Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojans keylogers and spyware ohh my! please help


  • Please log in to reply
5 replies to this topic

#1 al2822

al2822

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 23 March 2009 - 01:49 PM

a few weeks ago I was going to put some music on my i pod and after I plugged it in everything just slowed down and and internet explorer constantly keep popping up I then cut off my computer. I unplugged the internet and turned it back on, suddenly the deck top background was changed, pop ups popped up randomly the pc was slow and even though the internet was unhooked internet explorer keep trying to access the internet. since then I have ran avg, super anti spyware, hi jack this, and tojan hunter. they found trojans, trojan downloaders, vondo, keyloger etc. even though I ran those programs nothing solved the problem, the only other solution other then this site is to reboot the cp if anyone can help it would be greatly appreciated.


here is the log from hi jack this.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:23 AM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\AOL\1153505899\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PC-Checkup\PCCheckUp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.0983.0\msntask.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: C:\WINDOWS\system32\hs3i7jdgfd.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153505899\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ritatupoze] Rundll32.exe "C:\WINDOWS\system32\sutipuzi.dll",s
O4 - HKLM\..\Run: [Qlupujahozaz] rundll32.exe "C:\WINDOWS\Ohuwazovecebezu.dll",e
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\albert nash-flegler\lsass.exe
O4 - HKLM\..\Run: [CPMe7c51adf] Rundll32.exe "c:\windows\system32\bewupode.dll",a
O4 - HKLM\..\Run: [e4f62943] rundll32.exe "C:\WINDOWS\system32\dezozolu.dll",b
O4 - HKLM\..\Run: [Ugozozoxaz] rundll32.exe "C:\WINDOWS\eqoxiyet.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\albert~1\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\albert~1\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\qos.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O15 - Trusted Zone: http://*.megavideo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165030517468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\fpfstb.dll c:\windows\system32\bewupode.dll,C:\WINDOWS\system32\navemoye.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bewupode.dll (file missing)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bewupode.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9980cd9b3f990) (gupdate1c9980cd9b3f990) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 14418 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:53 PM

Posted 25 March 2009 - 02:27 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 al2822

al2822
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 25 March 2009 - 03:26 PM

here's the OTListIt log:


OTListIt logfile created on: 3/26/2009 4:17:58 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\albert nash-flegler\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 394.86 Mb Available Physical Memory | 38.58% Memory free
2.40 Gb Paging File | 1.80 Gb Available in Paging File | 74.82% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 3.17 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 3.14 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALBERT
Current User Name: albert nash-flegler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/07/30 09:50:12 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2007/07/25 22:55:26 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007/10/23 11:32:47 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
PRC - [2007/01/05 03:28:53 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
PRC - [2007/12/20 09:41:16 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/05 05:10:11 | 00,281,088 | ---- | M] () -- C:\WINDOWS\system32\userinit.exe
PRC - [2009/02/26 05:22:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2005/09/21 14:13:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [2007/09/07 11:40:34 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2006/09/25 17:52:48 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1153505899\ee\AOLSoftware.exe
PRC - [2006/10/23 05:50:37 | 00,071,216 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2006/07/21 11:19:09 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2005/07/22 12:03:00 | 00,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2009/02/26 09:42:19 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgcc.exe
PRC - [2008/06/10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/03/04 00:46:38 | 01,500,672 | ---- | M] (MicroSmarts LLC.) -- C:\PC-Checkup\PCCheckUp.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/01/30 09:02:18 | 02,542,528 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/11/20 20:04:34 | 03,647,304 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\Pando.exe
PRC - [2008/04/13 17:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/10/23 11:32:50 | 00,219,136 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgw.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/26 18:35:04 | 01,481,968 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2005/06/21 13:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2008/01/28 12:43:40 | 02,097,488 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/09/18 18:40:42 | 01,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2004/02/05 14:28:16 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
PRC - [2007/11/06 12:54:00 | 01,670,336 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2006/02/24 17:41:08 | 02,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/02/24 17:41:38 | 02,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
PRC - [2007/10/23 10:36:02 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2009/03/22 18:04:32 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\albert nash-flegler\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/07/30 10:13:23 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/30 09:50:12 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2007/07/25 22:55:26 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
SRV - [2007/10/23 11:32:47 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
SRV - [2007/01/05 03:28:53 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
SRV - [2007/12/20 09:41:16 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG Free\avgemc.exe -- (AVGEMS [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2005/06/21 13:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
SRV - [2005/11/17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance [On_Demand | Stopped])
SRV - [2008/05/09 16:17:12 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/02/26 05:22:03 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9980cd9b3f990 [Auto | Stopped])
SRV - [2009/02/26 05:21:11 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/13 12:49:42 | 01,192,050 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2005/09/21 14:13:44 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8 [Auto | Running])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2004/09/29 13:23:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom [Auto | Running])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/01/29 16:02:38 | 00,103,488 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2006/07/21 11:19:13 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2007/07/25 22:55:19 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
DRV - [2007/10/23 11:32:44 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core [System | Running])
DRV - [2007/01/05 03:28:57 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
DRV - [2007/02/23 14:17:32 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
DRV - [2006/09/05 09:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [System | Running])
DRV - [2007/12/20 09:41:17 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean [System | Running])
DRV - [2007/01/05 03:28:59 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
DRV - [2006/07/20 13:16:06 | 00,651,792 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2006/07/20 13:16:06 | 00,509,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2006/07/20 13:16:06 | 00,287,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2006/07/20 13:16:06 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2006/07/20 13:16:06 | 00,136,016 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2009/01/29 15:57:58 | 00,023,976 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2006/07/20 13:16:07 | 00,145,232 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2004/10/25 20:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008/04/13 11:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/07/20 13:16:07 | 00,860,592 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2006/07/20 13:16:07 | 00,159,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Stopped])
DRV - [2002/11/28 22:23:24 | 00,039,048 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\Drivers\ICDUSB2.sys -- (ICDUSB2 [On_Demand | Stopped])
DRV - [2004/09/13 12:54:06 | 00,093,440 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2004/09/13 12:54:46 | 00,028,672 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2002/04/16 13:10:52 | 00,004,899 | ---- | M] (MAGIX AG) -- C:\MAGIX\Samplitude_V8_SE\mxasio.sys -- (MagixASIODrv [On_Demand | Stopped])
DRV - [2004/09/29 13:23:00 | 02,744,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/07/20 13:16:06 | 00,190,208 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2001/04/09 13:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass [Boot | Running])
DRV - [2006/07/20 13:16:07 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2001/07/23 17:31:36 | 00,021,616 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\PStrip.sys -- (PStrip [System | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/01/21 16:03:18 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/10/07 23:31:24 | 00,065,152 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand | Stopped])
DRV - [2004/04/13 20:14:12 | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2008/02/26 18:35:08 | 00,008,944 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2008/02/26 18:35:06 | 00,051,440 | ---- | M] () -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/11/02 01:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/03/05 05:09:34 | 00,086,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\udfss.sys -- (udfss [System | Running])
DRV - [2002/11/20 20:45:50 | 00,002,218 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\vncdrv.sys -- (vncdrv [On_Demand | Stopped])
DRV - [2007/02/16 11:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2007/02/16 10:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
DRV - [2007/02/15 16:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
DRV - [2003/01/10 14:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2005/09/18 18:02:52 | 00,005,632 | ---- | M] () -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/mothership.aspx
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/mothership.aspx
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/mothership.aspx

IE - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\s-1-5-21-1202660629-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\s-1-5-21-1202660629-1214440339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {A3F33855-A2A4-4DCC-BFEB-7B33354B01DA}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\firefox\extensions\\{A3F33855-A2A4-4DCC-BFEB-7B33354B01DA}: C:\DOCUMENTS AND SETTINGS\ALBERT NASH-FLEGLER\LOCAL SETTINGS\APPLICATION DATA\{A3F33855-A2A4-4DCC-BFEB-7B33354B01DA} [2009/03/05 05:33:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/02/08 11:32:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/02/08 11:32:27 | 00,000,000 | ---D | M]

[2009/01/12 23:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\albert nash-flegler\Application Data\mozilla\Extensions
[2009/01/12 23:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\albert nash-flegler\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/27 06:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\albert nash-flegler\Application Data\mozilla\Firefox\Profiles\lm5hzy9z.default\extensions
[2009/01/23 11:23:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\albert nash-flegler\Application Data\mozilla\Firefox\Profiles\lm5hzy9z.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/10/22 18:05:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\albert nash-flegler\Application Data\mozilla\Firefox\Profiles\lm5hzy9z.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008/11/28 04:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\albert nash-flegler\Application Data\mozilla\Firefox\Profiles\lm5hzy9z.default\extensions\videodowloader@videodownloader.net
[2009/02/27 06:41:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/08 11:32:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/24 00:57:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/11/28 03:33:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/08 11:32:10 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/08 11:32:10 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/08 11:32:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/08 11:32:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/08 11:32:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/08 11:32:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/08 11:32:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/08 11:32:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/08 11:32:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (227676 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7988 more lines...
O2 - BHO: (Yahoo! IE Services Button) - {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (C:\WINDOWS\system32\hs3i7jdgfd.dll) - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll ()
O2 - BHO: (no name) - {f114ecd0-6089-4dc5-8c61-3b254ce76f7e} - C:\WINDOWS\system32\yekogalu.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..\Toolbar\WebBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [CPMe7c51adf] Rundll32.exe "c:\windows\system32\bewupode.dll",a File not found
O4 - HKLM..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
O4 - HKLM..\Run: [e4f62943] rundll32.exe "C:\WINDOWS\system32\dezozolu.dll",b File not found
O4 - HKLM..\Run: [Framework Windows] frmwrk32.exe File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153505899\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\winlognn.exe File not found
O4 - HKLM..\Run: [LSA Shellu] C:\Documents and Settings\albert nash-flegler\lsass.exe File not found
O4 - HKLM..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini (MicroSmarts LLC.)
O4 - HKLM..\Run: [Qlupujahozaz] rundll32.exe "C:\WINDOWS\Ohuwazovecebezu.dll",e ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [ritatupoze] Rundll32.exe "C:\WINDOWS\system32\sutipuzi.dll",s File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ugozozoxaz] rundll32.exe "C:\WINDOWS\eqoxiyet.dll",e (Mozilla Foundation)
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\s-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\s-1-5-19..\Run: [ritatupoze] Rundll32.exe "C:\WINDOWS\system32\sutipuzi.dll",s File not found
O4 - HKU\s-1-5-20..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\s-1-5-20..\Run: [ritatupoze] Rundll32.exe "C:\WINDOWS\system32\sutipuzi.dll",s File not found
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [] File not found
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe File not found
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized (Pando Networks)
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\albert nash-flegler\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\albert nash-flegler\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\QoS.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\QoS.dll ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..Trusted Sites: megavideo.com ([]http in Trusted sites)
O15 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..Trusted Sites: megavideo.com ([]https in Trusted sites)
O15 - HKU\s-1-5-21-1202660629-1214440339-839522115-1004\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1165030517468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\fpfstb.dll c:\windows\system32\bewupode.dll) - C:\WINDOWS\system32\fpfstb.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\navemoye.dll) - C:\WINDOWS\system32\navemoye.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt: DllName - crypts.dll - File not found
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bewupode.dll File not found
O22 - SharedTaskScheduler: {C5BF49A2-94F3-42BD-F434-3604812C8955} - jgzfkj9w38rksndfi7r4 - C:\WINDOWS\system32\hs3i7jdgfd.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\bewupode.dll File not found
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/01 01:26:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0f8398b9-97c5-11dc-917a-00038a000015}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{0f8398b9-97c5-11dc-917a-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c4989ad-21c1-11dd-91e3-00038a000015}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
O33 - MountPoints2\{1c4989ad-21c1-11dd-91e3-00038a000015}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
O33 - MountPoints2\{926c3964-1a49-11db-8f3d-00038a000015}\Shell\Auto\command - "" = H:\Start.exe -- File not found
O33 - MountPoints2\{926c3964-1a49-11db-8f3d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9b61a018-0a5d-11dc-90d6-00038a000015}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{9b61a018-0a5d-11dc-90d6-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de251688-cb8e-11dd-9240-00038a000015}\Shell\Auto\command - "" = G:\Start.exe -- File not found
O33 - MountPoints2\{de251688-cb8e-11dd-9240-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/03/26 04:16:54 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\albert nash-flegler\Desktop\OTListIt2.exe
[2009/03/24 01:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2009/03/05 05:33:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\albert nash-flegler\Local Settings\Application Data\{A3F33855-A2A4-4DCC-BFEB-7B33354B01DA}
[2009/03/05 05:33:09 | 00,135,168 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\eqoxiyet.dll
[2009/03/05 05:21:40 | 00,281,088 | ---- | C] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/03/05 05:14:16 | 01,799,372 | -HS- | C] () -- C:\WINDOWS\System32\ulozozed.ini
[2009/03/05 05:10:58 | 00,000,439 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/03/05 05:10:34 | 00,281,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/03/05 05:10:34 | 00,109,056 | ---- | C] () -- C:\WINDOWS\System32\QoS.dll
[2009/03/05 05:10:15 | 00,001,394 | ---- | C] () -- C:\WINDOWS\System32\ahtn.htm
[2009/03/05 05:10:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\albert nash-flegler\Application Data\comidle
[2009/03/05 05:10:14 | 00,004,785 | ---- | C] () -- C:\WINDOWS\System32\warning.gif
[2009/03/05 05:10:11 | 00,098,798 | ---- | C] () -- C:\WINDOWS\System32\drivers\660fc3b.sys
[2009/03/05 05:09:48 | 00,126,976 | ---- | C] () -- C:\ntgxbfmx.exe
[2009/03/05 05:09:38 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/03/05 05:09:35 | 00,167,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
[2009/03/05 05:09:34 | 00,086,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\udfss.sys
[2009/03/05 05:09:27 | 00,000,002 | ---- | C] () -- C:\-453629460
[2009/03/05 05:09:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\im5
[2009/03/05 05:09:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\h3
[2009/03/05 05:09:01 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc32.dll
[2009/03/05 05:08:58 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\wh
[2009/03/05 05:08:44 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fpfstb.dll
[2009/03/05 05:08:42 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hs3i7jdgfd.dll
[2009/03/05 05:08:41 | 00,041,984 | ---- | C] () -- C:\WINDOWS\Ohuwazovecebezu.dll
[2009/03/05 05:08:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ghu02
[2009/03/05 05:08:40 | 00,041,984 | ---- | C] (MainConcept AG) -- C:\kmfpsc.exe
[2009/03/04 14:20:49 | 00,028,831 | ---- | C] () -- C:\Documents and Settings\albert nash-flegler\Desktop\The.Curious.Case.of.Benjamin.Button.2008[DvDrip.Xvid.Mp3].4701622.TPB.torrent
[2009/03/02 15:04:58 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\albert nash-flegler\Desktop\David Silva email.doc
[2009/03/02 13:10:38 | 00,414,879 | ---- | C] () -- C:\Documents and Settings\albert nash-flegler\Desktop\ash2 copy.jpg
[2009/03/02 10:47:58 | 00,014,759 | ---- | C] () -- C:\Documents and Settings\albert nash-flegler\Desktop\Street.Fighter.The.Legend.Of.Chun-Li.CAM.XViD-CAMERA.4747519.TPB.torrent
[2009/02/27 11:03:17 | 04,152,168 | ---- | C] () -- C:\Documents and Settings\albert nash-flegler\Desktop\SetupAnyDVD6522.exe
[2009/02/26 05:22:51 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/02/26 05:22:12 | 00,000,910 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/02/26 05:21:13 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/02/26 05:21:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/26 04:23:22 | 00,098,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\660fc3b.sys
[2009/03/26 04:11:27 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2009/03/26 04:10:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/26 04:09:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/26 04:09:13 | 00,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/03/26 04:09:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/26 04:09:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/26 04:09:03 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/24 12:04:05 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
[2009/03/24 12:04:05 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
[2009/03/24 12:04:05 | 00,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
[2009/03/24 12:04:05 | 00,030,168 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000005-00001102-00000004-20021102}.rfx
[2009/03/24 12:04:05 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/03/24 12:04:05 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/03/24 12:04:05 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
[2009/03/24 12:04:05 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000005-00001102-00000004-20021102}.dat
[2009/03/22 18:04:32 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\albert nash-flegler\Desktop\OTListIt2.exe
[2009/03/22 17:16:22 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\HiJackThis.zip
[2009/03/21 04:26:43 | 00,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/21 04:09:01 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/16 20:51:10 | 00,415,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/16 20:51:10 | 00,067,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/16 20:51:08 | 00,490,958 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/05 11:34:13 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\kuzudofu
[2009/03/05 05:46:34 | 01,799,372 | -HS- | M] () -- C:\WINDOWS\System32\ulozozed.ini
[2009/03/05 05:33:10 | 00,135,168 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\eqoxiyet.dll
[2009/03/05 05:22:33 | 00,001,394 | ---- | M] () -- C:\WINDOWS\System32\ahtn.htm
[2009/03/05 05:22:29 | 00,004,785 | ---- | M] () -- C:\WINDOWS\System32\warning.gif
[2009/03/05 05:21:47 | 00,281,088 | ---- | M] () -- C:\WINDOWS\System32\ntdll64.exe
[2009/03/05 05:20:54 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/03/05 05:16:01 | 00,009,668 | -HS- | M] () -- C:\Documents and Settings\albert nash-flegler\My Documents\Folder.jpg
[2009/03/05 05:13:06 | 00,366,690 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\jumper.rtf
[2009/03/05 05:10:34 | 00,109,056 | ---- | M] () -- C:\WINDOWS\System32\QoS.dll
[2009/03/05 05:10:11 | 00,281,088 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/03/05 05:10:11 | 00,281,088 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/03/05 05:09:50 | 00,126,976 | ---- | M] () -- C:\ntgxbfmx.exe
[2009/03/05 05:09:45 | 00,000,002 | ---- | M] () -- C:\-453629460
[2009/03/05 05:09:38 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/03/05 05:09:35 | 00,167,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\core.cache.dsk
[2009/03/05 05:09:34 | 00,086,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\udfss.sys
[2009/03/05 05:09:02 | 00,009,668 | -HS- | M] () -- C:\Documents and Settings\albert nash-flegler\My Documents\AlbumArt_{D3BBA5B7-F8EE-4174-BA82-D369FFA86FF1}_Large.jpg
[2009/03/05 05:09:02 | 00,002,504 | -HS- | M] () -- C:\Documents and Settings\albert nash-flegler\My Documents\AlbumArt_{D3BBA5B7-F8EE-4174-BA82-D369FFA86FF1}_Small.jpg
[2009/03/05 05:09:01 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc32.dll
[2009/03/05 05:09:01 | 00,002,504 | -HS- | M] () -- C:\Documents and Settings\albert nash-flegler\My Documents\AlbumArtSmall.jpg
[2009/03/05 05:08:58 | 00,048,593 | ---- | M] () -- C:\WINDOWS\System32\wh
[2009/03/05 05:08:44 | 00,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fpfstb.dll
[2009/03/05 05:08:42 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\hs3i7jdgfd.dll
[2009/03/05 05:08:41 | 00,041,984 | ---- | M] () -- C:\WINDOWS\Ohuwazovecebezu.dll
[2009/03/05 05:08:40 | 00,041,984 | ---- | M] (MainConcept AG) -- C:\kmfpsc.exe
[2009/03/05 03:09:16 | 01,943,040 | -HS- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\Thumbs.db
[2009/03/04 15:44:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/04 14:20:50 | 00,028,831 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\The.Curious.Case.of.Benjamin.Button.2008[DvDrip.Xvid.Mp3].4701622.TPB.torrent
[2009/03/02 15:05:02 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\David Silva email.doc
[2009/03/02 10:47:58 | 00,014,759 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\Street.Fighter.The.Legend.Of.Chun-Li.CAM.XViD-CAMERA.4747519.TPB.torrent
[2009/03/01 20:22:24 | 00,414,879 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\ash2 copy.jpg
[2009/02/27 11:04:25 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2009/02/27 11:03:17 | 04,152,168 | ---- | M] () -- C:\Documents and Settings\albert nash-flegler\Desktop\SetupAnyDVD6522.exe
[2009/02/26 05:22:51 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:53 PM

Posted 25 March 2009 - 07:03 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (C:\WINDOWS\system32\hs3i7jdgfd.dll) - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll ()
    O2 - BHO: (no name) - {f114ecd0-6089-4dc5-8c61-3b254ce76f7e} - C:\WINDOWS\system32\yekogalu.dll File not found
    O4 - HKLM..\Run: [CPMe7c51adf] Rundll32.exe "c:\windows\system32\bewupode.dll",a File not found
    O4 - HKLM..\Run: [e4f62943] rundll32.exe "C:\WINDOWS\system32\dezozolu.dll",b File not found
    O4 - HKLM..\Run: [Framework Windows] frmwrk32.exe File not found
    O4 - HKLM..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ALBERT~1\LOCALS~1\Temp\winlognn.exe File not found
    O4 - HKLM..\Run: [LSA Shellu] C:\Documents and Settings\albert nash-flegler\lsass.exe File not found
    O4 - HKLM..\Run: [Qlupujahozaz] rundll32.exe "C:\WINDOWS\Ohuwazovecebezu.dll",e ()
    O4 - HKLM..\Run: [ritatupoze] Rundll32.exe "C:\WINDOWS\system32\sutipuzi.dll",s File not found
    O4 - HKLM..\Run: [Ugozozoxaz] rundll32.exe "C:\WINDOWS\eqoxiyet.dll",e (Mozilla Foundation)
    O4 - HKU\s-1-5-19..\Run: [ritatupoze] Rundll32.exe "C:\WINDOWS\system32\sutipuzi.dll",s File not found
    O4 - HKU\s-1-5-20..\Run: [ritatupoze] Rundll32.exe "C:\WINDOWS\system32\sutipuzi.dll",s File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\QoS.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\QoS.dll ()
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\fpfstb.dll c:\windows\system32\bewupode.dll) - C:\WINDOWS\system32\fpfstb.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\navemoye.dll) - C:\WINDOWS\system32\navemoye.dll File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bewupode.dll File not found
    O22 - SharedTaskScheduler: {C5BF49A2-94F3-42BD-F434-3604812C8955} - jgzfkj9w38rksndfi7r4 - C:\WINDOWS\system32\hs3i7jdgfd.dll ()
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\bewupode.dll File not found
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

===============




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 al2822

al2822
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 26 March 2009 - 12:09 AM

I think I killed it, I ran the fix, the first time the pc didn't reboot properly I had to force it to do so. the second time spybot popped up saying it was deleting something I usually deny it if something like that happens, so I denied the first one but figured it was the fix so I approved the rest. now when I turn it on the desktop pops up blank with no icons and either freezes or is real slow, I guess it's safe to say turn off spybot when you do that.

I then said screw it and tried to reboot because I have a cd that restores it to factory settings but it wont let me do it all the way. so I'm not sure what to do. :thumbup2:

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:53 PM

Posted 26 March 2009 - 02:36 PM

Reboot and when it gets to the point where you just have a blank desktop, hit CTRL - ALT - DELETE on your keyboard.
This should bring up task manager.
Select the Applications tab and click New Task...
Type in explorer and hit enter(or click Ok).

Let me know if that brings up the rest of your desktop.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users