Print

Bamajim

Sign in
Sign in to post messages.
Latest post 11/09/2009 12:22 PM by rspangl. 20 replies.
Back to forum | Previous | Next
 
Page 1 of 2  
Joined on 10/24/2009
Posts: 17
Points 295

Bamajim

27 Oct 2009 12:17PM

Antivirus System Pro has taken over my (other) computer.  Cannot use internet, cannot run Hijack this, cannot boot in safe mode.  I was not able to scan with Malwarebytes Anti-Malware.  In a Google search on the subject, I found and ran combofix (no idea what I was doing here).  As a result I've been able to run Anti-Malware, but still not able to run Hijack This, internet.  I ran the following log.  Please let me know If you can help, given what I've gotten myself into. If not, I'm not sure where to go next.  But, I'll wait to hear from you before moving on.  Thanks!

Following is text file from Filelister.

 


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.1.1                                 +
+                                                                    +
+  By bamajim / SpywareHammer.com                 +
+++++++++++++++++++++++++++++++++

Report ran on --->>>  10/25/2009 12:08:38 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======

BHO: (NO NAME) - {fa9fc5c9-e865-4cfc-a8f5-a5630712beb4} - jejobadi.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[SoundMAXPnP] = C:\Program Files\Analog Devices\Core\smax4pnp.exe
[igfxtray] = C:\WINDOWS\system32\igfxtray.exe
[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe
[igfxpers] = C:\WINDOWS\system32\igfxpers.exe
[Symantec PIF AlertEng] = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
[Carbonite Backup] = C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
[HP Software Update] = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[calc] = rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
[Malwarebytes Anti-Malware (reboot)] = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[fajatezigu] = Rundll32.exe "pekuveme.dll",s

====== HKCU\~\Run Keys ======

[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe
[swg] = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /background
[Yjafosi8kdf98winmdkmnkmfnwe] = C:\DOCUME~1\Ron\LOCALS~1\Temp\win32.exe
[calc] = rundll32.exe C:\DOCUME~1\Ron\ntuser.dll,_IWMPEvents@0

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

10/24/2009 4:23:31 PM    16572635    C:\ComboFix
10/24/2009 4:23:31 PM    8861    C:\ComboFix\N_
10/24/2009 4:18:57 PM    6176546    C:\Qoobox
10/24/2009 4:25:14 PM    14439    C:\Qoobox\BackEnv
10/24/2009 4:25:14 PM    124    C:\Qoobox\LastRun
10/24/2009 4:18:57 PM    6161983    C:\Qoobox\Quarantine
10/24/2009 4:26:48 PM    6147449    C:\Qoobox\Quarantine\C
10/24/2009 4:41:23 PM    1598436    C:\Qoobox\Quarantine\C\Documents and Settings
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data
10/24/2009 4:41:23 PM    1051682    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\22002915
10/24/2009 4:41:24 PM    49459    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly
10/24/2009 4:41:24 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Desktop
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs
10/24/2009 4:41:25 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs\Startup
10/24/2009 4:41:26 PM    290371    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey
10/24/2009 4:41:26 PM    28681    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Application Data
10/24/2009 4:41:26 PM    68232    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Cookies
10/24/2009 4:41:27 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Desktop
10/24/2009 4:41:28 PM    143995    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings
10/24/2009 4:41:28 PM    55434    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Application Data
10/24/2009 4:41:28 PM    88561    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Temporary Internet Files
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs
10/24/2009 4:41:30 PM    24205    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    47753    C:\Qoobox\Quarantine\C\Documents and Settings\Patty
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    108434    C:\Qoobox\Quarantine\C\Documents and Settings\Ron
10/24/2009 4:41:31 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Desktop
10/24/2009 4:41:32 PM    58979    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\My Documents
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs
10/24/2009 4:41:32 PM    24197    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs\Startup
10/24/2009 4:41:33 PM    1084310    C:\Qoobox\Quarantine\C\Program Files
10/24/2009 4:41:33 PM    34446    C:\Qoobox\Quarantine\C\Program Files\Common Files
10/24/2009 4:41:33 PM    257280    C:\Qoobox\Quarantine\C\Program Files\qpmynv
10/24/2009 4:41:33 PM    397325    C:\Qoobox\Quarantine\C\Program Files\Shared
10/24/2009 4:41:34 PM    395259    C:\Qoobox\Quarantine\C\Program Files\WinPcap
10/24/2009 4:41:36 PM    3464703    C:\Qoobox\Quarantine\C\WINDOWS
10/24/2009 4:41:37 PM    3224576    C:\Qoobox\Quarantine\C\WINDOWS\system32
10/24/2009 4:41:38 PM    32000    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
10/24/2009 4:18:57 PM    14534    C:\Qoobox\Quarantine\Registry_backups
10/24/2009 4:25:14 PM    0    C:\Qoobox\Test
10/24/2009 4:25:14 PM    0    C:\Qoobox\TestC
10/25/2009 12:08:38 PM    2075    32    C:\Files.txt
10/13/2009 7:43:20 AM    534827008    38    C:\hiberfil.sys
10/23/2009 3:14:59 PM    52736    32    C:\ldvx.exe
10/23/2009 3:14:57 PM    114640    32    C:\qsdhs.exe
10/20/2009 8:18:00 PM    1044771    C:\WINDOWS\$NtUninstallKB954155_WM9$
10/20/2009 8:18:00 PM    630827    C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst
9/8/2009 10:13:58 PM    785101    C:\WINDOWS\$NtUninstallKB956844$
9/8/2009 10:13:58 PM    632013    C:\WINDOWS\$NtUninstallKB956844$\spuninst
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$\spuninst
10/4/2009 12:33:30 AM    2128325    C:\WINDOWS\$NtUninstallKB968389$
10/4/2009 12:33:30 AM    637509    C:\WINDOWS\$NtUninstallKB968389$\spuninst
9/8/2009 10:13:50 PM    3007559    C:\WINDOWS\$NtUninstallKB968816_WM9$
9/8/2009 10:13:50 PM    630799    C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst
10/20/2009 8:02:15 PM    2067399    C:\WINDOWS\$NtUninstallKB969059$
10/20/2009 8:02:16 PM    631751    C:\WINDOWS\$NtUninstallKB969059$\spuninst
8/25/2009 7:11:17 PM    843668    C:\WINDOWS\$NtUninstallKB970653-v3$
8/25/2009 7:11:17 PM    645524    C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst
10/20/2009 7:56:03 PM    9025068    C:\WINDOWS\$NtUninstallKB971486$
10/20/2009 7:56:03 PM    635052    C:\WINDOWS\$NtUninstallKB971486$\spuninst
10/20/2009 7:53:40 PM    769057    C:\WINDOWS\$NtUninstallKB973525$
10/20/2009 7:53:40 PM    629793    C:\WINDOWS\$NtUninstallKB973525$\spuninst
10/20/2009 8:01:54 PM    879066    C:\WINDOWS\$NtUninstallKB974112$
10/20/2009 8:01:55 PM    631740    C:\WINDOWS\$NtUninstallKB974112$\spuninst
10/20/2009 8:00:49 PM    688904    C:\WINDOWS\$NtUninstallKB974571$
10/20/2009 8:00:49 PM    631560    C:\WINDOWS\$NtUninstallKB974571$\spuninst
10/20/2009 8:01:30 PM    926204    C:\WINDOWS\$NtUninstallKB975025$
10/20/2009 8:01:30 PM    631292    C:\WINDOWS\$NtUninstallKB975025$\spuninst
10/20/2009 7:51:06 PM    765286    C:\WINDOWS\$NtUninstallKB975467$
10/20/2009 7:51:06 PM    631654    C:\WINDOWS\$NtUninstallKB975467$\spuninst
10/24/2009 4:25:14 PM    61541938    C:\WINDOWS\ERDNT
10/24/2009 4:25:14 PM    61541698    C:\WINDOWS\ERDNT\Hiv-backup
10/24/2009 4:25:46 PM    6643712    C:\WINDOWS\ERDNT\Hiv-backup\Users
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
10/24/2009 4:25:46 PM    5812224    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
10/24/2009 4:25:46 PM    339968    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
8/25/2009 8:38:55 PM    15367    32    C:\WINDOWS\cosawesoha._dl
8/25/2009 8:38:55 PM    14070    32    C:\WINDOWS\duhe._dl
10/24/2009 4:25:26 PM    80412    32    C:\WINDOWS\grep.exe
9/12/2009 3:31:17 PM    68940    32    C:\WINDOWS\hpoins05.dat
9/12/2009 3:31:17 PM    19696    0    C:\WINDOWS\hpomdl05.dat
8/25/2009 8:38:55 PM    15228    32    C:\WINDOWS\inoxiwymet.ban
10/20/2009 8:17:57 PM    8738    32    C:\WINDOWS\KB954155.log
9/8/2009 10:13:57 PM    7786    32    C:\WINDOWS\KB956844.log
10/20/2009 8:18:29 PM    6817    32    C:\WINDOWS\KB958869.log
9/13/2009 1:33:33 AM    19736    32    C:\WINDOWS\KB968389.log
9/8/2009 10:13:50 PM    6805    32    C:\WINDOWS\KB968816.log
10/16/2009 10:21:57 AM    13964    32    C:\WINDOWS\KB969059.log
8/25/2009 7:11:12 PM    3757    32    C:\WINDOWS\KB970653-v3.log
10/20/2009 7:54:41 PM    10097    32    C:\WINDOWS\KB971486.log
9/8/2009 10:12:14 PM    7756    32    C:\WINDOWS\KB971961-IE8.log
10/20/2009 7:52:18 PM    6936    32    C:\WINDOWS\KB973525.log
10/16/2009 10:22:02 AM    14107    32    C:\WINDOWS\KB974112.log
10/21/2009 6:27:29 PM    13424    32    C:\WINDOWS\KB974455-IE8.log
10/16/2009 10:21:43 AM    14518    32    C:\WINDOWS\KB974571.log
10/16/2009 10:21:52 AM    14070    32    C:\WINDOWS\KB975025.log
10/16/2009 10:21:04 AM    16245    32    C:\WINDOWS\KB975467.log
10/24/2009 4:25:26 PM    31232    32    C:\WINDOWS\NIRCMD.exe
8/25/2009 8:38:55 PM    19272    32    C:\WINDOWS\ovezydyz.dl
10/24/2009 4:25:26 PM    236544    32    C:\WINDOWS\PEV.exe
10/24/2009 4:25:26 PM    98816    32    C:\WINDOWS\sed.exe
10/24/2009 4:25:26 PM    161792    32    C:\WINDOWS\SWREG.exe
10/24/2009 4:25:26 PM    136704    32    C:\WINDOWS\SWSC.exe
10/24/2009 4:25:26 PM    212480    32    C:\WINDOWS\SWXCACLS.exe
8/25/2009 8:38:55 PM    19895    32    C:\WINDOWS\zibela._dl
10/24/2009 4:25:26 PM    68096    32    C:\WINDOWS\zip.exe
10/16/2009 2:00:10 PM    145408    32    C:\WINDOWS\system32\41-v5.exe
9/12/2009 3:30:58 PM    581632    32    C:\WINDOWS\system32\hpotscl.dll
9/12/2009 3:30:58 PM    229376    32    C:\WINDOWS\system32\hpovst08.dll
9/12/2009 3:30:37 PM    196608    32    C:\WINDOWS\system32\hpzcoi12.dll
9/12/2009 3:30:38 PM    393216    32    C:\WINDOWS\system32\hpzcon12.dll
9/12/2009 3:30:39 PM    139345    32    C:\WINDOWS\system32\hpzlnt12.dll
9/24/2009 3:15:33 PM    0    32    C:\WINDOWS\system32\ISHARE
8/26/2009 4:15:37 PM    17731    32    C:\WINDOWS\system32\jucaxyhu.lib
9/5/2009 1:54:48 AM    69632    32    C:\WINDOWS\system32\QuickTime.qts
9/5/2009 1:54:48 AM    94208    32    C:\WINDOWS\system32\QuickTimeVR.qtx
8/25/2009 8:38:55 PM    15521    32    C:\WINDOWS\system32\sydyji.exe
8/25/2009 8:38:55 PM    13811    32    C:\WINDOWS\system32\ysuva.dat

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======

9/12/2009 3:41:24 PM    1808    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
9/12/2009 3:47:15 PM    798    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

====== Files and Folders under "\Program Files" Last 60 Days======

10/8/2009 10:19:29 PM    14932253    C:\Program Files\Auslogics
10/12/2009 3:30:38 PM    0    C:\Program Files\CS
9/12/2009 3:40:32 PM    4141261    C:\Program Files\Hewlett-Packard
9/13/2009 1:56:30 AM    112137144    C:\Program Files\iTunes

====== Files under "\System32\Drivers" Last 60 Days======


====== Files Deleted under "%Temp%" ======


41 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891\Data
9/13/2009 1:56:30 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
9/13/2009 1:58:46 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86
9/13/2009 1:58:46 AM    133968    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86
8/25/2009 8:38:55 PM    12868    32    C:\Documents and Settings\All Users\Application Data\gubokiby.dl
8/25/2009 8:38:55 PM    15299    32    C:\Documents and Settings\All Users\Application Data\igezicahun.ban
8/25/2009 8:38:55 PM    17063    32    C:\Documents and Settings\All Users\Application Data\tanyvo.db

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\CUCore Agent
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKLM\Software\microsoft\shared tools\msconfig\startupreg\dla
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKLM\Software\microsoft\shared tools\msconfig\startupreg\IntelMeM
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\mmtask
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKLM\Software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Replay Center
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKLM\Software\microsoft\shared tools\msconfig\startupreg\swg
HKLM\Software\microsoft\shared tools\msconfig\startupreg\TkBellExe

====== Services ( Services that are Whitelisted are not shown) ======

ASAPIW2k (ASAPIW2K)- C:\WINDOWS\system32\drivers\ASAPIW2k.sys - Manual/Running
Avc (AVC Device)- C:\WINDOWS\system32\DRIVERS\avc.sys - Manual/Stopped
bvrp_pci (bvrp_pci)-  - Manual/Stopped
drvmcdb (drvmcdb)- C:\WINDOWS\system32\drivers\drvmcdb.sys - Boot/Running
drvnddm (drvnddm)- C:\WINDOWS\system32\drivers\drvnddm.sys - Auto/Running
DSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - Manual/Stopped
dsunidrv (DellSupport UniDriver)- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys - Auto/Running
E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
FANTOM (LEGO MINDSTORMS NXT Driver)- C:\WINDOWS\system32\DRIVERS\fantom.sys - Manual/Stopped
FTD2XX (FTD2XX.SYS FT8U2XX device driver)- C:\WINDOWS\system32\Drivers\FTD2XX.sys - Manual/Stopped
grmnusb (grmnusb)- C:\WINDOWS\system32\drivers\grmnusb.sys - Manual/Stopped
Hardlock (Hardlock)- \??\C:\WINDOWS\system32\drivers\hardlock.sys - Auto/Running
Haspnt (Haspnt)- \??\C:\WINDOWS\system32\drivers\Haspnt.sys - Auto/Running
IntelC51 (IntelC51)- C:\WINDOWS\system32\DRIVERS\IntelC51.sys - Manual/Running
IntelC52 (IntelC52)- C:\WINDOWS\system32\DRIVERS\IntelC52.sys - Manual/Running
IntelC53 (IntelC53)- C:\WINDOWS\system32\DRIVERS\IntelC53.sys - Manual/Running
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
MarvinBus (Pinnacle Marvin Bus)- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys - Manual/Running
MCSTRM (MCSTRM)-  - Auto/Stopped
mohfilt (mohfilt)- C:\WINDOWS\system32\DRIVERS\mohfilt.sys - Manual/Running
MSDV (Microsoft DV Camera and VCR)- C:\WINDOWS\system32\DRIVERS\msdv.sys - Manual/Stopped
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
PCLEPCI (PCLEPCI)- \??\C:\WINDOWS\system32\drivers\pclepci.sys - System/Running
RioS50 (RioS50 driver)- C:\WINDOWS\system32\Drivers\RioS50.sys - Manual/Stopped
senfilt (senfilt)- C:\WINDOWS\system32\drivers\senfilt.sys - Manual/Running
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
smwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Running
sscdbhk5 (sscdbhk5)- C:\WINDOWS\system32\drivers\sscdbhk5.sys - System/Running
ssrtln (ssrtln)- C:\WINDOWS\system32\drivers\ssrtln.sys - System/Running
tfsnboio (tfsnboio)- C:\WINDOWS\system32\dla\tfsnboio.sys - Auto/Running
tfsncofs (tfsncofs)- C:\WINDOWS\system32\dla\tfsncofs.sys - Auto/Running
tfsndrct (tfsndrct)- C:\WINDOWS\system32\dla\tfsndrct.sys - Auto/Running
tfsndres (tfsndres)- C:\WINDOWS\system32\dla\tfsndres.sys - Auto/Running
tfsnifs (tfsnifs)- C:\WINDOWS\system32\dla\tfsnifs.sys - Auto/Running
tfsnopio (tfsnopio)- C:\WINDOWS\system32\dla\tfsnopio.sys - Auto/Running
tfsnpool (tfsnpool)- C:\WINDOWS\system32\dla\tfsnpool.sys - Auto/Running
tfsnudf (tfsnudf)- C:\WINDOWS\system32\dla\tfsnudf.sys - Auto/Running
tfsnudfa (tfsnudfa)- C:\WINDOWS\system32\dla\tfsnudfa.sys - Auto/Running
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Stopped
WpdUsb (WpdUsb)- C:\WINDOWS\system32\Drivers\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

OTOY
WebEx
Ad-Aware
Adobe Flash Player 10 ActiveX
Audacity 1.2.6
Audible Download Manager
Backyard Baseball 2003
Carbonite
chundate ScreenSaver
Focus MP3 Recorder Pro 3.4
FTDI FTD2XX USB Drivers
Game Maker 7.0
Garfield 25th Anniversary Screen Saver
HASP4 Device Drivers
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Pinnacle Hollywood FX for Studio
HP Image Zone 4.7
HP Extended Capabilities 4.7
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Internet Explorer 8
iPod for Windows 2006-03-23
SmartSound Quicktracks Plugin
DesignPro 5.0 Limited Edition
iPod for Windows 2005-09-23
Chessmaster 10th Edition
Intel(R) 537EP V9x DF PCI Modem
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Security Update for Windows XP (KB893066)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Update for Windows XP (KB925720)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Hotfix for Windows XP (KB961118)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows Internet Explorer 7 (KB963027)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Security Update for Windows XP (KB968537)
Security Update for Windows Media Player (KB968816)
Security Update for Windows XP (KB969059)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Hotfix for Windows XP (KB970653-v3)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Update for Windows Internet Explorer 8 (KB971930)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows Media Player (KB973540)
Update for Windows XP (KB973815)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Kid Pix Studio Deluxe
Life of Christ
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Macromedia Shockwave Player
Magic Music Editor v5.3.12.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
My Way Search Assistant
NetStudio Easy Web Graphics
Microsoft National Language Support Downlevel APIs
Operation
Photo Finale
Picasa 3
PolderbitS Sound Recorder and Editor
proDAD Heroglyph 1.0
Intel(R) PRO Network Adapters and Drivers
Radiotracker 3.0.1.37
RealPlayer
rwss Screen Saver
screensaver
skiStunt
SSH2Deluxe  Screen Saver
Learn2 Player (Uninstall Only)
Tax Forms Assistant
Tax Forms Helper 2004 6.5
Tax Forms Helper 2006 7.5
Tax Forms Helper 2008 8.5
The Game Of Life
TI-84 Plus Dreams Screen Saver
TurboTax 2008
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Type To Learn
V CAST Music with Rhapsody
VeggieTalesJonah
Viewpoint Media Player
Where in the USA is Carmen Sandiego?
Where in the USA is Carmen Sandiego?
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
WinPcap 3.1 beta4
World Book Illustrated Atlas
Yahoo! Toolbar
Zoombinis Logical Journey(TM)
Microsoft Office 2000 SR-1 Small Business
Microsoft Office 2000 SR-1 Disc 2
Macromedia Flash Player
Bonjour
Sonic RecordNow Data
Apple Application Support
Scan
Microsoft Plus! Photo Story 2 LE
MyLearnExpress
Sonic DLA
SA23xx Device Manager
ScannerCopy
HP Product Assistant
Intel(R) PROSet for Wired Connections
Fax
Google Toolbar for Internet Explorer
MSXML 6 Service Pack 2 (KB954459)
InstantShare
Copy
Click to Meet Conference Client
iPod for Windows 2006-03-23
TrayApp
Sonic MyDVD LE
Maestro ActivityMaker
Google Toolbar for Internet Explorer
Java(TM) 6 Update 13
cp_dwShrek2Albums1
TurboTax 2008 WinPerUserEducation
TurboTax ItsDeductible 2005
Unload
Sonic Update Manager
Java(TM) 6 Update 7
Windows Media Player 10
HP PSC & OfficeJet 4.7
WebFldrs XP
NetZeroInstallers
Internet Explorer Default Page
TurningPoint 2008
MSXML 4.0 SP2 (KB927978)
CueTour
MyLearnExpress
ProductContext
LEGO® MINDSTORMS® NXT - English Language Pack
Modem On Hold
ChessBase 9
Google Earth
Jasc Paint Shop Photo Album 5
LEGO® MINDSTORMS® NXT Software v1.0
Readme
Math
2600
SmartSound Quicktracks Plugin
Sonic CinePlayer MP3 Creation Pack
Safari
Dell Driver Reset Tool
PanoStandAlone
AOLIcon
CreativeProjects
PhotoGallery
HP Software Update
AiO_Scan
PowerDVD 5.5
Destinations
Apple Software Update
Photo Click
Microsoft Plus! Digital Media Edition Installer
2600Trb
BufferChm
cp_dwShrek2Cards1
EarthLink setup files
TurboTax 2008 WinPerFedFormset
Jasc Paint Shop Pro Studio, Dell Editon
My Way Search Assistant
Modem Event Monitor
Get High Speed Internet!
HPSystemDiagnostics
Harry Potter II
AnswerWorks 4.0 Runtime - English
DellSupport
Modem Helper
e-Sword
DING!
SkinsHP1
Fall of Jericho
AiOSoftware
MSXML 4.0 SP2 (KB954430)
Ten Thumbs 4.3.1
QFolder
TurboTax 2008 WinPerReleaseEngine
Intel(R) Extreme Graphics 2 Driver
DocProc
Auslogics Registry Cleaner
Musicmatch® Jukebox
Compatibility Pack for the 2007 Office system
Microsoft FrontPage 2002
Microsoft PowerPoint 2002
e-Sword
DesignPro 5.0 Limited Edition
QuickProjects
Rio Music Manager
Studio 9
PrintScreen
Microsoft .NET Framework 3.0 Service Pack 2
QuickTime
CP_AtenaShokunin1Config
Apple Mobile Device Support
Sonic RecordNow Audio
Dell Media Experience
Adobe Reader 7.0
Garfield Desktop Comic
Dell Picture Studio v3.0
WordPerfect Office 12
TurboTax 2008 wohiper
TurboTax ItsDeductible 2006
Sonic RecordNow Copy
TurboTax 2008 wrapper
TurboTax 2008 WinPerTaxSupport
SONICblue Real Service Providers
Studio 9 Content CD/DVD
Director
MarketResearch
e-Sword Bible Screen Saver
Harry Potter - Quidditch World Cup
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 2.0 Service Pack 2
2600_Help
Microsoft .NET Framework 1.1
WebReg
DocumentViewer
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
The Incredibles: Rise of The Underminer
iPod for Windows 2005-09-23
LiveUpdate Notice (Symantec Corporation)
AnswerWorks 5.0 English Runtime
TWC User Controls
Ad-Aware
Auslogics Disk Defrag
LEGO® MINDSTORMS® NXT Driver
Google SketchUp Viewer
The Incredibles - When Danger Calls
TurboTax 2008 WinPerProgramHelp
Chessmaster 10th Edition
WexTech AnswerWorks
iTunes
Maestro ActivityMaker
Quicken 2009
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Social Studies and Science
Garmin Communicator Plugin
CreativeProjectsTemplates

======== Other Info ========

TOTAL PHYSICAL RAM: 535 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


OS Type:  Microsoft Windows XP Home Edition
Build:  5.1.2600
Service Pack:  2.0


====== Files with Hidden Attributes======

C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\NTUSER.DAT
C:\Documents and Settings\Administrator\IECompatCache\index.dat
C:\Documents and Settings\Administrator\IETldCache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081020090817\index.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081720090824\index.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009082620090827\index.dat
C:\Documents and Settings\Administrator\PrivacIE\index.dat

==End of Report==
     

  • Post Points: 20

20 Replies:

Joined on 01/16/2006
Posts: 10,323
Points 15,967

Re: Bamajim

27 Oct 2009 08:49PM

 

rspangl

It will take a few runs at this so please be patient

1. We need to make sure we can see hidden files and folders

To enable the viewing of Hidden and System files follow these steps:
    Right click on Start and select Explore.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Click Yes To confirm
    Press the Apply button and then the OK button.

2. Using Windows Explorer
    (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)

Locate and Delete the following files

C:\ldvx.exe
C:\qsdhs.exe
C:\WINDOWS\cosawesoha._dl
C:\WINDOWS\duhe._dl
C:\WINDOWS\inoxiwymet.ban
C:\WINDOWS\ovezydyz.dl
C:\WINDOWS\zibela._dl
C:\WINDOWS\system32\41-v5.exe
C:\WINDOWS\system32\jucaxyhu.lib
C:\WINDOWS\system32\sydyji.exe
C:\WINDOWS\system32\ysuva.dat
C:\Documents and Settings\All Users\Application Data\gubokiby.dl
C:\Documents and Settings\All Users\Application Data\igezicahun.ban
C:\Documents and Settings\All Users\Application Data\tanyvo.db
C:\Documents and Settings\Ron\Local Settings\Temp\win32.exe

Close Windows Explorer

3. Open Notepad (Not Wordpad)
Select Edit and uncheck Wordwrap
Copy and paste the following into Notepad
(Making sure there is no space between the top of the window and the first line)


REGEDIT4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"calc"=-
"fajatezigu"=-

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Yjafosi8kdf98winmdkmnkmfnwe"=-
"calc"=-


After you copy and paste it your cursor should be at the end of the first line
Hit Enter so your cursor is under the last line
    Click File->>Save as->>type in fix.reg->>
    Under "Save as type" Select "All Files"->> save it to your Desktop
    Close Notepad

The fix.reg file should now appear on your Desktop (If it saved properly it will look like a stack of small blue blocks)


Rt Click and Select merge->>If prompted to Merge this Select Yes (it will appear that nothing has happened but that's o.k.)

4. Reboot your PC ->>Rerun FileLister and post a fresh Filelister log

 

Consumer Security 2008- 2009

 

  • Post Points: 20
Joined on 10/24/2009
Posts: 17
Points 295

Re: Bamajim

27 Oct 2009 10:03PM

Many thanks for your help!  I believe I followed all the steps.  See latest log below.


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.1.1                                 +
+                                                                    +
+  By bamajim / SpywareHammer.com                 +
+++++++++++++++++++++++++++++++++

Report ran on --->>>  10/27/2009 10:58:57 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======

BHO: (NO NAME) - {fa9fc5c9-e865-4cfc-a8f5-a5630712beb4} - jejobadi.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[SoundMAXPnP] = C:\Program Files\Analog Devices\Core\smax4pnp.exe
[igfxtray] = C:\WINDOWS\system32\igfxtray.exe
[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe
[igfxpers] = C:\WINDOWS\system32\igfxpers.exe
[Symantec PIF AlertEng] = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
[Carbonite Backup] = C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
[HP Software Update] = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[calc] = rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
[Malwarebytes Anti-Malware (reboot)] = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[fajatezigu] = Rundll32.exe "pekuveme.dll",s

====== HKCU\~\Run Keys ======

[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe
[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /background
[Yjafosi8kdf98winmdkmnkmfnwe] = C:\DOCUME~1\Ron\LOCALS~1\Temp\win32.exe
[calc] = rundll32.exe C:\DOCUME~1\Ron\ntuser.dll,_IWMPEvents@0

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

10/24/2009 4:23:31 PM    16572635    C:\ComboFix
10/24/2009 4:23:31 PM    8861    C:\ComboFix\N_
10/24/2009 4:18:57 PM    6176546    C:\Qoobox
10/24/2009 4:25:14 PM    14439    C:\Qoobox\BackEnv
10/24/2009 4:25:14 PM    124    C:\Qoobox\LastRun
10/24/2009 4:18:57 PM    6161983    C:\Qoobox\Quarantine
10/24/2009 4:26:48 PM    6147449    C:\Qoobox\Quarantine\C
10/24/2009 4:41:23 PM    1598436    C:\Qoobox\Quarantine\C\Documents and Settings
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data
10/24/2009 4:41:23 PM    1051682    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\22002915
10/24/2009 4:41:24 PM    49459    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly
10/24/2009 4:41:24 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Desktop
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs
10/24/2009 4:41:25 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs\Startup
10/24/2009 4:41:26 PM    290371    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey
10/24/2009 4:41:26 PM    28681    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Application Data
10/24/2009 4:41:26 PM    68232    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Cookies
10/24/2009 4:41:27 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Desktop
10/24/2009 4:41:28 PM    143995    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings
10/24/2009 4:41:28 PM    55434    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Application Data
10/24/2009 4:41:28 PM    88561    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Temporary Internet Files
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs
10/24/2009 4:41:30 PM    24205    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    47753    C:\Qoobox\Quarantine\C\Documents and Settings\Patty
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    108434    C:\Qoobox\Quarantine\C\Documents and Settings\Ron
10/24/2009 4:41:31 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Desktop
10/24/2009 4:41:32 PM    58979    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\My Documents
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs
10/24/2009 4:41:32 PM    24197    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs\Startup
10/24/2009 4:41:33 PM    1084310    C:\Qoobox\Quarantine\C\Program Files
10/24/2009 4:41:33 PM    34446    C:\Qoobox\Quarantine\C\Program Files\Common Files
10/24/2009 4:41:33 PM    257280    C:\Qoobox\Quarantine\C\Program Files\qpmynv
10/24/2009 4:41:33 PM    397325    C:\Qoobox\Quarantine\C\Program Files\Shared
10/24/2009 4:41:34 PM    395259    C:\Qoobox\Quarantine\C\Program Files\WinPcap
10/24/2009 4:41:36 PM    3464703    C:\Qoobox\Quarantine\C\WINDOWS
10/24/2009 4:41:37 PM    3224576    C:\Qoobox\Quarantine\C\WINDOWS\system32
10/24/2009 4:41:38 PM    32000    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
10/24/2009 4:18:57 PM    14534    C:\Qoobox\Quarantine\Registry_backups
10/24/2009 4:25:14 PM    0    C:\Qoobox\Test
10/24/2009 4:25:14 PM    0    C:\Qoobox\TestC
10/25/2009 12:08:38 PM    0    32    C:\Files.txt
10/13/2009 7:43:20 AM    534827008    38    C:\hiberfil.sys
10/20/2009 8:18:00 PM    1044771    C:\WINDOWS\$NtUninstallKB954155_WM9$
10/20/2009 8:18:00 PM    630827    C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst
9/8/2009 10:13:58 PM    785101    C:\WINDOWS\$NtUninstallKB956844$
9/8/2009 10:13:58 PM    632013    C:\WINDOWS\$NtUninstallKB956844$\spuninst
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$\spuninst
10/4/2009 12:33:30 AM    2128325    C:\WINDOWS\$NtUninstallKB968389$
10/4/2009 12:33:30 AM    637509    C:\WINDOWS\$NtUninstallKB968389$\spuninst
9/8/2009 10:13:50 PM    3007559    C:\WINDOWS\$NtUninstallKB968816_WM9$
9/8/2009 10:13:50 PM    630799    C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst
10/20/2009 8:02:15 PM    2067399    C:\WINDOWS\$NtUninstallKB969059$
10/20/2009 8:02:16 PM    631751    C:\WINDOWS\$NtUninstallKB969059$\spuninst
10/20/2009 7:56:03 PM    9025068    C:\WINDOWS\$NtUninstallKB971486$
10/20/2009 7:56:03 PM    635052    C:\WINDOWS\$NtUninstallKB971486$\spuninst
10/20/2009 7:53:40 PM    769057    C:\WINDOWS\$NtUninstallKB973525$
10/20/2009 7:53:40 PM    629793    C:\WINDOWS\$NtUninstallKB973525$\spuninst
10/20/2009 8:01:54 PM    879066    C:\WINDOWS\$NtUninstallKB974112$
10/20/2009 8:01:55 PM    631740    C:\WINDOWS\$NtUninstallKB974112$\spuninst
10/20/2009 8:00:49 PM    688904    C:\WINDOWS\$NtUninstallKB974571$
10/20/2009 8:00:49 PM    631560    C:\WINDOWS\$NtUninstallKB974571$\spuninst
10/20/2009 8:01:30 PM    926204    C:\WINDOWS\$NtUninstallKB975025$
10/20/2009 8:01:30 PM    631292    C:\WINDOWS\$NtUninstallKB975025$\spuninst
10/20/2009 7:51:06 PM    765286    C:\WINDOWS\$NtUninstallKB975467$
10/20/2009 7:51:06 PM    631654    C:\WINDOWS\$NtUninstallKB975467$\spuninst
10/24/2009 4:25:14 PM    61541938    C:\WINDOWS\ERDNT
10/24/2009 4:25:14 PM    61541698    C:\WINDOWS\ERDNT\Hiv-backup
10/24/2009 4:25:46 PM    6643712    C:\WINDOWS\ERDNT\Hiv-backup\Users
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
10/24/2009 4:25:46 PM    5812224    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
10/24/2009 4:25:46 PM    339968    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
10/24/2009 4:25:26 PM    80412    32    C:\WINDOWS\grep.exe
9/12/2009 3:31:17 PM    68940    32    C:\WINDOWS\hpoins05.dat
9/12/2009 3:31:17 PM    19696    0    C:\WINDOWS\hpomdl05.dat
10/20/2009 8:17:57 PM    8738    32    C:\WINDOWS\KB954155.log
9/8/2009 10:13:57 PM    7786    32    C:\WINDOWS\KB956844.log
10/20/2009 8:18:29 PM    6817    32    C:\WINDOWS\KB958869.log
9/13/2009 1:33:33 AM    19736    32    C:\WINDOWS\KB968389.log
9/8/2009 10:13:50 PM    6805    32    C:\WINDOWS\KB968816.log
10/16/2009 10:21:57 AM    13964    32    C:\WINDOWS\KB969059.log
10/20/2009 7:54:41 PM    10097    32    C:\WINDOWS\KB971486.log
9/8/2009 10:12:14 PM    7756    32    C:\WINDOWS\KB971961-IE8.log
10/20/2009 7:52:18 PM    6936    32    C:\WINDOWS\KB973525.log
10/16/2009 10:22:02 AM    14107    32    C:\WINDOWS\KB974112.log
10/21/2009 6:27:29 PM    13424    32    C:\WINDOWS\KB974455-IE8.log
10/16/2009 10:21:43 AM    14518    32    C:\WINDOWS\KB974571.log
10/16/2009 10:21:52 AM    14070    32    C:\WINDOWS\KB975025.log
10/16/2009 10:21:04 AM    16245    32    C:\WINDOWS\KB975467.log
10/24/2009 4:25:26 PM    31232    32    C:\WINDOWS\NIRCMD.exe
10/24/2009 4:25:26 PM    236544    32    C:\WINDOWS\PEV.exe
10/24/2009 4:25:26 PM    98816    32    C:\WINDOWS\sed.exe
10/24/2009 4:25:26 PM    161792    32    C:\WINDOWS\SWREG.exe
10/24/2009 4:25:26 PM    136704    32    C:\WINDOWS\SWSC.exe
10/24/2009 4:25:26 PM    212480    32    C:\WINDOWS\SWXCACLS.exe
10/24/2009 4:25:26 PM    68096    32    C:\WINDOWS\zip.exe
9/12/2009 3:30:58 PM    581632    32    C:\WINDOWS\system32\hpotscl.dll
9/12/2009 3:30:58 PM    229376    32    C:\WINDOWS\system32\hpovst08.dll
9/12/2009 3:30:37 PM    196608    32    C:\WINDOWS\system32\hpzcoi12.dll
9/12/2009 3:30:38 PM    393216    32    C:\WINDOWS\system32\hpzcon12.dll
9/12/2009 3:30:39 PM    139345    32    C:\WINDOWS\system32\hpzlnt12.dll
9/24/2009 3:15:33 PM    0    32    C:\WINDOWS\system32\ISHARE
9/5/2009 1:54:48 AM    69632    32    C:\WINDOWS\system32\QuickTime.qts
9/5/2009 1:54:48 AM    94208    32    C:\WINDOWS\system32\QuickTimeVR.qtx

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======

9/12/2009 3:41:24 PM    1808    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
9/12/2009 3:47:15 PM    798    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

====== Files and Folders under "\Program Files" Last 60 Days======

10/8/2009 10:19:29 PM    14932253    C:\Program Files\Auslogics
9/12/2009 3:40:32 PM    4141261    C:\Program Files\Hewlett-Packard
9/13/2009 1:56:30 AM    112137144    C:\Program Files\iTunes

====== Files under "\System32\Drivers" Last 60 Days======


====== Files Deleted under "%Temp%" ======


29 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891\Data
9/13/2009 1:56:30 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
9/13/2009 1:58:46 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86
9/13/2009 1:58:46 AM    133968    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\CUCore Agent
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKLM\Software\microsoft\shared tools\msconfig\startupreg\dla
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKLM\Software\microsoft\shared tools\msconfig\startupreg\IntelMeM
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\mmtask
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKLM\Software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Replay Center
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKLM\Software\microsoft\shared tools\msconfig\startupreg\swg
HKLM\Software\microsoft\shared tools\msconfig\startupreg\TkBellExe

====== Services ( Services that are Whitelisted are not shown) ======

61883 (61883 Unit Device)- C:\WINDOWS\system32\DRIVERS\61883.sys - Manual/Stopped
Abiosdsk (Abiosdsk)-  - Disabled/Stopped
abp480n5 (abp480n5)- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS - Disabled/Stopped
ACPI (Microsoft ACPI Driver)- C:\WINDOWS\system32\DRIVERS\ACPI.sys - Boot/Running
ACPIEC (ACPIEC)- C:\WINDOWS\system32\drivers\ACPIEC.sys - Disabled/Stopped
adpu160m (adpu160m)- C:\WINDOWS\system32\DRIVERS\adpu160m.sys - Disabled/Stopped
aec (Microsoft Kernel Acoustic Echo Canceller)- C:\WINDOWS\system32\drivers\aec.sys - Manual/Stopped
AFD (AFD)- C:\WINDOWS\system32\drivers\afd.sys - System/Running
agp440 (Intel AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\agp440.sys - Disabled/Stopped
agpCPQ (Compaq AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys - Disabled/Stopped
Aha154x (Aha154x)- C:\WINDOWS\system32\DRIVERS\aha154x.sys - Disabled/Stopped
aic78u2 (aic78u2)- C:\WINDOWS\system32\DRIVERS\aic78u2.sys - Disabled/Stopped
aic78xx (aic78xx)- C:\WINDOWS\system32\DRIVERS\aic78xx.sys - Disabled/Stopped
AliIde (AliIde)- C:\WINDOWS\system32\DRIVERS\aliide.sys - Disabled/Stopped
alim1541 (ALI AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\alim1541.sys - Disabled/Stopped
amdagp (AMD AGP Bus Filter Driver)- C:\WINDOWS\system32\DRIVERS\amdagp.sys - Disabled/Stopped
amsint (amsint)- C:\WINDOWS\system32\DRIVERS\amsint.sys - Disabled/Stopped
Arp1394 (1394 ARP Client Protocol)- C:\WINDOWS\system32\DRIVERS\arp1394.sys - Manual/Running
ASAPIW2k (ASAPIW2K)- C:\WINDOWS\system32\drivers\ASAPIW2k.sys - Manual/Running
asc (asc)- C:\WINDOWS\system32\DRIVERS\asc.sys - Disabled/Stopped
asc3350p (asc3350p)- C:\WINDOWS\system32\DRIVERS\asc3350p.sys - Disabled/Stopped
asc3550 (asc3550)- C:\WINDOWS\system32\DRIVERS\asc3550.sys - Disabled/Stopped
AsyncMac (RAS Asynchronous Media Driver)- C:\WINDOWS\system32\DRIVERS\asyncmac.sys - Manual/Stopped
atapi (Standard IDE/ESDI Hard Disk Controller)- C:\WINDOWS\system32\DRIVERS\atapi.sys - Boot/Running
Atdisk (Atdisk)-  - Disabled/Stopped
Atmarpc (ATM ARP Client Protocol)- C:\WINDOWS\system32\DRIVERS\atmarpc.sys - Manual/Stopped
audstub (Audio Stub Driver)- C:\WINDOWS\system32\DRIVERS\audstub.sys - Manual/Running
Avc (AVC Device)- C:\WINDOWS\system32\DRIVERS\avc.sys - Manual/Stopped
Beep (Beep)-  - System/Stopped
bvrp_pci (bvrp_pci)-  - Manual/Stopped
catchme (catchme)- \??\C:\DOCUME~1\Ron\LOCALS~1\Temp\catchme.sys - Manual/Stopped
cbidf (cbidf)- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys - Disabled/Stopped
cbidf2k (cbidf2k)- C:\WINDOWS\system32\drivers\cbidf2k.sys - Disabled/Stopped
CCDECODE (Closed Caption Decoder)- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys - Manual/Stopped
cd20xrnt (cd20xrnt)- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys - Disabled/Stopped
Cdaudio (Cdaudio)- C:\WINDOWS\system32\drivers\Cdaudio.sys - System/Stopped
Cdfs (Cdfs)- C:\WINDOWS\system32\drivers\Cdfs.sys - Disabled/Running
Cdrom (CD-ROM Driver)- C:\WINDOWS\system32\DRIVERS\cdrom.sys - System/Running
Changer (Changer)-  - System/Stopped
CmdIde (CmdIde)- C:\WINDOWS\system32\DRIVERS\cmdide.sys - Disabled/Stopped
Cpqarray (Cpqarray)- C:\WINDOWS\system32\DRIVERS\cpqarray.sys - Disabled/Stopped
dac2w2k (dac2w2k)- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - Disabled/Stopped
dac960nt (dac960nt)- C:\WINDOWS\system32\DRIVERS\dac960nt.sys - Disabled/Stopped
Disk (Disk Driver)- C:\WINDOWS\system32\DRIVERS\disk.sys - Boot/Running
dmboot (dmboot)- C:\WINDOWS\system32\drivers\dmboot.sys - Disabled/Stopped
dmio (dmio)- C:\WINDOWS\system32\drivers\dmio.sys - Disabled/Stopped
dmload (dmload)- C:\WINDOWS\system32\drivers\dmload.sys - Disabled/Stopped
DMusic (Microsoft Kernel DLS Syntheiszer)- C:\WINDOWS\system32\drivers\DMusic.sys - Manual/Stopped
dpti2o (dpti2o)- C:\WINDOWS\system32\DRIVERS\dpti2o.sys - Disabled/Stopped
drmkaud (Microsoft Kernel DRM Audio Descrambler)- C:\WINDOWS\system32\drivers\drmkaud.sys - Manual/Stopped
drvmcdb (drvmcdb)- C:\WINDOWS\system32\drivers\drvmcdb.sys - Boot/Running
drvnddm (drvnddm)- C:\WINDOWS\system32\drivers\drvnddm.sys - Auto/Running
DSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - Manual/Stopped
dsunidrv (DellSupport UniDriver)- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys - Auto/Running
E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
FANTOM (LEGO MINDSTORMS NXT Driver)- C:\WINDOWS\system32\DRIVERS\fantom.sys - Manual/Stopped
Fastfat (Fastfat)- C:\WINDOWS\system32\drivers\Fastfat.sys - Disabled/Running
Fdc (Floppy Disk Controller Driver)- C:\WINDOWS\system32\DRIVERS\fdc.sys - Manual/Running
Fips (Fips)- C:\WINDOWS\system32\drivers\Fips.sys - System/Running
Flpydisk (Floppy Disk Driver)- C:\WINDOWS\system32\DRIVERS\flpydisk.sys - Manual/Running
FltMgr (FltMgr)- C:\WINDOWS\system32\DRIVERS\fltMgr.sys - Boot/Running
FTD2XX (FTD2XX.SYS FT8U2XX device driver)- C:\WINDOWS\system32\Drivers\FTD2XX.sys - Manual/Stopped
Ftdisk (Volume Manager Driver)- C:\WINDOWS\system32\DRIVERS\ftdisk.sys - Boot/Running
GEARAspiWDM (GEAR ASPI Filter Driver)- C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys - Manual/Running
Gpc (Generic Packet Classifier)- C:\WINDOWS\system32\DRIVERS\msgpc.sys - Manual/Running
grmnusb (grmnusb)- C:\WINDOWS\system32\drivers\grmnusb.sys - Manual/Stopped
Hardlock (Hardlock)- \??\C:\WINDOWS\system32\drivers\hardlock.sys - Auto/Running
Haspnt (Haspnt)- \??\C:\WINDOWS\system32\drivers\Haspnt.sys - Auto/Running
HidUsb (Microsoft HID Class Driver)- C:\WINDOWS\system32\DRIVERS\hidusb.sys - Manual/Running
hpn (hpn)- C:\WINDOWS\system32\DRIVERS\hpn.sys - Disabled/Stopped
HPZid412 (IEEE-1284.4 Driver HPZid412)- C:\WINDOWS\system32\DRIVERS\HPZid412.sys - Manual/Running
HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12)- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys - Manual/Running
HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12)- C:\WINDOWS\system32\DRIVERS\HPZius12.sys - Manual/Running
HTTP (HTTP)- C:\WINDOWS\system32\Drivers\HTTP.sys - Manual/Running
i2omgmt (i2omgmt)- C:\WINDOWS\system32\drivers\i2omgmt.sys - System/Running
i2omp (i2omp)- C:\WINDOWS\system32\DRIVERS\i2omp.sys - Disabled/Stopped
i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver)- C:\WINDOWS\system32\DRIVERS\i8042prt.sys - System/Running
ialm (ialm)- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys - Manual/Running
Imapi (CD-Burning Filter Driver)- C:\WINDOWS\system32\DRIVERS\imapi.sys - System/Running
ini910u (ini910u)- C:\WINDOWS\system32\DRIVERS\ini910u.sys - Disabled/Stopped
IntelC51 (IntelC51)- C:\WINDOWS\system32\DRIVERS\IntelC51.sys - Manual/Running
IntelC52 (IntelC52)- C:\WINDOWS\system32\DRIVERS\IntelC52.sys - Manual/Running
IntelC53 (IntelC53)- C:\WINDOWS\system32\DRIVERS\IntelC53.sys - Manual/Running
IntelIde (IntelIde)- C:\WINDOWS\system32\DRIVERS\intelide.sys - Boot/Running
intelppm (Intel Processor Driver)- C:\WINDOWS\system32\DRIVERS\intelppm.sys - System/Running
Ip6Fw (IPv6 Windows Firewall Driver)- C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys - Manual/Stopped
IpFilterDriver (IP Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys - Manual/Stopped
IpInIp (IP in IP Tunnel Driver)- C:\WINDOWS\system32\DRIVERS\ipinip.sys - Manual/Stopped
IpNat (IP Network Address Translator)- C:\WINDOWS\system32\DRIVERS\ipnat.sys - Manual/Running
IPSec (IPSEC driver)- C:\WINDOWS\system32\DRIVERS\ipsec.sys - System/Running
IRENUM (IR Enumerator Service)- C:\WINDOWS\system32\DRIVERS\irenum.sys - Manual/Stopped
isapnp (PnP ISA/EISA Bus Driver)- C:\WINDOWS\system32\DRIVERS\isapnp.sys - Boot/Running
Kbdclass (Keyboard Class Driver)- C:\WINDOWS\system32\DRIVERS\kbdclass.sys - System/Running
kmixer (Microsoft Kernel Wave Audio Mixer)- C:\WINDOWS\system32\drivers\kmixer.sys - Manual/Stopped
KSecDD (KSecDD)- C:\WINDOWS\system32\drivers\KSecDD.sys - Boot/Running
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
lbrtfdc (lbrtfdc)-  - System/Stopped
MarvinBus (Pinnacle Marvin Bus)- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys - Manual/Running
MCSTRM (MCSTRM)-  - Auto/Stopped
mnmdd (mnmdd)- C:\WINDOWS\system32\drivers\mnmdd.sys - System/Running
Modem (Modem)- C:\WINDOWS\system32\drivers\Modem.sys - Manual/Running
MODEMCSA (Unimodem Streaming Filter Device)- C:\WINDOWS\system32\drivers\MODEMCSA.sys - Manual/Running
mohfilt (mohfilt)- C:\WINDOWS\system32\DRIVERS\mohfilt.sys - Manual/Running
Mouclass (Mouse Class Driver)- C:\WINDOWS\system32\DRIVERS\mouclass.sys - System/Running
mouhid (Mouse HID Driver)- C:\WINDOWS\system32\DRIVERS\mouhid.sys - Manual/Running
MountMgr (MountMgr)- C:\WINDOWS\system32\drivers\MountMgr.sys - Boot/Running
mraid35x (mraid35x)- C:\WINDOWS\system32\DRIVERS\mraid35x.sys - Disabled/Stopped
MRxDAV (WebDav Client Redirector)- C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Manual/Running
MRxSmb (MRXSMB)- C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - System/Running
MSDV (Microsoft DV Camera and VCR)- C:\WINDOWS\system32\DRIVERS\msdv.sys - Manual/Stopped
Msfs (Msfs)- C:\WINDOWS\system32\drivers\Msfs.sys - System/Running
MSKSSRV (Microsoft Streaming Service Proxy)- C:\WINDOWS\system32\drivers\MSKSSRV.sys - Manual/Stopped
MSPCLOCK (Microsoft Streaming Clock Proxy)- C:\WINDOWS\system32\drivers\MSPCLOCK.sys - Manual/Stopped
MSPQM (Microsoft Streaming Quality Manager Proxy)- C:\WINDOWS\system32\drivers\MSPQM.sys - Manual/Stopped
mssmbios (Microsoft System Management BIOS Driver)- C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Manual/Running
MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter)- C:\WINDOWS\system32\drivers\MSTEE.sys - Manual/Stopped
Mup (Mup)- C:\WINDOWS\system32\drivers\Mup.sys - Boot/Running
NABTSFEC (NABTS/FEC VBI Codec)- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys - Manual/Stopped
NDIS (NDIS System Driver)- C:\WINDOWS\system32\drivers\NDIS.sys - Boot/Running
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
NdisTapi (Remote Access NDIS TAPI Driver)- C:\WINDOWS\system32\DRIVERS\ndistapi.sys - Manual/Running
Ndisuio (NDIS Usermode I/O Protocol)- C:\WINDOWS\system32\DRIVERS\ndisuio.sys - Manual/Running
NdisWan (Remote Access NDIS WAN Driver)- C:\WINDOWS\system32\DRIVERS\ndiswan.sys - Manual/Running
NDProxy (NDIS Proxy)- C:\WINDOWS\system32\drivers\NDProxy.sys - Manual/Running
NetBIOS (NetBIOS Interface)- C:\WINDOWS\system32\DRIVERS\netbios.sys - System/Running
NetBT (NetBios over Tcpip)- C:\WINDOWS\system32\DRIVERS\netbt.sys - System/Running
NIC1394 (1394 Net Driver)- C:\WINDOWS\system32\DRIVERS\nic1394.sys - Manual/Running
nm (Network Monitor Driver)- C:\WINDOWS\system32\DRIVERS\NMnt.sys - Manual/Stopped
Npfs (Npfs)- C:\WINDOWS\system32\drivers\Npfs.sys - System/Running
Ntfs (Ntfs)- C:\WINDOWS\system32\drivers\Ntfs.sys - Disabled/Running
Null (Null)- C:\WINDOWS\system32\drivers\Null.sys - System/Running
nv (nv)- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - Manual/Stopped
NwlnkFlt (IPX Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys - Manual/Stopped
NwlnkFwd (IPX Traffic Forwarder Driver)- C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys - Manual/Stopped
ohci1394 (OHCI Compliant IEEE 1394 Host Controller)- C:\WINDOWS\system32\DRIVERS\ohci1394.sys - Boot/Running
Parport (Parallel port driver)- C:\WINDOWS\system32\DRIVERS\parport.sys - Manual/Running
PartMgr (PartMgr)- C:\WINDOWS\system32\drivers\PartMgr.sys - Boot/Running
ParVdm (ParVdm)- C:\WINDOWS\system32\drivers\ParVdm.sys - Disabled/Stopped
PCI (PCI Bus Driver)- C:\WINDOWS\system32\DRIVERS\pci.sys - Boot/Running
PCIDump (PCIDump)-  - System/Stopped
PCIIde (PCIIde)- C:\WINDOWS\system32\DRIVERS\pciide.sys - Boot/Running
PCLEPCI (PCLEPCI)- \??\C:\WINDOWS\system32\drivers\pclepci.sys - System/Running
Pcmcia (Pcmcia)- C:\WINDOWS\system32\drivers\Pcmcia.sys - Disabled/Stopped
PDCOMP (PDCOMP)-  - Manual/Stopped
PDFRAME (PDFRAME)-  - Manual/Stopped
PDRELI (PDRELI)-  - Manual/Stopped
PDRFRAME (PDRFRAME)-  - Manual/Stopped
perc2 (perc2)- C:\WINDOWS\system32\DRIVERS\perc2.sys - Disabled/Stopped
perc2hib (perc2hib)- C:\WINDOWS\system32\DRIVERS\perc2hib.sys - Disabled/Stopped
PptpMiniport (WAN Miniport (PPTP))- C:\WINDOWS\system32\DRIVERS\raspptp.sys - Manual/Running
PSched (QoS Packet Scheduler)- C:\WINDOWS\system32\DRIVERS\psched.sys - Manual/Running
Ptilink (Direct Parallel Link Driver)- C:\WINDOWS\system32\DRIVERS\ptilink.sys - Manual/Running
PxHelp20 (PxHelp20)- C:\WINDOWS\system32\Drivers\PxHelp20.sys - Boot/Running
ql1080 (ql1080)- C:\WINDOWS\system32\DRIVERS\ql1080.sys - Disabled/Stopped
Ql10wnt (Ql10wnt)- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys - Disabled/Stopped
ql12160 (ql12160)- C:\WINDOWS\system32\DRIVERS\ql12160.sys - Disabled/Stopped
ql1240 (ql1240)- C:\WINDOWS\system32\DRIVERS\ql1240.sys - Disabled/Stopped
ql1280 (ql1280)- C:\WINDOWS\system32\DRIVERS\ql1280.sys - Disabled/Stopped
RasAcd (Remote Access Auto Connection Driver)- C:\WINDOWS\system32\DRIVERS\rasacd.sys - System/Running
Rasl2tp (WAN Miniport (L2TP))- C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - Manual/Running
RasPppoe (Remote Access PPPOE Driver)- C:\WINDOWS\system32\DRIVERS\raspppoe.sys - Manual/Running
Raspti (Direct Parallel)- C:\WINDOWS\system32\DRIVERS\raspti.sys - Manual/Running
Rdbss (Rdbss)- C:\WINDOWS\system32\DRIVERS\rdbss.sys - System/Running
RDPCDD (RDPCDD)- C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - System/Running
rdpdr (Terminal Server Device Redirector Driver)- C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Manual/Stopped
RDPWD (RDPWD)- C:\WINDOWS\system32\drivers\RDPWD.sys - Manual/Stopped
redbook (Digital CD Audio Playback Filter Driver)- C:\WINDOWS\system32\DRIVERS\redbook.sys - System/Running
RioS50 (RioS50 driver)- C:\WINDOWS\system32\Drivers\RioS50.sys - Manual/Stopped
Secdrv (Secdrv)- C:\WINDOWS\system32\DRIVERS\secdrv.sys - Auto/Running
senfilt (senfilt)- C:\WINDOWS\system32\drivers\senfilt.sys - Manual/Running
serenum (Serenum Filter Driver)- C:\WINDOWS\system32\DRIVERS\serenum.sys - Manual/Running
Serial (Serial port driver)- C:\WINDOWS\system32\DRIVERS\serial.sys - System/Running
Sfloppy (Sfloppy)- C:\WINDOWS\system32\drivers\Sfloppy.sys - System/Stopped
Simbad (Simbad)-  - Disabled/Stopped
sisagp (SIS AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\sisagp.sys - Disabled/Stopped
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
smwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Running
Sparrow (Sparrow)- C:\WINDOWS\system32\DRIVERS\sparrow.sys - Disabled/Stopped
splitter (Microsoft Kernel Audio Splitter)- C:\WINDOWS\system32\drivers\splitter.sys - Manual/Stopped
sr (System Restore Filter Driver)- C:\WINDOWS\system32\DRIVERS\sr.sys - Disabled/Stopped
Srv (Srv)- C:\WINDOWS\system32\DRIVERS\srv.sys - Manual/Running
sscdbhk5 (sscdbhk5)- C:\WINDOWS\system32\drivers\sscdbhk5.sys - System/Running
ssrtln (ssrtln)- C:\WINDOWS\system32\drivers\ssrtln.sys - System/Running
streamip (BDA IPSink)- C:\WINDOWS\system32\DRIVERS\StreamIP.sys - Manual/Stopped
swenum (Software Bus Driver)- C:\WINDOWS\system32\DRIVERS\swenum.sys - Manual/Running
swmidi (Microsoft Kernel GS Wavetable Synthesizer)- C:\WINDOWS\system32\drivers\swmidi.sys - Manual/Stopped
symc810 (symc810)- C:\WINDOWS\system32\DRIVERS\symc810.sys - Disabled/Stopped
symc8xx (symc8xx)- C:\WINDOWS\system32\DRIVERS\symc8xx.sys - Disabled/Stopped
sym_hi (sym_hi)- C:\WINDOWS\system32\DRIVERS\sym_hi.sys - Disabled/Stopped
sym_u3 (sym_u3)- C:\WINDOWS\system32\DRIVERS\sym_u3.sys - Disabled/Stopped
sysaudio (Microsoft Kernel System Audio Device)- C:\WINDOWS\system32\drivers\sysaudio.sys - Manual/Running
Tcpip (TCP/IP Protocol Driver)- C:\WINDOWS\system32\DRIVERS\tcpip.sys - System/Running
TDPIPE (TDPIPE)- C:\WINDOWS\system32\drivers\TDPIPE.sys - Manual/Stopped
TDTCP (TDTCP)- C:\WINDOWS\system32\drivers\TDTCP.sys - Manual/Stopped
TermDD (Terminal Device Driver)- C:\WINDOWS\system32\DRIVERS\termdd.sys - System/Running
tfsnboio (tfsnboio)- C:\WINDOWS\system32\dla\tfsnboio.sys - Auto/Running
tfsncofs (tfsncofs)- C:\WINDOWS\system32\dla\tfsncofs.sys - Auto/Running
tfsndrct (tfsndrct)- C:\WINDOWS\system32\dla\tfsndrct.sys - Auto/Running
tfsndres (tfsndres)- C:\WINDOWS\system32\dla\tfsndres.sys - Auto/Running
tfsnifs (tfsnifs)- C:\WINDOWS\system32\dla\tfsnifs.sys - Auto/Running
tfsnopio (tfsnopio)- C:\WINDOWS\system32\dla\tfsnopio.sys - Auto/Running
tfsnpool (tfsnpool)- C:\WINDOWS\system32\dla\tfsnpool.sys - Auto/Running
tfsnudf (tfsnudf)- C:\WINDOWS\system32\dla\tfsnudf.sys - Auto/Running
tfsnudfa (tfsnudfa)- C:\WINDOWS\system32\dla\tfsnudfa.sys - Auto/Running
TosIde (TosIde)- C:\WINDOWS\system32\DRIVERS\toside.sys - Disabled/Stopped
Udfs (Udfs)- C:\WINDOWS\system32\drivers\Udfs.sys - Disabled/Stopped
ultra (ultra)- C:\WINDOWS\system32\DRIVERS\ultra.sys - Disabled/Stopped
Update (Microcode Update Driver)- C:\WINDOWS\system32\DRIVERS\update.sys - Manual/Running
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
usbccgp (Microsoft USB Generic Parent Driver)- C:\WINDOWS\system32\DRIVERS\usbccgp.sys - Manual/Running
usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver)- C:\WINDOWS\system32\DRIVERS\usbehci.sys - Manual/Running
usbhub (Microsoft USB Standard Hub Driver)- C:\WINDOWS\system32\DRIVERS\usbhub.sys - Manual/Running
usbprint (Microsoft USB PRINTER Class)- C:\WINDOWS\system32\DRIVERS\usbprint.sys - Manual/Running
usbscan (USB Scanner Driver)- C:\WINDOWS\system32\DRIVERS\usbscan.sys - Manual/Running
USBSTOR (USB Mass Storage Driver)- C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Manual/Running
usbuhci (Microsoft USB Universal Host Controller Miniport Driver)- C:\WINDOWS\system32\DRIVERS\usbuhci.sys - Manual/Running
VgaSave (VgaSave)- C:\WINDOWS\system32\drivers\vga.sys - System/Running
viaagp (VIA AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\viaagp.sys - Disabled/Stopped
ViaIde (ViaIde)- C:\WINDOWS\system32\DRIVERS\viaide.sys - Disabled/Stopped
VolSnap (VolSnap)- C:\WINDOWS\system32\drivers\VolSnap.sys - Boot/Running
Wanarp (Remote Access IP ARP Driver)- C:\WINDOWS\system32\DRIVERS\wanarp.sys - Manual/Running
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Stopped
WDICA (WDICA)-  - Manual/Stopped
wdmaud (Microsoft WINMM WDM Audio Compatibility Driver)- C:\WINDOWS\system32\drivers\wdmaud.sys - Manual/Running
WpdUsb (WpdUsb)- C:\WINDOWS\system32\Drivers\wpdusb.sys - Manual/Stopped
WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment)- C:\WINDOWS\system32\drivers\ws2ifsl.sys - Disabled/Stopped
WSTCODEC (World Standard Teletext Codec)- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS - Manual/Stopped

====== Uninstall List ======

OTOY
WebEx
Ad-Aware
Adobe Flash Player 10 ActiveX
Audacity 1.2.6
Audible Download Manager
Backyard Baseball 2003
Carbonite
chundate ScreenSaver
Focus MP3 Recorder Pro 3.4
FTDI FTD2XX USB Drivers
Game Maker 7.0
Garfield 25th Anniversary Screen Saver
HASP4 Device Drivers
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Pinnacle Hollywood FX for Studio
HP Image Zone 4.7
HP Extended Capabilities 4.7
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Internet Explorer 8
iPod for Windows 2006-03-23
SmartSound Quicktracks Plugin
DesignPro 5.0 Limited Edition
iPod for Windows 2005-09-23
Chessmaster 10th Edition
Intel(R) 537EP V9x DF PCI Modem
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Security Update for Windows XP (KB893066)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Update for Windows XP (KB925720)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Hotfix for Windows XP (KB961118)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows Internet Explorer 7 (KB963027)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Security Update for Windows XP (KB968537)
Security Update for Windows Media Player (KB968816)
Security Update for Windows XP (KB969059)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Hotfix for Windows XP (KB970653-v3)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Update for Windows Internet Explorer 8 (KB971930)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows Media Player (KB973540)
Update for Windows XP (KB973815)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Kid Pix Studio Deluxe
Life of Christ
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Macromedia Shockwave Player
Magic Music Editor v5.3.12.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
My Way Search Assistant
NetStudio Easy Web Graphics
Microsoft National Language Support Downlevel APIs
Operation
Photo Finale
Picasa 3
PolderbitS Sound Recorder and Editor
proDAD Heroglyph 1.0
Intel(R) PRO Network Adapters and Drivers
Radiotracker 3.0.1.37
RealPlayer
rwss Screen Saver
screensaver
skiStunt
SSH2Deluxe  Screen Saver
Learn2 Player (Uninstall Only)
Tax Forms Assistant
Tax Forms Helper 2004 6.5
Tax Forms Helper 2006 7.5
Tax Forms Helper 2008 8.5
The Game Of Life
TI-84 Plus Dreams Screen Saver
TurboTax 2008
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Type To Learn
V CAST Music with Rhapsody
VeggieTalesJonah
Viewpoint Media Player
Where in the USA is Carmen Sandiego?
Where in the USA is Carmen Sandiego?
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
WinPcap 3.1 beta4
World Book Illustrated Atlas
Yahoo! Toolbar
Zoombinis Logical Journey(TM)
Microsoft Office 2000 SR-1 Small Business
Microsoft Office 2000 SR-1 Disc 2
Macromedia Flash Player
Sonic RecordNow Data
Apple Application Support
Scan
Microsoft Plus! Photo Story 2 LE
MyLearnExpress
Sonic DLA
SA23xx Device Manager
ScannerCopy
HP Product Assistant
Intel(R) PROSet for Wired Connections
Fax
MSXML 6 Service Pack 2 (KB954459)
InstantShare
Copy
Click to Meet Conference Client
iPod for Windows 2006-03-23
TrayApp
Sonic MyDVD LE
Maestro ActivityMaker
Java(TM) 6 Update 13
cp_dwShrek2Albums1
TurboTax 2008 WinPerUserEducation
TurboTax ItsDeductible 2005
Unload
Sonic Update Manager
Java(TM) 6 Update 7
Windows Media Player 10
HP PSC & OfficeJet 4.7
WebFldrs XP
NetZeroInstallers
Internet Explorer Default Page
TurningPoint 2008
MSXML 4.0 SP2 (KB927978)
CueTour
MyLearnExpress
ProductContext
LEGO® MINDSTORMS® NXT - English Language Pack
Modem On Hold
ChessBase 9
Google Earth
Jasc Paint Shop Photo Album 5
LEGO® MINDSTORMS® NXT Software v1.0
Readme
Math
2600
SmartSound Quicktracks Plugin
Sonic CinePlayer MP3 Creation Pack
Safari
Dell Driver Reset Tool
PanoStandAlone
AOLIcon
CreativeProjects
PhotoGallery
HP Software Update
AiO_Scan
PowerDVD 5.5
Destinations
Apple Software Update
Photo Click
Microsoft Plus! Digital Media Edition Installer
2600Trb
BufferChm
cp_dwShrek2Cards1
EarthLink setup files
TurboTax 2008 WinPerFedFormset
Jasc Paint Shop Pro Studio, Dell Editon
My Way Search Assistant
Modem Event Monitor
Get High Speed Internet!
HPSystemDiagnostics
Harry Potter II
AnswerWorks 4.0 Runtime - English
DellSupport
Modem Helper
e-Sword
DING!
SkinsHP1
Fall of Jericho
AiOSoftware
MSXML 4.0 SP2 (KB954430)
Ten Thumbs 4.3.1
QFolder
TurboTax 2008 WinPerReleaseEngine
Intel(R) Extreme Graphics 2 Driver
DocProc
Auslogics Registry Cleaner
Musicmatch® Jukebox
Compatibility Pack for the 2007 Office system
Microsoft FrontPage 2002
Microsoft PowerPoint 2002
e-Sword
DesignPro 5.0 Limited Edition
QuickProjects
Rio Music Manager
Studio 9
PrintScreen
Microsoft .NET Framework 3.0 Service Pack 2
QuickTime
CP_AtenaShokunin1Config
Apple Mobile Device Support
Sonic RecordNow Audio
Dell Media Experience
Adobe Reader 7.0
Garfield Desktop Comic
Dell Picture Studio v3.0
WordPerfect Office 12
TurboTax 2008 wohiper
TurboTax ItsDeductible 2006
Sonic RecordNow Copy
TurboTax 2008 wrapper
TurboTax 2008 WinPerTaxSupport
SONICblue Real Service Providers
Studio 9 Content CD/DVD
Director
MarketResearch
e-Sword Bible Screen Saver
Harry Potter - Quidditch World Cup
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 2.0 Service Pack 2
2600_Help
Microsoft .NET Framework 1.1
WebReg
DocumentViewer
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
The Incredibles: Rise of The Underminer
iPod for Windows 2005-09-23
LiveUpdate Notice (Symantec Corporation)
AnswerWorks 5.0 English Runtime
TWC User Controls
Ad-Aware
Auslogics Disk Defrag
LEGO® MINDSTORMS® NXT Driver
Google SketchUp Viewer
The Incredibles - When Danger Calls
TurboTax 2008 WinPerProgramHelp
Chessmaster 10th Edition
WexTech AnswerWorks
iTunes
Maestro ActivityMaker
Quicken 2009
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Social Studies and Science
Garmin Communicator Plugin
CreativeProjectsTemplates

======== Other Info ========

TOTAL PHYSICAL RAM: 535 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


OS Type:  Microsoft Windows XP Home Edition
Build:  5.1.2600
Service Pack:  2.0


====== Files with Hidden Attributes======

C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\NTUSER.DAT

==End of Report==

 

  • Post Points: 20
Joined on 01/16/2006
Posts: 10,323
Points 15,967

Re: Bamajim

28 Oct 2009 08:13AM

rspangl

We made some progress, good work.

Are you able to run Hijackthis yet? If so then post the Hijackthis log.

If not, then proceed on to this step

Using Windows explorer, see if you find c:\windows\ntbtlog.txt - If it exists, delete the file.
  • Click Start then Run and type in msconfig in the edit box and hit Enter or click Ok
  • Click on the boot.ini tab and check the box that says /BOOTLOG
  • Click Apply & Ok and reboot the PC (may take a bit longer to boot)
  • Using Windows Explorer, locate c:\windows\ntbtlog.txt and post the content of the file.

Consumer Security 2008- 2009

 

  • Post Points: 20
Joined on 10/24/2009
Posts: 17
Points 295

Re: Bamajim

28 Oct 2009 03:36PM

Thanks for your continued support.  Much appreciated.  I'm still not able to run hijack this, even after trying to reinstall it.  Following is the log you requested.  My own experimentation with combofix (mentioned at the top of the thread) from a few days ago resulted in the following messages when I boot up and go to my login:

"error loading c:\....ntuser.dll"
"error loading pekuveme.dll"
"error loading C:\windows\system32\calc.dll

I'm assuming these will be taken care of, in time.  But, I didn't want to withhold that information in case it's important for you to know now.  Here's the ntbtlog.txt:

Service Pack 210 28 2009 15:34:05.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver Lbd.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\IntelC53.sys
Loaded driver \SystemRoot\system32\DRIVERS\IntelC51.sys
Loaded driver \SystemRoot\system32\DRIVERS\IntelC52.sys
Loaded driver \SystemRoot\system32\DRIVERS\mohfilt.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\drivers\ASAPIW2k.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\drivers\smwdm.sys
Loaded driver \SystemRoot\system32\drivers\senfilt.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\MarvinBus.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Did not load driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\pclepci.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbscan.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys
Loaded driver \SystemRoot\system32\DRIVERS\HPZius12.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\system32\DRIVERS\HPZid412.sys
Loaded driver \SystemRoot\system32\DRIVERS\HPZipr12.sys
Loaded driver \SystemRoot\system32\drivers\drvnddm.sys
Loaded driver \SystemRoot\system32\dla\tfsndres.sys
Loaded driver \SystemRoot\system32\dla\tfsnifs.sys
Loaded driver \SystemRoot\system32\dla\tfsnopio.sys
Loaded driver \SystemRoot\system32\dla\tfsnpool.sys
Loaded driver \SystemRoot\system32\dla\tfsnboio.sys
Loaded driver \SystemRoot\system32\dla\tfsncofs.sys
Loaded driver \SystemRoot\system32\dla\tfsndrct.sys
Loaded driver \SystemRoot\system32\dla\tfsnudf.sys
Loaded driver \SystemRoot\system32\dla\tfsnudfa.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \??\C:\WINDOWS\system32\drivers\Haspnt.sys
Loaded driver \SystemRoot\system32\DRIVERS\dsunidrv.sys
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \??\C:\WINDOWS\system32\drivers\hardlock.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\Drivers\MCSTRM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\secdrv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

 

 

 

  • Post Points: 20
Joined on 01/16/2006
Posts: 10,323
Points 15,967

Re: Bamajim

28 Oct 2009 04:36PM

rspangl

We are going to make another Reg fix

Open Notepad (Not Wordpad)
Select Edit and uncheck Wordwrap
Copy and paste the following into Notepad
(Making sure there is no space between the top of the window and the first line)


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"calc"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fajatezigu"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yjafosi8kdf98winmdkmnkmfnwe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"calc"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa9fc5c9-e865-4cfc-a8f5-a5630712beb4}]

After you copy and paste it your cursor should be at the end of the first line
Hit Enter so your cursor is under the last line
    Click File->>Save as->>type in Repair.reg->>
    Under "Save as type" Select "All Files"->> save it to your Desktop
    Close Notepad

The Repair.reg file should now appear on your Desktop (If it saved properly it will look like a stack of small blue blocks)

Rt Click and Select merge->>If prompted to Merge this Select Yes (it will appear that nothing has happened but that's o.k.)

Reboot your PC ->> Rerun Filelister and post a fresh Filelister log

Consumer Security 2008- 2009

 

  • Post Points: 20
Joined on 10/24/2009
Posts: 17
Points 295

Re: Bamajim

28 Oct 2009 09:19PM

Following is latest log after completing above steps.  Thanks!

 


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.1.1                                 +
+                                                                    +
+  By bamajim / SpywareHammer.com                 +
+++++++++++++++++++++++++++++++++

Report ran on --->>>  10/28/2009 10:11:41 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\WScript.exe

====== BHO's ======

BHO: (NO NAME) - {fa9fc5c9-e865-4cfc-a8f5-a5630712beb4} - jejobadi.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[SoundMAXPnP] = C:\Program Files\Analog Devices\Core\smax4pnp.exe
[igfxtray] = C:\WINDOWS\system32\igfxtray.exe
[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe
[igfxpers] = C:\WINDOWS\system32\igfxpers.exe
[Symantec PIF AlertEng] = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
[Carbonite Backup] = C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
[HP Software Update] = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[Malwarebytes Anti-Malware (reboot)] = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[fajatezigu] = Rundll32.exe "pekuveme.dll",s

====== HKCU\~\Run Keys ======

[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe
[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /background

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{060BB8A1-0C5C-4268-AD01-D11DA72521E4}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{54E93F58-1792-4CE4-B852-78DBBC07F4EA}\  NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{A0ABD979-8675-4E99-ABD0-B38F90117134}\  NameServer=


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

10/24/2009 4:23:31 PM    16572635    C:\ComboFix
10/24/2009 4:23:31 PM    8861    C:\ComboFix\N_
10/24/2009 4:18:57 PM    6176546    C:\Qoobox
10/24/2009 4:25:14 PM    14439    C:\Qoobox\BackEnv
10/24/2009 4:25:14 PM    124    C:\Qoobox\LastRun
10/24/2009 4:18:57 PM    6161983    C:\Qoobox\Quarantine
10/24/2009 4:26:48 PM    6147449    C:\Qoobox\Quarantine\C
10/24/2009 4:41:23 PM    1598436    C:\Qoobox\Quarantine\C\Documents and Settings
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users
10/24/2009 4:41:23 PM    1102419    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data
10/24/2009 4:41:23 PM    1051682    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\22002915
10/24/2009 4:41:24 PM    49459    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly
10/24/2009 4:41:24 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Desktop
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu
10/24/2009 4:41:25 PM    25057    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs
10/24/2009 4:41:25 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Kelly\Start Menu\Programs\Startup
10/24/2009 4:41:26 PM    290371    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey
10/24/2009 4:41:26 PM    28681    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Application Data
10/24/2009 4:41:26 PM    68232    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Cookies
10/24/2009 4:41:27 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Desktop
10/24/2009 4:41:28 PM    143995    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings
10/24/2009 4:41:28 PM    55434    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Application Data
10/24/2009 4:41:28 PM    88561    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Local Settings\Temporary Internet Files
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu
10/24/2009 4:41:30 PM    25061    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs
10/24/2009 4:41:30 PM    24205    C:\Qoobox\Quarantine\C\Documents and Settings\Lindsey\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    47753    C:\Qoobox\Quarantine\C\Documents and Settings\Patty
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs
10/24/2009 4:41:31 PM    24201    C:\Qoobox\Quarantine\C\Documents and Settings\Patty\Start Menu\Programs\Startup
10/24/2009 4:41:31 PM    108434    C:\Qoobox\Quarantine\C\Documents and Settings\Ron
10/24/2009 4:41:31 PM    850    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Desktop
10/24/2009 4:41:32 PM    58979    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\My Documents
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu
10/24/2009 4:41:32 PM    25053    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs
10/24/2009 4:41:32 PM    24197    C:\Qoobox\Quarantine\C\Documents and Settings\Ron\Start Menu\Programs\Startup
10/24/2009 4:41:33 PM    1084310    C:\Qoobox\Quarantine\C\Program Files
10/24/2009 4:41:33 PM    34446    C:\Qoobox\Quarantine\C\Program Files\Common Files
10/24/2009 4:41:33 PM    257280    C:\Qoobox\Quarantine\C\Program Files\qpmynv
10/24/2009 4:41:33 PM    397325    C:\Qoobox\Quarantine\C\Program Files\Shared
10/24/2009 4:41:34 PM    395259    C:\Qoobox\Quarantine\C\Program Files\WinPcap
10/24/2009 4:41:36 PM    3464703    C:\Qoobox\Quarantine\C\WINDOWS
10/24/2009 4:41:37 PM    3224576    C:\Qoobox\Quarantine\C\WINDOWS\system32
10/24/2009 4:41:38 PM    32000    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
10/24/2009 4:18:57 PM    14534    C:\Qoobox\Quarantine\Registry_backups
10/24/2009 4:25:14 PM    0    C:\Qoobox\Test
10/24/2009 4:25:14 PM    0    C:\Qoobox\TestC
10/25/2009 12:08:38 PM    4286    32    C:\Files.txt
10/13/2009 7:43:20 AM    534827008    38    C:\hiberfil.sys
10/20/2009 8:18:00 PM    1044771    C:\WINDOWS\$NtUninstallKB954155_WM9$
10/20/2009 8:18:00 PM    630827    C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst
9/8/2009 10:13:58 PM    785101    C:\WINDOWS\$NtUninstallKB956844$
9/8/2009 10:13:58 PM    632013    C:\WINDOWS\$NtUninstallKB956844$\spuninst
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$
10/20/2009 8:19:11 PM    630612    C:\WINDOWS\$NtUninstallKB958869$\spuninst
10/4/2009 12:33:30 AM    2128325    C:\WINDOWS\$NtUninstallKB968389$
10/4/2009 12:33:30 AM    637509    C:\WINDOWS\$NtUninstallKB968389$\spuninst
9/8/2009 10:13:50 PM    3007559    C:\WINDOWS\$NtUninstallKB968816_WM9$
9/8/2009 10:13:50 PM    630799    C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst
10/20/2009 8:02:15 PM    2067399    C:\WINDOWS\$NtUninstallKB969059$
10/20/2009 8:02:16 PM    631751    C:\WINDOWS\$NtUninstallKB969059$\spuninst
10/20/2009 7:56:03 PM    9025068    C:\WINDOWS\$NtUninstallKB971486$
10/20/2009 7:56:03 PM    635052    C:\WINDOWS\$NtUninstallKB971486$\spuninst
10/20/2009 7:53:40 PM    769057    C:\WINDOWS\$NtUninstallKB973525$
10/20/2009 7:53:40 PM    629793    C:\WINDOWS\$NtUninstallKB973525$\spuninst
10/20/2009 8:01:54 PM    879066    C:\WINDOWS\$NtUninstallKB974112$
10/20/2009 8:01:55 PM    631740    C:\WINDOWS\$NtUninstallKB974112$\spuninst
10/20/2009 8:00:49 PM    688904    C:\WINDOWS\$NtUninstallKB974571$
10/20/2009 8:00:49 PM    631560    C:\WINDOWS\$NtUninstallKB974571$\spuninst
10/20/2009 8:01:30 PM    926204    C:\WINDOWS\$NtUninstallKB975025$
10/20/2009 8:01:30 PM    631292    C:\WINDOWS\$NtUninstallKB975025$\spuninst
10/20/2009 7:51:06 PM    765286    C:\WINDOWS\$NtUninstallKB975467$
10/20/2009 7:51:06 PM    631654    C:\WINDOWS\$NtUninstallKB975467$\spuninst
10/24/2009 4:25:14 PM    61541938    C:\WINDOWS\ERDNT
10/24/2009 4:25:14 PM    61541698    C:\WINDOWS\ERDNT\Hiv-backup
10/24/2009 4:25:46 PM    6643712    C:\WINDOWS\ERDNT\Hiv-backup\Users
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
10/24/2009 4:25:46 PM    237568    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
10/24/2009 4:25:46 PM    8192    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
10/24/2009 4:25:46 PM    5812224    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
10/24/2009 4:25:46 PM    339968    C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
10/24/2009 4:25:26 PM    80412    32    C:\WINDOWS\grep.exe
9/12/2009 3:31:17 PM    68940    32    C:\WINDOWS\hpoins05.dat
9/12/2009 3:31:17 PM    19696    0    C:\WINDOWS\hpomdl05.dat
10/20/2009 8:17:57 PM    8738    32    C:\WINDOWS\KB954155.log
9/8/2009 10:13:57 PM    7786    32    C:\WINDOWS\KB956844.log
10/20/2009 8:18:29 PM    6817    32    C:\WINDOWS\KB958869.log
9/13/2009 1:33:33 AM    19736    32    C:\WINDOWS\KB968389.log
9/8/2009 10:13:50 PM    6805    32    C:\WINDOWS\KB968816.log
10/16/2009 10:21:57 AM    13964    32    C:\WINDOWS\KB969059.log
10/20/2009 7:54:41 PM    10097    32    C:\WINDOWS\KB971486.log
9/8/2009 10:12:14 PM    7756    32    C:\WINDOWS\KB971961-IE8.log
10/20/2009 7:52:18 PM    6936    32    C:\WINDOWS\KB973525.log
10/16/2009 10:22:02 AM    14107    32    C:\WINDOWS\KB974112.log
10/21/2009 6:27:29 PM    13424    32    C:\WINDOWS\KB974455-IE8.log
10/16/2009 10:21:43 AM    14518    32    C:\WINDOWS\KB974571.log
10/16/2009 10:21:52 AM    14070    32    C:\WINDOWS\KB975025.log
10/16/2009 10:21:04 AM    16245    32    C:\WINDOWS\KB975467.log
10/24/2009 4:25:26 PM    31232    32    C:\WINDOWS\NIRCMD.exe
10/28/2009 3:34:34 PM    31840    32    C:\WINDOWS\ntbtlog.txt
10/24/2009 4:25:26 PM    236544    32    C:\WINDOWS\PEV.exe
10/24/2009 4:25:26 PM    98816    32    C:\WINDOWS\sed.exe
10/24/2009 4:25:26 PM    161792    32    C:\WINDOWS\SWREG.exe
10/24/2009 4:25:26 PM    136704    32    C:\WINDOWS\SWSC.exe
10/24/2009 4:25:26 PM    212480    32    C:\WINDOWS\SWXCACLS.exe
10/24/2009 4:25:26 PM    68096    32    C:\WINDOWS\zip.exe
9/12/2009 3:30:58 PM    581632    32    C:\WINDOWS\system32\hpotscl.dll
9/12/2009 3:30:58 PM    229376    32    C:\WINDOWS\system32\hpovst08.dll
9/12/2009 3:30:37 PM    196608    32    C:\WINDOWS\system32\hpzcoi12.dll
9/12/2009 3:30:38 PM    393216    32    C:\WINDOWS\system32\hpzcon12.dll
9/12/2009 3:30:39 PM    139345    32    C:\WINDOWS\system32\hpzlnt12.dll
9/24/2009 3:15:33 PM    0    32    C:\WINDOWS\system32\ISHARE
9/5/2009 1:54:48 AM    69632    32    C:\WINDOWS\system32\QuickTime.qts
9/5/2009 1:54:48 AM    94208    32    C:\WINDOWS\system32\QuickTimeVR.qtx

====== Files under "\Administrator\Startup" Last 60 Days======


====== Files under "\All Users\Startup" Last 60 Days======

9/12/2009 3:41:24 PM    1808    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
9/12/2009 3:47:15 PM    798    32    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

====== Files and Folders under "\Program Files" Last 60 Days======

10/8/2009 10:19:29 PM    14932253    C:\Program Files\Auslogics
9/12/2009 3:40:32 PM    4141261    C:\Program Files\Hewlett-Packard
9/13/2009 1:56:30 AM    112137144    C:\Program Files\iTunes

====== Files under "\System32\Drivers" Last 60 Days======


====== Files Deleted under "%Temp%" ======


23 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging
9/12/2009 3:48:10 PM    2865    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\Data
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891
9/13/2009 1:29:34 AM    0    C:\Documents and Settings\All Users\Application Data\HP\Digital Imaging\hp photosmart 2600 series\1252784891\Data
9/13/2009 1:56:30 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
9/13/2009 1:58:46 AM    541387    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86
9/13/2009 1:58:46 AM    133968    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader
HKLM\Software\microsoft\shared tools\msconfig\startupreg\CUCore Agent
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKLM\Software\microsoft\shared tools\msconfig\startupreg\dla
HKLM\Software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKLM\Software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKLM\Software\microsoft\shared tools\msconfig\startupreg\IntelMeM
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKLM\Software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKLM\Software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKLM\Software\microsoft\shared tools\msconfig\startupreg\mmtask
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MMTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKLM\Software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash
HKLM\Software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKLM\Software\microsoft\shared tools\msconfig\startupreg\RealTray
HKLM\Software\microsoft\shared tools\msconfig\startupreg\Replay Center
HKLM\Software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKLM\Software\microsoft\shared tools\msconfig\startupreg\swg
HKLM\Software\microsoft\shared tools\msconfig\startupreg\TkBellExe

====== Services ( Services that are Whitelisted are not shown) ======

61883 (61883 Unit Device)- C:\WINDOWS\system32\DRIVERS\61883.sys - Manual/Stopped
Abiosdsk (Abiosdsk)-  - Disabled/Stopped
abp480n5 (abp480n5)- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS - Disabled/Stopped
ACPI (Microsoft ACPI Driver)- C:\WINDOWS\system32\DRIVERS\ACPI.sys - Boot/Running
ACPIEC (ACPIEC)- C:\WINDOWS\system32\drivers\ACPIEC.sys - Disabled/Stopped
adpu160m (adpu160m)- C:\WINDOWS\system32\DRIVERS\adpu160m.sys - Disabled/Stopped
aec (Microsoft Kernel Acoustic Echo Canceller)- C:\WINDOWS\system32\drivers\aec.sys - Manual/Stopped
AFD (AFD)- C:\WINDOWS\system32\drivers\afd.sys - System/Running
agp440 (Intel AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\agp440.sys - Disabled/Stopped
agpCPQ (Compaq AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys - Disabled/Stopped
Aha154x (Aha154x)- C:\WINDOWS\system32\DRIVERS\aha154x.sys - Disabled/Stopped
aic78u2 (aic78u2)- C:\WINDOWS\system32\DRIVERS\aic78u2.sys - Disabled/Stopped
aic78xx (aic78xx)- C:\WINDOWS\system32\DRIVERS\aic78xx.sys - Disabled/Stopped
AliIde (AliIde)- C:\WINDOWS\system32\DRIVERS\aliide.sys - Disabled/Stopped
alim1541 (ALI AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\alim1541.sys - Disabled/Stopped
amdagp (AMD AGP Bus Filter Driver)- C:\WINDOWS\system32\DRIVERS\amdagp.sys - Disabled/Stopped
amsint (amsint)- C:\WINDOWS\system32\DRIVERS\amsint.sys - Disabled/Stopped
Arp1394 (1394 ARP Client Protocol)- C:\WINDOWS\system32\DRIVERS\arp1394.sys - Manual/Running
ASAPIW2k (ASAPIW2K)- C:\WINDOWS\system32\drivers\ASAPIW2k.sys - Manual/Running
asc (asc)- C:\WINDOWS\system32\DRIVERS\asc.sys - Disabled/Stopped
asc3350p (asc3350p)- C:\WINDOWS\system32\DRIVERS\asc3350p.sys - Disabled/Stopped
asc3550 (asc3550)- C:\WINDOWS\system32\DRIVERS\asc3550.sys - Disabled/Stopped
AsyncMac (RAS Asynchronous Media Driver)- C:\WINDOWS\system32\DRIVERS\asyncmac.sys - Manual/Stopped
atapi (Standard IDE/ESDI Hard Disk Controller)- C:\WINDOWS\system32\DRIVERS\atapi.sys - Boot/Running
Atdisk (Atdisk)-  - Disabled/Stopped
Atmarpc (ATM ARP Client Protocol)- C:\WINDOWS\system32\DRIVERS\atmarpc.sys - Manual/Stopped
audstub (Audio Stub Driver)- C:\WINDOWS\system32\DRIVERS\audstub.sys - Manual/Running
Avc (AVC Device)- C:\WINDOWS\system32\DRIVERS\avc.sys - Manual/Stopped
Beep (Beep)-  - System/Stopped
bvrp_pci (bvrp_pci)-  - Manual/Stopped
catchme (catchme)- \??\C:\DOCUME~1\Ron\LOCALS~1\Temp\catchme.sys - Manual/Stopped
cbidf (cbidf)- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys - Disabled/Stopped
cbidf2k (cbidf2k)- C:\WINDOWS\system32\drivers\cbidf2k.sys - Disabled/Stopped
CCDECODE (Closed Caption Decoder)- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys - Manual/Stopped
cd20xrnt (cd20xrnt)- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys - Disabled/Stopped
Cdaudio (Cdaudio)- C:\WINDOWS\system32\drivers\Cdaudio.sys - System/Stopped
Cdfs (Cdfs)- C:\WINDOWS\system32\drivers\Cdfs.sys - Disabled/Running
Cdrom (CD-ROM Driver)- C:\WINDOWS\system32\DRIVERS\cdrom.sys - System/Running
Changer (Changer)-  - System/Stopped
CmdIde (CmdIde)- C:\WINDOWS\system32\DRIVERS\cmdide.sys - Disabled/Stopped
Cpqarray (Cpqarray)- C:\WINDOWS\system32\DRIVERS\cpqarray.sys - Disabled/Stopped
dac2w2k (dac2w2k)- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys - Disabled/Stopped
dac960nt (dac960nt)- C:\WINDOWS\system32\DRIVERS\dac960nt.sys - Disabled/Stopped
Disk (Disk Driver)- C:\WINDOWS\system32\DRIVERS\disk.sys - Boot/Running
dmboot (dmboot)- C:\WINDOWS\system32\drivers\dmboot.sys - Disabled/Stopped
dmio (dmio)- C:\WINDOWS\system32\drivers\dmio.sys - Disabled/Stopped
dmload (dmload)- C:\WINDOWS\system32\drivers\dmload.sys - Disabled/Stopped
DMusic (Microsoft Kernel DLS Syntheiszer)- C:\WINDOWS\system32\drivers\DMusic.sys - Manual/Stopped
dpti2o (dpti2o)- C:\WINDOWS\system32\DRIVERS\dpti2o.sys - Disabled/Stopped
drmkaud (Microsoft Kernel DRM Audio Descrambler)- C:\WINDOWS\system32\drivers\drmkaud.sys - Manual/Stopped
drvmcdb (drvmcdb)- C:\WINDOWS\system32\drivers\drvmcdb.sys - Boot/Running
drvnddm (drvnddm)- C:\WINDOWS\system32\drivers\drvnddm.sys - Auto/Running
DSproct (DSproct)- \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys - Manual/Stopped
dsunidrv (DellSupport UniDriver)- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys - Auto/Running
E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
FANTOM (LEGO MINDSTORMS NXT Driver)- C:\WINDOWS\system32\DRIVERS\fantom.sys - Manual/Stopped
Fastfat (Fastfat)- C:\WINDOWS\system32\drivers\Fastfat.sys - Disabled/Running
Fdc (Floppy Disk Controller Driver)- C:\WINDOWS\system32\DRIVERS\fdc.sys - Manual/Running
Fips (Fips)- C:\WINDOWS\system32\drivers\Fips.sys - System/Running
Flpydisk (Floppy Disk Driver)- C:\WINDOWS\system32\DRIVERS\flpydisk.sys - Manual/Running
FltMgr (FltMgr)- C:\WINDOWS\system32\DRIVERS\fltMgr.sys - Boot/Running
FTD2XX (FTD2XX.SYS FT8U2XX device driver)- C:\WINDOWS\system32\Drivers\FTD2XX.sys - Manual/Stopped
Ftdisk (Volume Manager Driver)- C:\WINDOWS\system32\DRIVERS\ftdisk.sys - Boot/Running
GEARAspiWDM (GEAR ASPI Filter Driver)- C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys - Manual/Running
Gpc (Generic Packet Classifier)- C:\WINDOWS\system32\DRIVERS\msgpc.sys - Manual/Running
grmnusb (grmnusb)- C:\WINDOWS\system32\drivers\grmnusb.sys - Manual/Stopped
Hardlock (Hardlock)- \??\C:\WINDOWS\system32\drivers\hardlock.sys - Auto/Running
Haspnt (Haspnt)- \??\C:\WINDOWS\system32\drivers\Haspnt.sys - Auto/Running
HidUsb (Microsoft HID Class Driver)- C:\WINDOWS\system32\DRIVERS\hidusb.sys - Manual/Running
hpn (hpn)- C:\WINDOWS\system32\DRIVERS\hpn.sys - Disabled/Stopped
HPZid412 (IEEE-1284.4 Driver HPZid412)- C:\WINDOWS\system32\DRIVERS\HPZid412.sys - Manual/Running
HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12)- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys - Manual/Running
HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12)- C:\WINDOWS\system32\DRIVERS\HPZius12.sys - Manual/Running
HTTP (HTTP)- C:\WINDOWS\system32\Drivers\HTTP.sys - Manual/Running
i2omgmt (i2omgmt)- C:\WINDOWS\system32\drivers\i2omgmt.sys - System/Running
i2omp (i2omp)- C:\WINDOWS\system32\DRIVERS\i2omp.sys - Disabled/Stopped
i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver)- C:\WINDOWS\system32\DRIVERS\i8042prt.sys - System/Running
ialm (ialm)- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys - Manual/Running
Imapi (CD-Burning Filter Driver)- C:\WINDOWS\system32\DRIVERS\imapi.sys - System/Running
ini910u (ini910u)- C:\WINDOWS\system32\DRIVERS\ini910u.sys - Disabled/Stopped
IntelC51 (IntelC51)- C:\WINDOWS\system32\DRIVERS\IntelC51.sys - Manual/Running
IntelC52 (IntelC52)- C:\WINDOWS\system32\DRIVERS\IntelC52.sys - Manual/Running
IntelC53 (IntelC53)- C:\WINDOWS\system32\DRIVERS\IntelC53.sys - Manual/Running
IntelIde (IntelIde)- C:\WINDOWS\system32\DRIVERS\intelide.sys - Boot/Running
intelppm (Intel Processor Driver)- C:\WINDOWS\system32\DRIVERS\intelppm.sys - System/Running
Ip6Fw (IPv6 Windows Firewall Driver)- C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys - Manual/Stopped
IpFilterDriver (IP Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys - Manual/Stopped
IpInIp (IP in IP Tunnel Driver)- C:\WINDOWS\system32\DRIVERS\ipinip.sys - Manual/Stopped
IpNat (IP Network Address Translator)- C:\WINDOWS\system32\DRIVERS\ipnat.sys - Manual/Running
IPSec (IPSEC driver)- C:\WINDOWS\system32\DRIVERS\ipsec.sys - System/Running
IRENUM (IR Enumerator Service)- C:\WINDOWS\system32\DRIVERS\irenum.sys - Manual/Stopped
isapnp (PnP ISA/EISA Bus Driver)- C:\WINDOWS\system32\DRIVERS\isapnp.sys - Boot/Running
Kbdclass (Keyboard Class Driver)- C:\WINDOWS\system32\DRIVERS\kbdclass.sys - System/Running
kmixer (Microsoft Kernel Wave Audio Mixer)- C:\WINDOWS\system32\drivers\kmixer.sys - Manual/Stopped
KSecDD (KSecDD)- C:\WINDOWS\system32\drivers\KSecDD.sys - Boot/Running
Lbd (Lbd)- C:\WINDOWS\system32\DRIVERS\Lbd.sys - Boot/Running
lbrtfdc (lbrtfdc)-  - System/Stopped
MarvinBus (Pinnacle Marvin Bus)- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys - Manual/Running
MCSTRM (MCSTRM)-  - Auto/Stopped
mnmdd (mnmdd)- C:\WINDOWS\system32\drivers\mnmdd.sys - System/Running
Modem (Modem)- C:\WINDOWS\system32\drivers\Modem.sys - Manual/Running
MODEMCSA (Unimodem Streaming Filter Device)- C:\WINDOWS\system32\drivers\MODEMCSA.sys - Manual/Running
mohfilt (mohfilt)- C:\WINDOWS\system32\DRIVERS\mohfilt.sys - Manual/Running
Mouclass (Mouse Class Driver)- C:\WINDOWS\system32\DRIVERS\mouclass.sys - System/Running
mouhid (Mouse HID Driver)- C:\WINDOWS\system32\DRIVERS\mouhid.sys - Manual/Running
MountMgr (MountMgr)- C:\WINDOWS\system32\drivers\MountMgr.sys - Boot/Running
mraid35x (mraid35x)- C:\WINDOWS\system32\DRIVERS\mraid35x.sys - Disabled/Stopped
MRxDAV (WebDav Client Redirector)- C:\WINDOWS\system32\DRIVERS\mrxdav.sys - Manual/Running
MRxSmb (MRXSMB)- C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - System/Running
MSDV (Microsoft DV Camera and VCR)- C:\WINDOWS\system32\DRIVERS\msdv.sys - Manual/Stopped
Msfs (Msfs)- C:\WINDOWS\system32\drivers\Msfs.sys - System/Running
MSKSSRV (Microsoft Streaming Service Proxy)- C:\WINDOWS\system32\drivers\MSKSSRV.sys - Manual/Stopped
MSPCLOCK (Microsoft Streaming Clock Proxy)- C:\WINDOWS\system32\drivers\MSPCLOCK.sys - Manual/Stopped
MSPQM (Microsoft Streaming Quality Manager Proxy)- C:\WINDOWS\system32\drivers\MSPQM.sys - Manual/Stopped
mssmbios (Microsoft System Management BIOS Driver)- C:\WINDOWS\system32\DRIVERS\mssmbios.sys - Manual/Running
MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter)- C:\WINDOWS\system32\drivers\MSTEE.sys - Manual/Stopped
Mup (Mup)- C:\WINDOWS\system32\drivers\Mup.sys - Boot/Running
NABTSFEC (NABTS/FEC VBI Codec)- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys - Manual/Stopped
NDIS (NDIS System Driver)- C:\WINDOWS\system32\drivers\NDIS.sys - Boot/Running
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
NdisTapi (Remote Access NDIS TAPI Driver)- C:\WINDOWS\system32\DRIVERS\ndistapi.sys - Manual/Running
Ndisuio (NDIS Usermode I/O Protocol)- C:\WINDOWS\system32\DRIVERS\ndisuio.sys - Manual/Running
NdisWan (Remote Access NDIS WAN Driver)- C:\WINDOWS\system32\DRIVERS\ndiswan.sys - Manual/Running
NDProxy (NDIS Proxy)- C:\WINDOWS\system32\drivers\NDProxy.sys - Manual/Running
NetBIOS (NetBIOS Interface)- C:\WINDOWS\system32\DRIVERS\netbios.sys - System/Running
NetBT (NetBios over Tcpip)- C:\WINDOWS\system32\DRIVERS\netbt.sys - System/Running
NIC1394 (1394 Net Driver)- C:\WINDOWS\system32\DRIVERS\nic1394.sys - Manual/Running
nm (Network Monitor Driver)- C:\WINDOWS\system32\DRIVERS\NMnt.sys - Manual/Stopped
Npfs (Npfs)- C:\WINDOWS\system32\drivers\Npfs.sys - System/Running
Ntfs (Ntfs)- C:\WINDOWS\system32\drivers\Ntfs.sys - Disabled/Running
Null (Null)- C:\WINDOWS\system32\drivers\Null.sys - System/Running
nv (nv)- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - Manual/Stopped
NwlnkFlt (IPX Traffic Filter Driver)- C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys - Manual/Stopped
NwlnkFwd (IPX Traffic Forwarder Driver)- C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys - Manual/Stopped
ohci1394 (OHCI Compliant IEEE 1394 Host Controller)- C:\WINDOWS\system32\DRIVERS\ohci1394.sys - Boot/Running
Parport (Parallel port driver)- C:\WINDOWS\system32\DRIVERS\parport.sys - Manual/Running
PartMgr (PartMgr)- C:\WINDOWS\system32\drivers\PartMgr.sys - Boot/Running
ParVdm (ParVdm)- C:\WINDOWS\system32\drivers\ParVdm.sys - Disabled/Stopped
PCI (PCI Bus Driver)- C:\WINDOWS\system32\DRIVERS\pci.sys - Boot/Running
PCIDump (PCIDump)-  - System/Stopped
PCIIde (PCIIde)- C:\WINDOWS\system32\DRIVERS\pciide.sys - Boot/Running
PCLEPCI (PCLEPCI)- \??\C:\WINDOWS\system32\drivers\pclepci.sys - System/Running
Pcmcia (Pcmcia)- C:\WINDOWS\system32\drivers\Pcmcia.sys - Disabled/Stopped
PDCOMP (PDCOMP)-  - Manual/Stopped
PDFRAME (PDFRAME)-  - Manual/Stopped
PDRELI (PDRELI)-  - Manual/Stopped
PDRFRAME (PDRFRAME)-  - Manual/Stopped
perc2 (perc2)- C:\WINDOWS\system32\DRIVERS\perc2.sys - Disabled/Stopped
perc2hib (perc2hib)- C:\WINDOWS\system32\DRIVERS\perc2hib.sys - Disabled/Stopped
PptpMiniport (WAN Miniport (PPTP))- C:\WINDOWS\system32\DRIVERS\raspptp.sys - Manual/Running
PSched (QoS Packet Scheduler)- C:\WINDOWS\system32\DRIVERS\psched.sys - Manual/Running
Ptilink (Direct Parallel Link Driver)- C:\WINDOWS\system32\DRIVERS\ptilink.sys - Manual/Running
PxHelp20 (PxHelp20)- C:\WINDOWS\system32\Drivers\PxHelp20.sys - Boot/Running
ql1080 (ql1080)- C:\WINDOWS\system32\DRIVERS\ql1080.sys - Disabled/Stopped
Ql10wnt (Ql10wnt)- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys - Disabled/Stopped
ql12160 (ql12160)- C:\WINDOWS\system32\DRIVERS\ql12160.sys - Disabled/Stopped
ql1240 (ql1240)- C:\WINDOWS\system32\DRIVERS\ql1240.sys - Disabled/Stopped
ql1280 (ql1280)- C:\WINDOWS\system32\DRIVERS\ql1280.sys - Disabled/Stopped
RasAcd (Remote Access Auto Connection Driver)- C:\WINDOWS\system32\DRIVERS\rasacd.sys - System/Running
Rasl2tp (WAN Miniport (L2TP))- C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - Manual/Running
RasPppoe (Remote Access PPPOE Driver)- C:\WINDOWS\system32\DRIVERS\raspppoe.sys - Manual/Running
Raspti (Direct Parallel)- C:\WINDOWS\system32\DRIVERS\raspti.sys - Manual/Running
Rdbss (Rdbss)- C:\WINDOWS\system32\DRIVERS\rdbss.sys - System/Running
RDPCDD (RDPCDD)- C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - System/Running
rdpdr (Terminal Server Device Redirector Driver)- C:\WINDOWS\system32\DRIVERS\rdpdr.sys - Manual/Stopped
RDPWD (RDPWD)- C:\WINDOWS\system32\drivers\RDPWD.sys - Manual/Stopped
redbook (Digital CD Audio Playback Filter Driver)- C:\WINDOWS\system32\DRIVERS\redbook.sys - System/Running
RioS50 (RioS50 driver)- C:\WINDOWS\system32\Drivers\RioS50.sys - Manual/Stopped
Secdrv (Secdrv)- C:\WINDOWS\system32\DRIVERS\secdrv.sys - Auto/Running
senfilt (senfilt)- C:\WINDOWS\system32\drivers\senfilt.sys - Manual/Running
serenum (Serenum Filter Driver)- C:\WINDOWS\system32\DRIVERS\serenum.sys - Manual/Running
Serial (Serial port driver)- C:\WINDOWS\system32\DRIVERS\serial.sys - System/Running
Sfloppy (Sfloppy)- C:\WINDOWS\system32\drivers\Sfloppy.sys - System/Stopped
Simbad (Simbad)-  - Disabled/Stopped
sisagp (SIS AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\sisagp.sys - Disabled/Stopped
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
smwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Running
Sparrow (Sparrow)- C:\WINDOWS\system32\DRIVERS\sparrow.sys - Disabled/Stopped
splitter (Microsoft Kernel Audio Splitter)- C:\WINDOWS\system32\drivers\splitter.sys - Manual/Stopped
sr (System Restore Filter Driver)- C:\WINDOWS\system32\DRIVERS\sr.sys - Disabled/Stopped
Srv (Srv)- C:\WINDOWS\system32\DRIVERS\srv.sys - Manual/Running
sscdbhk5 (sscdbhk5)- C:\WINDOWS\system32\drivers\sscdbhk5.sys - System/Running
ssrtln (ssrtln)- C:\WINDOWS\system32\drivers\ssrtln.sys - System/Running
streamip (BDA IPSink)- C:\WINDOWS\system32\DRIVERS\StreamIP.sys - Manual/Stopped
swenum (Software Bus Driver)- C:\WINDOWS\system32\DRIVERS\swenum.sys - Manual/Running
swmidi (Microsoft Kernel GS Wavetable Synthesizer)- C:\WINDOWS\system32\drivers\swmidi.sys - Manual/Stopped
symc810 (symc810)- C:\WINDOWS\system32\DRIVERS\symc810.sys - Disabled/Stopped
symc8xx (symc8xx)- C:\WINDOWS\system32\DRIVERS\symc8xx.sys - Disabled/Stopped
sym_hi (sym_hi)- C:\WINDOWS\system32\DRIVERS\sym_hi.sys - Disabled/Stopped
sym_u3 (sym_u3)- C:\WINDOWS\system32\DRIVERS\sym_u3.sys - Disabled/Stopped
sysaudio (Microsoft Kernel System Audio Device)- C:\WINDOWS\system32\drivers\sysaudio.sys - Manual/Running
Tcpip (TCP/IP Protocol Driver)- C:\WINDOWS\system32\DRIVERS\tcpip.sys - System/Running
TDPIPE (TDPIPE)- C:\WINDOWS\system32\drivers\TDPIPE.sys - Manual/Stopped
TDTCP (TDTCP)- C:\WINDOWS\system32\drivers\TDTCP.sys - Manual/Stopped
TermDD (Terminal Device Driver)- C:\WINDOWS\system32\DRIVERS\termdd.sys - System/Running
tfsnboio (tfsnboio)- C:\WINDOWS\system32\dla\tfsnboio.sys - Auto/Running
tfsncofs (tfsncofs)- C:\WINDOWS\system32\dla\tfsncofs.sys - Auto/Running
tfsndrct (tfsndrct)- C:\WINDOWS\system32\dla\tfsndrct.sys - Auto/Running
tfsndres (tfsndres)- C:\WINDOWS\system32\dla\tfsndres.sys - Auto/Running
tfsnifs (tfsnifs)- C:\WINDOWS\system32\dla\tfsnifs.sys - Auto/Running
tfsnopio (tfsnopio)- C:\WINDOWS\system32\dla\tfsnopio.sys - Auto/Running
tfsnpool (tfsnpool)- C:\WINDOWS\system32\dla\tfsnpool.sys - Auto/Running
tfsnudf (tfsnudf)- C:\WINDOWS\system32\dla\tfsnudf.sys - Auto/Running
tfsnudfa (tfsnudfa)- C:\WINDOWS\system32\dla\tfsnudfa.sys - Auto/Running
TosIde (TosIde)- C:\WINDOWS\system32\DRIVERS\toside.sys - Disabled/Stopped
Udfs (Udfs)- C:\WINDOWS\system32\drivers\Udfs.sys - Disabled/Stopped
ultra (ultra)- C:\WINDOWS\system32\DRIVERS\ultra.sys - Disabled/Stopped
Update (Microcode Update Driver)- C:\WINDOWS\system32\DRIVERS\update.sys - Manual/Running
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
usbccgp (Microsoft USB Generic Parent Driver)- C:\WINDOWS\system32\DRIVERS\usbccgp.sys - Manual/Running
usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver)- C:\WINDOWS\system32\DRIVERS\usbehci.sys - Manual/Running
usbhub (Microsoft USB Standard Hub Driver)- C:\WINDOWS\system32\DRIVERS\usbhub.sys - Manual/Running
usbprint (Microsoft USB PRINTER Class)- C:\WINDOWS\system32\DRIVERS\usbprint.sys - Manual/Running
usbscan (USB Scanner Driver)- C:\WINDOWS\system32\DRIVERS\usbscan.sys - Manual/Running
USBSTOR (USB Mass Storage Driver)- C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Manual/Running
usbuhci (Microsoft USB Universal Host Controller Miniport Driver)- C:\WINDOWS\system32\DRIVERS\usbuhci.sys - Manual/Running
VgaSave (VgaSave)- C:\WINDOWS\system32\drivers\vga.sys - System/Running
viaagp (VIA AGP Bus Filter)- C:\WINDOWS\system32\DRIVERS\viaagp.sys - Disabled/Stopped
ViaIde (ViaIde)- C:\WINDOWS\system32\DRIVERS\viaide.sys - Disabled/Stopped
VolSnap (VolSnap)- C:\WINDOWS\system32\drivers\VolSnap.sys - Boot/Running
Wanarp (Remote Access IP ARP Driver)- C:\WINDOWS\system32\DRIVERS\wanarp.sys - Manual/Running
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Stopped
WDICA (WDICA)-  - Manual/Stopped
wdmaud (Microsoft WINMM WDM Audio Compatibility Driver)- C:\WINDOWS\system32\drivers\wdmaud.sys - Manual/Running
WpdUsb (WpdUsb)- C:\WINDOWS\system32\Drivers\wpdusb.sys - Manual/Stopped
WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment)- C:\WINDOWS\system32\drivers\ws2ifsl.sys - Disabled/Stopped
WSTCODEC (World Standard Teletext Codec)- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS - Manual/Stopped

====== Uninstall List ======

OTOY
WebEx
Ad-Aware
Adobe Flash Player 10 ActiveX
Audacity 1.2.6
Audible Download Manager
Backyard Baseball 2003
Carbonite
chundate ScreenSaver
Focus MP3 Recorder Pro 3.4
FTDI FTD2XX USB Drivers
Game Maker 7.0
Garfield 25th Anniversary Screen Saver
HASP4 Device Drivers
HijackThis 2.0.2
Hollywood FX 5.5 Additional Effects
Pinnacle Hollywood FX for Studio
HP Image Zone 4.7
HP Extended Capabilities 4.7
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Windows Internet Explorer 8
iPod for Windows 2006-03-23
SmartSound Quicktracks Plugin
DesignPro 5.0 Limited Edition
iPod for Windows 2005-09-23
Chessmaster 10th Edition
Intel(R) 537EP V9x DF PCI Modem
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Security Update for Windows XP (KB893066)
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Update for Windows XP (KB925720)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player (KB954155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Hotfix for Windows XP (KB961118)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows Internet Explorer 7 (KB963027)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Security Update for Windows XP (KB968537)
Security Update for Windows Media Player (KB968816)
Security Update for Windows XP (KB969059)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Hotfix for Windows XP (KB970653-v3)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Update for Windows Internet Explorer 8 (KB971930)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows Media Player (KB973540)
Update for Windows XP (KB973815)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Kid Pix Studio Deluxe
Life of Christ
LiveUpdate 3.1 (Symantec Corporation)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Macromedia Shockwave Player
Magic Music Editor v5.3.12.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
My Way Search Assistant
NetStudio Easy Web Graphics
Microsoft National Language Support Downlevel APIs
Operation
Photo Finale
Picasa 3
PolderbitS Sound Recorder and Editor
proDAD Heroglyph 1.0
Intel(R) PRO Network Adapters and Drivers
Radiotracker 3.0.1.37
RealPlayer
rwss Screen Saver
screensaver
skiStunt
SSH2Deluxe  Screen Saver
Learn2 Player (Uninstall Only)
Tax Forms Assistant
Tax Forms Helper 2004 6.5
Tax Forms Helper 2006 7.5
Tax Forms Helper 2008 8.5
The Game Of Life
TI-84 Plus Dreams Screen Saver
TurboTax 2008
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Type To Learn
V CAST Music with Rhapsody
VeggieTalesJonah
Viewpoint Media Player
Where in the USA is Carmen Sandiego?
Where in the USA is Carmen Sandiego?
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
WinPcap 3.1 beta4
World Book Illustrated Atlas
Yahoo! Toolbar
Zoombinis Logical Journey(TM)
Microsoft Office 2000 SR-1 Small Business
Microsoft Office 2000 SR-1 Disc 2
Macromedia Flash Player
Sonic RecordNow Data
Apple Application Support
Scan
Microsoft Plus! Photo Story 2 LE
MyLearnExpress
Sonic DLA
SA23xx Device Manager
ScannerCopy
HP Product Assistant
Intel(R) PROSet for Wired Connections
Fax
MSXML 6 Service Pack 2 (KB954459)
InstantShare
Copy
Click to Meet Conference Client
iPod for Windows 2006-03-23
TrayApp
Sonic MyDVD LE
Maestro ActivityMaker
Java(TM) 6 Update 13
cp_dwShrek2Albums1
TurboTax 2008 WinPerUserEducation
TurboTax ItsDeductible 2005
Unload
Sonic Update Manager
Java(TM) 6 Update 7
Windows Media Player 10
HP PSC & OfficeJet 4.7
WebFldrs XP
NetZeroInstallers
Internet Explorer Default Page
TurningPoint 2008
MSXML 4.0 SP2 (KB927978)
CueTour
MyLearnExpress
ProductContext
LEGO® MINDSTORMS® NXT - English Language Pack
Modem On Hold
ChessBase 9
Google Earth
Jasc Paint Shop Photo Album 5
LEGO® MINDSTORMS® NXT Software v1.0
Readme
Math
2600
SmartSound Quicktracks Plugin
Sonic CinePlayer MP3 Creation Pack
Safari
Dell Driver Reset Tool
PanoStandAlone
AOLIcon
CreativeProjects
PhotoGallery
HP Software Update
AiO_Scan
PowerDVD 5.5
Destinations
Apple Software Update
Photo Click
Microsoft Plus! Digital Media Edition Installer
2600Trb
BufferChm
cp_dwShrek2Cards1
EarthLink setup files
TurboTax 2008 WinPerFedFormset
Jasc Paint Shop Pro Studio, Dell Editon
My Way Search Assistant
Modem Event Monitor
Get High Speed Internet!
HPSystemDiagnostics
Harry Potter II
AnswerWorks 4.0 Runtime - English
DellSupport
Modem Helper
e-Sword
DING!
SkinsHP1
Fall of Jericho
AiOSoftware
MSXML 4.0 SP2 (KB954430)
Ten Thumbs 4.3.1
QFolder
TurboTax 2008 WinPerReleaseEngine
Intel(R) Extreme Graphics 2 Driver
DocProc
Auslogics Registry Cleaner
Musicmatch® Jukebox
Compatibility Pack for the 2007 Office system
Microsoft FrontPage 2002
Microsoft PowerPoint 2002
e-Sword
DesignPro 5.0 Limited Edition
QuickProjects
Rio Music Manager
Studio 9
PrintScreen
Microsoft .NET Framework 3.0 Service Pack 2
QuickTime
CP_AtenaShokunin1Config
Apple Mobile Device Support
Sonic RecordNow Audio
Dell Media Experience
Adobe Reader 7.0
Garfield Desktop Comic
Dell Picture Studio v3.0
WordPerfect Office 12
TurboTax 2008 wohiper
TurboTax ItsDeductible 2006
Sonic RecordNow Copy
TurboTax 2008 wrapper
TurboTax 2008 WinPerTaxSupport
SONICblue Real Service Providers
Studio 9 Content CD/DVD
Director
MarketResearch
e-Sword Bible Screen Saver
Harry Potter - Quidditch World Cup
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 2.0 Service Pack 2
2600_Help
Microsoft .NET Framework 1.1
WebReg
DocumentViewer
Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
The Incredibles: Rise of The Underminer
iPod for Windows 2005-09-23
LiveUpdate Notice (Symantec Corporation)
AnswerWorks 5.0 English Runtime
TWC User Controls
Ad-Aware
Auslogics Disk Defrag
LEGO® MINDSTORMS® NXT Driver
Google SketchUp Viewer
The Incredibles - When Danger Calls
TurboTax 2008 WinPerProgramHelp
Chessmaster 10th Edition
WexTech AnswerWorks
iTunes
Maestro ActivityMaker
Quicken 2009
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Social Studies and Science
Garmin Communicator Plugin
CreativeProjectsTemplates

======== Other Info ========

TOTAL PHYSICAL RAM: 535 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog


OS Type:  Microsoft Windows XP Home Edition
Build:  5.1.2600
Service Pack:  2.0


====== Files with Hidden Attributes======

C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\NTUSER.DAT
C:\Documents and Settings\Administrator\IECompatCache\index.dat
C:\Documents and Settings\Administrator\IETldCache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081020090817\index.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009081720090824\index.dat
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012009082620090827\index.dat
C:\Documents and Settings\Administrator\PrivacIE\index.dat
C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Config\q.dat
C:\Documents and Settings\All Users\Application Data\Turning Technologies\TurningPoint\Common\appdata.dat
C:\Documents and Settings\Default User\NTUSER.DAT
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Kelly\NTUSER.DAT
C:\Documents and Settings\Kelly\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Kelly\Application Data\U3\temp\Launchpad Removal.exe
C:\Documents and Settings\Kelly\IECompatCache\index.dat
C:\Documents and Settings\Kelly\IETldCache\index.dat
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Kelly\Local Settings\History\History.IE5\MSHist012009081220090813\index.dat
C:\Documents and Settings\Kelly\Local Settings\History\History.IE5\MSHist012009092820091005\index.dat
C:\Documents and Settings\Kelly\Local Settings\History\History.IE5\MSHist012009100520091012\index.dat
C:\Documents and Settings\Kelly\Local Settings\History\History.IE5\MSHist012009101220091019\index.dat
C:\Documents and Settings\Kelly\Local Settings\History\History.IE5\MSHist012009102120091022\index.dat
C:\Documents and Settings\Kelly\Local Settings\History\History.IE5\MSHist012009102420091025\index.dat
C:\Documents and Settings\Kelly\PrivacIE\index.dat
C:\Documents and Settings\Lindsey\NTUSER.DAT
C:\Documents and Settings\Lindsey\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\Lindsey\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Lindsey\IECompatCache\index.dat
C:\Documents and Settings\Lindsey\IETldCache\index.dat
C:\Documents and Settings\Lindsey\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Lindsey\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
C:\Documents and Settings\Lindsey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Lindsey\Local Settings\History\History.IE5\MSHist012009092820091005\index.dat
C:\Documents and Settings\Lindsey\Local Settings\History\History.IE5\MSHist012009100520091012\index.dat
C:\Documents and Settings\Lindsey\Local Settings\History\History.IE5\MSHist012009101220091019\index.dat
C:\Documents and Settings\Lindsey\Local Settings\History\History.IE5\MSHist012009102020091021\index.dat
C:\Documents and Settings\Lindsey\Local Settings\History\History.IE5\MSHist012009102120091022\index.dat
C:\Documents and Settings\Lindsey\Local Settings\History\History.IE5\MSHist012009102220091023\index.dat
C:\Documents and Settings\Lindsey\Local Settings\History\History.IE5\MSHist012009102320091024\index.dat
C:\Documents and Settings\Lindsey\PrivacIE\index.dat
C:\Documents and Settings\LocalService\NTUSER.DAT
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\NetworkService\NTUSER.DAT
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Patty\NTUSER.DAT
C:\Documents and Settings\Patty\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Patty\IECompatCache\index.dat
C:\Documents and Settings\Patty\IETldCache\index.dat
C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Patty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Patty\Local Settings\History\History.IE5\MSHist012009100520091012\index.dat
C:\Documents and Settings\Patty\Local Settings\History\History.IE5\MSHist012009101220091019\index.dat
C:\Documents and Settings\Patty\Local Settings\History\History.IE5\MSHist012009101920091026\index.dat
C:\Documents and Settings\Patty\Local Settings\History\History.IE5\MSHist012009102720091028\index.dat
C:\Documents and Settings\Patty\PrivacIE\index.dat
C:\Documents and Settings\Ron\NTUSER.DAT
C:\Documents and Settings\Ron\Application Data\Microsoft\Internet Explorer\UserData\index.dat
C:\Documents and Settings\Ron\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Ron\IECompatCache\index.dat
C:\Documents and Settings\Ron\IETldCache\index.dat
C:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
C:\Documents and Settings\Ron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Ron\Local Settings\History\History.IE5\MSHist012009101220091019\index.dat
C:\Documents and Settings\Ron\Local Settings\History\History.IE5\MSHist012009101920091026\index.dat
C:\Documents and Settings\Ron\Local Settings\History\History.IE5\MSHist012009102720091028\index.dat
C:\Documents and Settings\Ron\My Documents\My Pictures\Church Pics\2003_08_18\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Church Pics\BibleBowl04\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Church Pics\Costume_Party_03\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Church Pics\Family_week_2003\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Calendar\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\dec_03\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Disney04\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Fair_2003\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\fall_03\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Florida_apr04\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Florida_nov_03\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Gables\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Grandma_98th\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Halloween\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\July04\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\July04\aug04\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\July04\card holder\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\July04\Prints\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Kelly's_Bday\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\Mar_04\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\prints\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\spring04\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Family Pics\tomato_plant\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Magi-fest pics\2003_08_17\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Magi-fest pics\Magifest2004\ZbThumbnail.info
C:\Documents and Settings\Ron\My Documents\My Pictures\Magi-fest pics\Magifest_2004\ZbThumbnail.info
C:\Documents and Settings\Ron\PrivacIE\index.dat
C:\i386\UsrClass.dat
C:\i386\oem10.inf
C:\i386\oem9.inf
C:\Program Files\Google\Picasa3\setup.exe

==End of Report==

  • Post Points: 20
Joined on 01/16/2006
Posts: 10,323
Points 15,967

Re: Bamajim

29 Oct 2009 10:02AM

Rerun Combofix and see if it will produce a log. If so Post the contents of the C:\ComboFix.txt into your next reply.

Consumer Security 2008- 2009

 

  • Post Points: 20
Joined on 10/24/2009
Posts: 17
Points 295

Re: Bamajim

29 Oct 2009 04:50PM

Here it is.  Thanks again for your continued help.

ComboFix 09-10-23.01 - Ron 10/29/2009 13:42.2.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.207 [GMT -4:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\i386\eventlog.dll

--------

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OULTRAF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_NPF
-------\Service_oUltraf


(((((((((((((((((((((((((   Files Created from 2009-09-28 to 2009-10-29  )))))))))))))))))))))))))))))))
.

2009-10-12 19:30 . 2009-10-12 19:30 -------- d-----w- c:\program files\Common Files\CSUninstall
2009-10-09 02:19 . 2009-10-09 22:10 -------- d-----w- c:\documents and settings\Ron\Application Data\Auslogics
2009-10-09 02:19 . 2009-10-09 21:14 -------- d-----w- c:\program files\Auslogics

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 20:04 . 2005-08-19 00:57 -------- d-----w- c:\program files\Google
2009-10-25 02:10 . 2009-03-08 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 19:47 . 2005-12-31 05:01 -------- d-----w- c:\program files\Crossword Weaver
2009-09-27 20:10 . 2005-06-13 22:18 -------- d-----w- c:\program files\Common Files\Corel
2009-09-27 20:10 . 2008-07-13 03:50 -------- d-----w- c:\program files\Corel
2009-09-27 20:10 . 2008-07-13 03:59 -------- d-----w- c:\documents and settings\Ron\Application Data\Corel
2009-09-27 20:06 . 2005-06-13 22:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 20:04 . 2005-11-15 02:55 -------- d-----w- c:\program files\Nancy Drew
2009-09-23 20:41 . 2005-11-12 03:46 -------- d-----w- c:\documents and settings\Patty\Application Data\Apple Computer
2009-09-20 20:04 . 2005-10-21 14:58 -------- d-----w- c:\documents and settings\Lindsey\Application Data\Apple Computer
2009-09-18 01:39 . 2005-11-01 02:54 -------- d-----w- c:\documents and settings\Kelly\Application Data\Apple Computer
2009-09-13 17:21 . 2009-02-03 01:37 115972 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-13 17:01 . 2005-10-19 00:38 -------- d-----w- c:\documents and settings\Ron\Application Data\Apple Computer
2009-09-13 05:58 . 2009-09-13 05:56 -------- d-----w- c:\program files\iTunes
2009-09-13 05:58 . 2009-09-13 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 05:57 . 2005-10-19 00:35 -------- d-----w- c:\program files\iPod
2009-09-13 05:57 . 2008-05-03 19:59 -------- d-----w- c:\program files\Common Files\Apple
2009-09-13 05:50 . 2005-10-19 00:37 -------- d-----w- c:\program files\QuickTime
2009-09-12 19:58 . 2009-09-12 19:31 68940 ----a-w- c:\windows\hpoins05.dat
2009-09-12 19:48 . 2009-09-12 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-12 19:46 . 2005-08-07 03:49 -------- d-----w- c:\program files\Common Files\HP
2009-09-12 19:41 . 2005-08-07 03:20 -------- d-----w- c:\program files\HP
2009-09-12 19:41 . 2009-09-12 19:40 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-11 14:33 . 2004-08-10 17:51 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-03-08 23:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-03-08 23:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 19:12 . 2009-09-08 19:12 -------- d-----w- c:\documents and settings\Lindsey\Application Data\Malwarebytes
2009-09-04 20:45 . 2004-08-10 17:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-06-04 01:08 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-12-26 03:41 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:16 . 2004-08-10 17:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 00:38 . 2009-08-26 00:38 11360 ----a-w- c:\program files\Common Files\lokenosude._sy
2009-08-17 13:30 . 2009-08-17 13:30 19370 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\uxicacybu.com
2009-08-17 13:30 . 2009-08-17 13:30 17531 ----a-w- c:\program files\Common Files\lepozigu.dll
2009-08-17 13:30 . 2009-08-17 13:30 17421 ----a-w- c:\windows\voqoxepad.pif
2009-08-17 13:30 . 2009-08-17 13:30 14567 ----a-w- c:\documents and settings\All Users\Application Data\dexa.scr
2009-08-17 13:30 . 2009-08-17 13:30 13318 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\muxon.dat
2009-08-17 13:30 . 2009-08-17 13:30 13146 ----a-w- c:\documents and settings\Lindsey\Application Data\wihazicefu.pif
2009-08-17 13:30 . 2009-08-17 13:30 19939 ----a-w- c:\program files\Common Files\kavunida.scr
2009-08-17 13:30 . 2009-08-17 13:30 18156 ----a-w- c:\documents and settings\Lindsey\Application Data\tarif.bin
2009-08-17 13:30 . 2009-08-17 13:30 12704 ----a-w- c:\program files\Common Files\ybejuwi._dl
2009-08-17 13:30 . 2009-08-17 13:30 12310 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\ydoxono.dll
2009-08-17 13:30 . 2009-08-17 13:30 10992 ----a-w- c:\program files\Common Files\vuhuwylo.com
2009-08-14 21:15 . 2005-08-10 19:27 149336 ----a-w- c:\documents and settings\Patty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 02:19 . 2005-06-16 03:26 149336 ----a-w- c:\documents and settings\Ron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 20:59 . 2005-08-07 21:58 149336 ----a-w- c:\documents and settings\Lindsey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 19:57 . 2005-08-07 15:37 149336 ----a-w- c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 23:24 . 2004-08-10 18:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-10 18:02 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-06-16 03:17 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-10 18:02 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-10 17:50 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-10 18:02 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-10 18:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-08-10 17:51 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-04 03:59 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-24 20:08 . 2008-07-13 03:59 88 --sh--r- c:\windows\system32\9497AC6F27.sys
2009-07-24 12:16 . 2009-07-24 12:16 54272 --sha-w- c:\windows\system32\jejobadi.dll
2009-07-24 20:08 . 2008-07-13 03:52 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-23 19:21 . 2009-07-23 19:21 39424 --sha-w- c:\windows\system32\pedisasa.dll
2009-07-23 19:21 . 2009-07-23 19:21 1051682 --sha-w- c:\windows\system32\toluboli.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa9fc5c9-e865-4cfc-a8f5-a5630712beb4}]
2009-07-24 12:16 54272 --sha-w- c:\windows\system32\jejobadi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 20:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-07 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\Kelly\Start Menu\Programs\Startup\
DesktopComic.exe [2006-4-13 1056291]
PowerReg Scheduler V3.exe [2006-6-13 225280]

c:\documents and settings\Lindsey\Start Menu\Programs\Startup\
DesktopComic.exe [2006-4-13 1056291]

c:\documents and settings\Ron\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\vssvc.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/8/2009 2:22 PM 64160]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [12/9/2008 1:37 PM 13088]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 1028432]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [9/28/2006 12:59 PM 34639]
S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [11/10/2005 8:47 PM 12661]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:22]

2009-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{5813F25E-005A-408D-9FE3-953A4E35C839}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\office
Trusted Zone: southwest.com\ding
Trusted Zone: southwest.com\www
Trusted Zone: turbotax.com
DPF: {6964E06D-0446-43AF-A657-E65920D2E4CC} - hxxp://rep.liebert.com/eforms/lqq/OrderForms/HeatRejection/SAFM-8540-29E/3h/distinct/HeatRejection.CAB
DPF: {CA71228B-EE60-4C95-99DB-C3B7EAF0D483} - hxxp://rep.liebert.com/eforms/lqq/OrderForms/LiebertDS/SAFM-8540-410E/2g/distinct/LiebertDS.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-fajatezigu - pekuveme.dll
SharedTaskScheduler-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - (no file)
SharedTaskScheduler-{15b36c96-25eb-4fb9-8c14-34a0b867569e} - c:\windows\system32\mofawulo.dll
SSODL-wuwijaren-{15b36c96-25eb-4fb9-8c14-34a0b867569e} - c:\windows\system32\mofawulo.dll
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe

 

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 17:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2768)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF7251.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\HPZipm12.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-29 17:28 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-29 21:28

Pre-Run: 9,002,860,544 bytes free
Post-Run: 9,295,077,376 bytes free

- - End Of File - - 25A5D19061C3CB476BE96102BAE77393

  • Post Points: 5
Joined on 10/24/2009
Posts: 17
Points 295

Re: Bamajim

29 Oct 2009 09:23PM

Just in case it makes any difference...I'm now able to start in Safe mode.  Didn't try to connect to the internet or scan anything in safe mode.

  • Post Points: 20
Joined on 01/16/2006
Posts: 10,323
Points 15,967

Re: Bamajim

30 Oct 2009 10:08AM

rspangl

You have a few odd files, a couple of which I would like to have a look at.

1. We need to make sure we can see hidden files and folders

To enable the viewing of Hidden and System files follow these steps:
    Right click on Start and select Explore.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Click Yes To confirm
    Press the Apply button and then the OK button.


2. Please go HERE

Put Your Name, and Dell HJT forum.

In the file to submit box, click Browse.

Using Windows Explorer locate the file

c:\documents and settings\Lindsey\Local Settings\Application Data\uxicacybu.com

Then Select Browse again in the next box and locate the file

c:\program files\Common Files\lokenosude._sy

In the comments tell them that I asked you to upload the file
Then Select Send File.

Then let me know when you have uploaded the files

Consumer Security 2008- 2009

 

  • Post Points: 20
Joined on 10/24/2009
Posts: 17
Points 295

Re: Bamajim

31 Oct 2009 03:45PM

Files uploaded.

Virus now blanks out my desktop.

I checked to be sure hidden files and folders check boxes are correct.  I'm wondering if everything was unhidden, as I don't believe I selected "apply to all folders".  If that affects scans done previously I can rerun to scans.  However, it appears I'll need to run the min safemode, as it's difficult to run from the normal desktop. 

Thanks for your help!

   

 

  • Post Points: 20
Joined on 01/16/2006
Posts: 10,323
Points 15,967

Re: Bamajim

02 Nov 2009 09:55AM

rspangl

I got those files. They check out, but I'm still suspicious, I am going to have some others look at them.

As to your question regarding Hidden files and Folders. Yes, it applies to all. But it will not affect the out come of the scans we run. And you can set it back to defualt when we are done.


1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
c:\windows\system32\jejobadi.dll
c:\windows\system32\pedisasa.dll
c:\windows\system32\toluboli.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa9fc5c9-e865-4cfc-a8f5-a5630712beb4}]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image
    You will be prompted to run Combofix again, Do so
    Following the same rules as indicated in my first post
    Then post the contents of the C:\ComboFix.txt log in your reply

Consumer Security 2008- 2009

 

  • Post Points: 20
Joined on 10/24/2009
Posts: 17
Points 295

Re: Bamajim

02 Nov 2009 12:39PM

Thanks for your help!

Desktop gets blanked out, and a couple pop ups come up.  I'm not sure I can even work on the desktop now. 

I can get to Safemode now.  Can I run combofix from there?

Also, I read about folks who rename mbam.exe to something else to enable it to run.  Is there merit in doing that and running it in Safemode?  From reading other posts in this forum, my assumption is that there will still be some other tools needed besides Malwarebytes.  Just hoping to knock this thing down enough to allow access to my desktop, HJT, etc, so you have more options.

I appreciate the help, and certainly don't want to go on my own, so await your advice.  Thanks again.

  • Post Points: 20
Joined on 01/16/2006
Posts: 10,323
Points 15,967

Re: Bamajim

02 Nov 2009 01:21PM

rspangl

You can run it from SafeMode.

As far a renaming MBAM, sometimes that is warranted, but normally when .exe files are disabled, which in this case they are not. Combofix is going to be just a effective as MBAM

Consumer Security 2008- 2009

 

  • Post Points: 20
 
Page 1 of 2