF: {CA71228B-EE60-4C95-99DB-C3B7EAF0D483} - hxxp://rep.liebert.com/eforms/lqq/OrderForms/LiebertDS/SAFM-8540-410E/2g/distinct/LiebertDS.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 20:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,ca,c6,21,8b,c9,1f,44,83,ff,24,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,ca,c6,21,8b,c9,1f,44,83,ff,24,\

[HKEY_USERS\S-1-5-21-2513623303-3009968100-2059323652-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,6c,b5,91,42,a2,35,4c,b9,97,4c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,6c,b5,91,42,a2,35,4c,b9,97,4c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(296)
c:\windows\system32\gipidiwu.dll
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\vonibusa.dll
.
------------------------ Other Running Processes ------------------------
.
c:\combofix\CF24256.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-11-03 20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-03 01:38
ComboFix2.txt 2009-10-29 21:28

Pre-Run: 9,872,887,808 bytes free
Post-Run: 9,845,833,728 bytes free

- - End Of File - - D72421FA49868F9EC05ADEB67BCF1E87

Post Points: 20

bamajim

Joined on 01/16/2006

Posts: 10,322

Points 15,932

Re: Bamajim

03 Nov 2009 10:41AM

Give me an update on how your PC is running at this point

Consumer Security 2008- 2009

SpywareHammer

Post Points: 20

rspangl

Joined on 10/24/2009

Posts: 17

Points 295

Re: Bamajim

03 Nov 2009 11:20AM

Booting to normal operation (non- safemode), a few fake virus scan pop-ups appear, and desktop is blank. I have not tried to connect to the internet; the pop-ups seemed to be gone a few days ago, and once I connected to the internet, it seemed that's when they came back.

I was able to run Word, etc the other day (when the desktop was visible), and print. Don't know if I can do that now, but if I did I'd need to access the programs from Start/all programs, etc.

Post Points: 5

rspangl

Joined on 10/24/2009

Posts: 17

Points 295

Re: Bamajim

04 Nov 2009 11:28AM

Couple things I wondered about as I was running Combofix:

I noticed popped-up about a rootkit. Should I re-run, and take note of this message?

Did I get a good run without the 'recovery console installed"?

Thanks for your help!

Post Points: 20

bamajim

Joined on 01/16/2006

Posts: 10,322

Points 15,932

Re: Bamajim

05 Nov 2009 08:17PM

rspangl

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
c:\windows\system32\hofalobu.dll
c:\windows\system32\vasidifu.exe
c:\windows\system32\zubadira.dll
c:\windows\system32\gipidiwu.dll
c:\windows\system32\vonibusa.dll
c:\windows\system32\yonevena.dll

Folder::
c:\documents and settings\All Users\Application Data\64759637

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"64759637"=-
"velikolaw"=-
"fajatezigu"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{d8bf6737-77a4-4d07-8ab6-1eb5494ea88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"firifapek"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa9fc5c9-e865-4cfc-a8f5-a5630712beb4}]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image

Consumer Security 2008- 2009

SpywareHammer

Post Points: 20

rspangl

Joined on 10/24/2009

Posts: 17

Points 295

Re: Bamajim

09 Nov 2009 12:22PM

Bamajim-

Many thanks for your help. I threw in the towel just a couple hours before receiving this update. I decided to start over with a new hard drive - just got it physically installed before your message. I was about maxed out on my 70G drive, so having this issue pushed me enough to decide to go for more disk space, and rebuild. I'm not sure we could have completely wiped out the malware, too.

I'm up and running again, with the new drive and fresh install on XP. Restoring my files from Carbonite has proven to be very, very slow. Hopefully, I can protect and avoid getting this kind of malware in the future.

Thanks again for all your help!

Post Points: 5

Page 2 of 2

Bamajim

Community Home

Forums

Tech Support Topics

Virus & Spyware

Malware Removal

Common Links

Bamajim

20 Replies:

Re: Bamajim

Re: Bamajim

Re: Bamajim

Re: Bamajim

Re: Bamajim

Re: Bamajim

Shop

Participate

Support

About Dell

My Account