Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vista laptop runs slow, searches slow, opens programs slow and more..

Started by sharokc , Aug 18 2011 04:42 AM

  • This topic is locked This topic is locked

#1
sharokc
Posted 18 August 2011 - 04:42 AM

sharokc

    Member

  • Member
  • PipPip
  • 72 posts
i dont know if there's a virus or malware or anything. it's just slow. slow to boot, search, downloads are extremely slow. i use this computer for work uploading data and photos to websites and could cut my workday hours down significantly if i wasn't always waiting for this maching to catch up with me. awful please help. i've attached my otl log i just ran.
thanks

OTL logfile created on: 8/18/2011 5:21:15 AM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Samuel Husky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 50.03% Memory free
6.09 Gb Paging File | 4.66 Gb Available in Paging File | 76.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.02 Gb Total Space | 122.00 Gb Free Space | 54.70% Space Free | Partition Type: NTFS
Drive D: | 9.86 Gb Total Space | 1.75 Gb Free Space | 17.71% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 2.16 Gb Free Space | 57.85% Space Free | Partition Type: FAT32

Computer Name: SHARON | User Name: Samuel Husky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Samuel Husky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe (FilmFanatic)
PRC - C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe (FilmFanatic)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
PRC - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files\Nuance\NaturallySpeaking11\Program\schedmgr.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files\PhotoSurfer\photosurferAutoAcquire.exe ()
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\Cricket Broadband Connect\mPhonetools.exe (Avanquest Software)
PRC - C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe ()
PRC - C:\Program Files\Cricket Broadband Connect\Bytemobile\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\Device.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\DB.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\ContextSwitcher.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryMobileBroadband.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryGeneric.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryNdis.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryVPorts.plugin ()
MOD - C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\PhotoSurfer\photosurferAutoAcquire.exe ()
MOD - C:\Program Files\Cricket Broadband Connect\ModemWiz.dll ()
MOD - C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe ()
MOD - C:\Program Files\Cricket Broadband Connect\VObject.dll ()


========== Win32 Services (SafeList) ==========

SRV - (FilmFanaticService) -- C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe (FilmFanatic)
SRV - (SwiCardDetectSvc) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
SRV - (IERA) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe (Sierra Wireless, Inc.)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (tmproxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (swiwdmbus) -- C:\Windows\System32\drivers\swiwdmbus.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\Windows\System32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\Windows\System32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (PTUMWVsp) -- C:\Windows\System32\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNET) -- C:\Windows\System32\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV - (PTUMWMdm) -- C:\Windows\System32\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWFLT) -- C:\Windows\System32\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV - (PTUMWCDF) -- C:\Windows\System32\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
DRV - (PTUMWBus) -- C:\Windows\System32\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FilmFanatic.com/Plugin: C:\Program Files\FilmFanatic\bar\1.bin\NPpaStub.dll (FilmFanatic)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Samuel Husky\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Samuel Husky\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Samuel Husky\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/27 13:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 00:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/29 08:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket Broadband Connect\Bytemobile\addon\ [2011/05/09 10:36:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FilmFanatic\bar\1.bin [2011/05/12 06:19:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.5.1\FF [2011/08/17 01:49:14 | 000,000,000 | ---D | M]

[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/04/30 23:30:15 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/02/02 22:57:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/02/02 22:57:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/02/02 22:57:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/02/02 22:57:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/02/02 22:57:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/02/02 22:57:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/02/02 22:57:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/04/30 23:30:44 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2011/04/30 23:30:08 | 000,105,472 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2010/05/19 09:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/09/02 03:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Toolbar BHO) - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant BHO) - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - !{0b84b4b4-8af8-4f1f-91fe-074a666f6425} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe ()
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [FilmFanatic Browser Plugin Loader] C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe (FilmFanatic)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PhotoSurfer Auto Acquire] C:\Program Files\PhotoSurfer\photosurferAutoAcquire.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [attcm.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm.exe (AT&T)
O4 - HKCU..\Run: [Google Update] C:\Users\Samuel Husky\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [limewire plus+] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Samuel Husky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: af.mil ([www.my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rapidsurveygroup.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rapidsurveygroup.com ([sketch] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://www.national...888745160000000 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {C5A7D325-20E3-4183-9FBE-BEF5359188E3} http://sketch.rapids...RapidSketch.cab (EmbeddedRapidSketch.EmbeddedSketchWithSecurityChecks)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.rapidsurv...RSG/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WAR
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/27 13:16:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a25bd81-59fd-11e0-a2d5-001d72788d9f}\Shell - "" = AutoRun
O33 - MountPoints2\{4a25bd81-59fd-11e0-a2d5-001d72788d9f}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{4a25bd81-59fd-11e0-a2d5-001d72788d9f}\Shell\menu1\command - "" = G:\Start.exe
O33 - MountPoints2\{d940bb79-c750-11e0-af77-0002761e2ff9}\Shell - "" = AutoRun
O33 - MountPoints2\{d940bb79-c750-11e0-af77-0002761e2ff9}\Shell\AutoRun\command - "" = G:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 05:14:02 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Samuel Husky\Desktop\OTL.exe
[2011/08/17 01:51:47 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC
[2011/08/17 01:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\VlcPlus
[2011/08/17 01:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2011/08/17 01:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2011/08/17 01:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/08/17 01:48:03 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Roaming\Babylon
[2011/08/17 01:48:03 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Local\Babylon
[2011/08/17 01:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/08/16 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\Desktop\New Folder (2)
[2011/08/16 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Local\attcm
[2011/08/15 18:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Wireless
[2011/08/15 18:01:16 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Local\attcm_AppStart
[2011/08/15 18:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AT&T
[2011/08/15 18:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\AT&T
[2011/08/15 17:59:53 | 000,201,088 | ---- | C] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\swnc8ua3.sys
[2011/08/15 17:59:53 | 000,156,544 | ---- | C] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\swumxa3.sys
[2011/08/15 17:59:53 | 000,078,720 | ---- | C] (Sierra Wireless Inc.) -- C:\Windows\System32\drivers\swiwdmbus.sys
[2011/08/15 17:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless Inc
[2011/08/15 17:59:43 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Roaming\Sierra Wireless
[2011/08/15 17:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra Wireless
[2011/08/14 22:28:10 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\Desktop\081411
[2011/08/14 17:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\Default Company Name
[2011/08/13 22:32:13 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\Desktop\081311
[2011/08/12 03:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/12 03:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/12 03:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/12 02:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/10 22:12:00 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 22:11:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/10 22:11:51 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/10 22:11:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/10 22:11:51 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 22:11:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/10 22:11:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/10 22:11:51 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/10 22:11:51 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 22:11:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 22:11:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/10 22:11:50 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 22:11:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/10 22:11:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/10 22:11:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/10 22:11:50 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/10 22:11:50 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/10 22:11:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/10 22:11:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/10 22:11:37 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 22:11:37 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/07 23:07:24 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\Desktop\081711
[2011/08/03 04:52:47 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Roaming\Titanium Gears
[2011/08/03 04:51:50 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2011/08/03 04:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Oasis
[2011/08/03 04:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Music Oasis
[2011/08/03 04:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/07/30 17:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/09 10:36:20 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF546.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\Samuel Husky\Documents\*.tmp files -> C:\Users\Samuel Husky\Documents\*.tmp -> ]
[1 C:\Users\Samuel Husky\Desktop\*.tmp files -> C:\Users\Samuel Husky\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/18 05:14:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Samuel Husky\Desktop\OTL.exe
[2011/08/18 05:00:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 05:00:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 04:32:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644376211-1445054588-4029643106-1000UA.job
[2011/08/18 03:19:49 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/18 03:19:49 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/18 03:00:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 22:40:54 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0FC7DB92-1C09-47FE-B098-CE698B68D13A}.job
[2011/08/17 16:34:47 | 000,203,264 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\081711.est
[2011/08/17 07:44:03 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 01:58:18 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/17 01:51:47 | 000,000,842 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\VLC.lnk
[2011/08/17 01:48:04 | 000,002,262 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011/08/16 20:41:35 | 000,393,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/16 09:05:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-644376211-1445054588-4029643106-1000Core.job
[2011/08/15 18:01:12 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Communication Manager.lnk
[2011/08/14 17:12:40 | 000,063,664 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Atrium Guide[1].pdf
[2011/08/14 17:12:19 | 000,107,037 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\EIFS Guide[1].pdf
[2011/08/14 17:05:38 | 002,547,209 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\CIS Group Training Export from Navigator[1].pdf
[2011/08/14 17:02:04 | 000,036,615 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\viewer.png
[2011/08/14 17:00:09 | 000,002,014 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\NavSketch.lnk
[2011/08/14 16:53:47 | 001,338,681 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Returned to Navigator by QA Queue Management[1].pdf
[2011/08/14 16:52:43 | 001,959,037 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\CIS GROUP INTEGRATED RAPID SKETCH[1].pdf
[2011/08/14 16:51:58 | 002,942,424 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Home styles[1].pdf
[2011/08/14 16:49:49 | 000,355,392 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\AFS diagraming examples[1].pdf
[2011/08/14 16:49:30 | 001,025,409 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Diagram Examples AFS, Rapid Sketch, Nav Sketch[1].pdf
[2011/08/14 16:48:51 | 000,206,017 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Converting Surveys[1].pdf
[2011/08/14 16:48:15 | 001,267,986 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Photo Uploader Quick Guide[1].pdf
[2011/08/13 14:36:17 | 000,197,120 | ---- | M] () -- C:\Users\Samuel Husky\Documents\081311.est
[2011/08/12 03:07:55 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/10 15:19:33 | 000,240,128 | ---- | M] () -- C:\Users\Samuel Husky\Documents\Moore, Oklahoma, United States.est
[2011/08/09 10:52:22 | 000,072,080 | ---- | M] () -- C:\Users\Samuel Husky\g2mdlhlpx.exe
[2011/08/03 04:51:47 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\Music Oasis.lnk
[2011/08/03 04:49:38 | 000,001,740 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Create Your Own Video Screensaver!.lnk
[2011/08/03 04:49:38 | 000,001,735 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Free Dolphin Screensaver.lnk
[2011/08/03 04:49:38 | 000,001,725 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Free Games!!.lnk
[2011/08/03 03:45:01 | 000,000,742 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\3m13ob3p65T35Z65U0b7t59dc75ee615e126d.jpg
[2011/07/29 20:56:15 | 000,199,680 | ---- | M] () -- C:\Users\Samuel Husky\Documents\072711.est
[2011/07/29 14:47:40 | 000,197,120 | ---- | M] () -- C:\Users\Samuel Husky\Documents\FRI.est
[2011/07/26 13:55:54 | 000,210,432 | ---- | M] () -- C:\Users\Samuel Husky\Documents\NEWESTJULY.est
[2011/07/25 04:38:37 | 000,007,680 | ---- | M] () -- C:\Users\Samuel Husky\Documents\072511.est
[2011/07/25 04:12:17 | 000,240,128 | ---- | M] () -- C:\Users\Samuel Husky\Documents\Oklahoma, United States, North America.est
[2011/07/25 02:39:54 | 000,199,168 | ---- | M] () -- C:\Users\Samuel Husky\Documents\sunday1.est
[2011/07/25 02:04:52 | 012,941,537 | ---- | M] () -- C:\Users\Samuel Husky\Documents\41256904005028C0206DD5D4CC675DFBC1256C3800402A0F_C5050Z_Basic_0913.pdf
[2011/07/24 08:26:42 | 000,210,432 | ---- | M] () -- C:\Users\Samuel Husky\Documents\072411.est
[2011/07/23 16:08:16 | 000,203,776 | ---- | M] () -- C:\Users\Samuel Husky\Documents\5008 N Steanson Dr, Oklahoma City, OK 73112 to 1140 SW 104th St, Oklahoma City, OK 73139.est
[2011/07/23 06:04:18 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/23 06:01:07 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/07/23 06:00:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/07/23 06:00:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/07/23 06:00:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/07/23 05:59:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/23 05:59:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/07/23 05:59:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/07/23 05:59:34 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/07/23 05:59:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/07/23 05:59:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/07/23 05:59:34 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/07/23 05:59:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/07/23 05:03:47 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/07/23 04:27:04 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/07/23 04:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/07/23 04:26:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/07/23 04:25:38 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Users\Samuel Husky\Documents\*.tmp files -> C:\Users\Samuel Husky\Documents\*.tmp -> ]
[1 C:\Users\Samuel Husky\Desktop\*.tmp files -> C:\Users\Samuel Husky\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 01:51:47 | 000,000,842 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\VLC.lnk
[2011/08/17 01:48:04 | 000,002,262 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011/08/16 21:42:05 | 000,203,264 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\081711.est
[2011/08/15 18:01:12 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\AT&T Communication Manager.lnk
[2011/08/14 17:12:40 | 000,063,664 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Atrium Guide[1].pdf
[2011/08/14 17:12:19 | 000,107,037 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\EIFS Guide[1].pdf
[2011/08/14 17:05:38 | 002,547,209 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\CIS Group Training Export from Navigator[1].pdf
[2011/08/14 17:02:15 | 000,036,615 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\viewer.png
[2011/08/14 17:00:09 | 000,002,014 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\NavSketch.lnk
[2011/08/14 16:53:47 | 001,338,681 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Returned to Navigator by QA Queue Management[1].pdf
[2011/08/14 16:52:43 | 001,959,037 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\CIS GROUP INTEGRATED RAPID SKETCH[1].pdf
[2011/08/14 16:51:58 | 002,942,424 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Home styles[1].pdf
[2011/08/14 16:49:49 | 000,355,392 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\AFS diagraming examples[1].pdf
[2011/08/14 16:49:30 | 001,025,409 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Diagram Examples AFS, Rapid Sketch, Nav Sketch[1].pdf
[2011/08/14 16:48:51 | 000,206,017 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Converting Surveys[1].pdf
[2011/08/14 16:48:15 | 001,267,986 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Photo Uploader Quick Guide[1].pdf
[2011/08/13 14:36:16 | 000,197,120 | ---- | C] () -- C:\Users\Samuel Husky\Documents\081311.est
[2011/08/12 03:07:55 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/10 15:19:32 | 000,240,128 | ---- | C] () -- C:\Users\Samuel Husky\Documents\Moore, Oklahoma, United States.est
[2011/08/03 04:51:47 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\Music Oasis.lnk
[2011/08/03 04:49:38 | 000,001,740 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Create Your Own Video Screensaver!.lnk
[2011/08/03 04:49:38 | 000,001,735 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Free Dolphin Screensaver.lnk
[2011/08/03 04:49:38 | 000,001,725 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\Free Games!!.lnk
[2011/08/03 03:45:34 | 000,000,742 | ---- | C] () -- C:\Users\Samuel Husky\Desktop\3m13ob3p65T35Z65U0b7t59dc75ee615e126d.jpg
[2011/07/29 14:47:39 | 000,197,120 | ---- | C] () -- C:\Users\Samuel Husky\Documents\FRI.est
[2011/07/25 04:38:36 | 000,007,680 | ---- | C] () -- C:\Users\Samuel Husky\Documents\072511.est
[2011/07/25 04:12:17 | 000,240,128 | ---- | C] () -- C:\Users\Samuel Husky\Documents\Oklahoma, United States, North America.est
[2011/07/24 16:31:54 | 000,199,168 | ---- | C] () -- C:\Users\Samuel Husky\Documents\sunday1.est
[2011/07/24 15:01:11 | 012,941,537 | ---- | C] () -- C:\Users\Samuel Husky\Documents\41256904005028C0206DD5D4CC675DFBC1256C3800402A0F_C5050Z_Basic_0913.pdf
[2011/07/24 07:28:28 | 000,210,432 | ---- | C] () -- C:\Users\Samuel Husky\Documents\072411.est
[2011/07/24 06:34:48 | 000,210,432 | ---- | C] () -- C:\Users\Samuel Husky\Documents\NEWESTJULY.est
[2011/07/23 16:08:15 | 000,203,776 | ---- | C] () -- C:\Users\Samuel Husky\Documents\5008 N Steanson Dr, Oklahoma City, OK 73112 to 1140 SW 104th St, Oklahoma City, OK 73139.est
[2011/05/15 21:15:46 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/05/09 10:36:37 | 000,010,440 | ---- | C] () -- C:\Windows\System32\ptumwcit.dll
[2011/05/01 01:20:53 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/05/01 01:20:53 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/01 23:12:03 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/03/29 19:06:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/18 17:12:02 | 000,001,914 | ---- | C] () -- C:\Users\Samuel Husky\AppData\Roaming\SAS7_000.DAT
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/03/15 16:10:48 | 000,336,000 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2010/03/15 16:10:47 | 001,550,528 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2009/10/20 17:36:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 17:36:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 17:36:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/14 15:41:24 | 000,439,968 | ---- | C] () -- C:\Windows\System32\PSContextMenu.dll
[2009/09/14 15:41:23 | 000,272,544 | ---- | C] () -- C:\Windows\System32\LibLossLess.dll
[2009/08/08 20:16:53 | 000,000,680 | ---- | C] () -- C:\Users\Samuel Husky\AppData\Local\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/02 17:32:18 | 000,000,346 | ---- | C] () -- C:\Users\Samuel Husky\AppData\Roaming\wklnhst.dat
[2009/08/02 01:40:49 | 000,047,104 | ---- | C] () -- C:\Users\Samuel Husky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 13:11:27 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2009/07/16 19:33:53 | 000,167,592 | ---- | C] () -- C:\Windows\System32\jpegtran.dll
[2009/07/16 19:33:53 | 000,099,600 | ---- | C] () -- C:\Windows\System32\libexif.dll
[2009/07/16 19:33:53 | 000,022,848 | ---- | C] () -- C:\Windows\System32\libjpeg.dll
[2008/06/27 13:31:32 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/06/12 13:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 13:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/04 12:54:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,393,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/08/14 23:56:31 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\Azureus
[2011/08/17 01:48:03 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\Babylon
[2011/05/07 01:24:45 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\BSD
[2011/05/18 08:15:17 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\Canon
[2011/05/17 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\DriverCure
[2009/10/02 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\GetRightToGo
[2009/08/29 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\LucasArts
[2011/05/12 03:54:24 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\MusicNet
[2011/07/01 04:55:58 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\muvee Technologies
[2010/11/18 16:58:55 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\Nuance
[2011/05/17 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\ParetoLogic
[2011/04/21 05:19:19 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\PeerNetworking
[2011/07/15 14:22:50 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\PhotoSurfer
[2011/08/15 17:59:43 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\Sierra Wireless
[2009/08/02 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\Template
[2011/08/03 04:52:47 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\Titanium Gears
[2009/08/09 10:36:31 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\WildTangent
[2011/08/17 01:58:18 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/17 22:40:54 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0FC7DB92-1C09-47FE-B098-CE698B68D13A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4062CFB2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:206E2596

< End of report >

Attached Files

  • Attached File  OTL.Txt   127.87KB   132 downloads

Edited by Gammo, 19 August 2011 - 12:32 PM.
included OTL log

  • 0

Advertisements

#2
Gammo
Posted 19 August 2011 - 01:15 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - (FilmFanaticService) -- C:\Program Files\FilmFanatic\bar\1.bin\pabarsvc.exe (FilmFanatic)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
IE - HKCU\..\URLSearchHook: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
FF - HKLM\Software\MozillaPlugins\@FilmFanatic.com/Plugin: C:\Program Files\FilmFanatic\bar\1.bin\NPpaStub.dll (FilmFanatic)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FilmFanatic\bar\1.bin [2011/05/12 06:19:39 | 000,000,000 | ---D | M]	G
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.5.1\FF [2011/08/17 01:49:14 | 000,000,000 | ---D | M]
[2010/09/02 03:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Toolbar BHO) - {631acb68-57c3-48af-9cc5-fcec0837ffd3} - C:\Program Files\FilmFanatic\bar\1.bin\pabar.dll (FilmFanatic)
O2 - BHO: (Search Assistant BHO) - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll (FilmFanatic)
O3 - HKLM\..\Toolbar: (no name) - !{0b84b4b4-8af8-4f1f-91fe-074a666f6425} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [FilmFanatic Browser Plugin Loader] C:\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe (FilmFanatic)
O4 - HKCU..\Run: [limewire plus+] File not found
O33 - MountPoints2\{4a25bd81-59fd-11e0-a2d5-001d72788d9f}\Shell - "" = AutoRun
O33 - MountPoints2\{4a25bd81-59fd-11e0-a2d5-001d72788d9f}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{4a25bd81-59fd-11e0-a2d5-001d72788d9f}\Shell\menu1\command - "" = G:\Start.exe
O33 - MountPoints2\{d940bb79-c750-11e0-af77-0002761e2ff9}\Shell - "" = AutoRun
O33 - MountPoints2\{d940bb79-c750-11e0-af77-0002761e2ff9}\Shell\AutoRun\command - "" = G:\WIN\setup.exe
[2011/08/17 01:51:47 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC
[2011/08/17 01:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\VlcPlus
[2011/08/17 01:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2011/08/17 01:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2011/08/17 01:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/08/17 01:48:03 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Roaming\Babylon
[2011/08/17 01:48:03 | 000,000,000 | ---D | C] -- C:\Users\Samuel Husky\AppData\Local\Babylon
[2011/08/17 01:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/08/03 04:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Oasis
[2011/08/03 04:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Music Oasis
[2011/08/03 04:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/08/17 01:51:47 | 000,000,842 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\VLC.lnk
[2011/08/17 01:48:04 | 000,002,262 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011/08/03 04:51:47 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\Music Oasis.lnk
[2011/08/03 04:49:38 | 000,001,740 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Create Your Own Video Screensaver!.lnk
[2011/08/03 04:49:38 | 000,001,735 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Free Dolphin Screensaver.lnk
[2011/08/03 04:49:38 | 000,001,725 | ---- | M] () -- C:\Users\Samuel Husky\Desktop\Free Games!!.lnk
[2011/05/17 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\DriverCure
[2011/05/17 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\Samuel Husky\AppData\Roaming\ParetoLogic
[1 C:\Users\Samuel Husky\Documents\*.tmp files -> C:\Users\Samuel Husky\Documents\*.tmp -> ]
[1 C:\Users\Samuel Husky\Desktop\*.tmp files -> C:\Users\Samuel Husky\Desktop\*.tmp -> ]

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\FilmFanatic
C:\Program Files\Viewpoint

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#3
sharokc
Posted 19 August 2011 - 07:21 PM

sharokc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
computer much faster. i guess you'll read this and let me know if there's something else i should do?

i also need help with another laptop. a dell alien. can i reply here with it and an otl run on it or should i start another topic for it?


ComboFix 11-08-19.02 - Samuel Husky 08/19/2011 17:36:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1988 [GMT -5:00]
Running from: c:\users\Samuel Husky\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FilmFanatic\bar\1.bin\paBAr.dll
c:\program files\FilmFanatic\bar\1.bin\paSRcas.dll
c:\program files\FunWebProducts
c:\programdata\hpeF546.dll
c:\users\Samuel Husky\Documents\~WRL0005.tmp
c:\users\Samuel Husky\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\Install.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-19 22:46 . 2011-08-19 22:46 -------- d-----w- c:\users\Samuel Husky\AppData\Local\temp
2011-08-19 22:46 . 2011-08-19 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 06:49 . 2011-08-17 06:51 -------- d-----w- c:\program files\VlcPlus
2011-08-17 06:48 . 2011-08-17 06:49 -------- d-----w- c:\program files\PriceGong
2011-08-17 06:48 . 2011-08-17 06:48 -------- d-----w- c:\program files\BabylonToolbar
2011-08-17 06:48 . 2011-08-17 06:48 -------- d-----w- c:\users\Samuel Husky\AppData\Roaming\Babylon
2011-08-17 06:48 . 2011-08-17 06:48 -------- d-----w- c:\users\Samuel Husky\AppData\Local\Babylon
2011-08-17 06:48 . 2011-08-17 06:48 -------- d-----w- c:\programdata\Babylon
2011-08-17 01:43 . 2011-08-19 22:32 -------- d-----w- c:\users\Samuel Husky\AppData\Local\attcm
2011-08-15 23:01 . 2011-08-15 23:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Sierra Wireless
2011-08-15 23:01 . 2011-08-15 23:01 -------- d-----w- c:\program files\AT&T
2011-08-15 22:59 . 2010-06-21 23:07 78720 ----a-w- c:\windows\system32\drivers\swiwdmbus.sys
2011-08-15 22:59 . 2010-06-21 22:47 156544 ----a-w- c:\windows\system32\drivers\swumxa3.sys
2011-08-15 22:59 . 2010-06-21 22:46 201088 ----a-w- c:\windows\system32\drivers\swnc8ua3.sys
2011-08-15 22:59 . 2011-08-15 23:01 -------- d-----w- c:\program files\Sierra Wireless Inc
2011-08-15 22:59 . 2011-08-15 22:59 -------- d-----w- c:\users\Samuel Husky\AppData\Roaming\Sierra Wireless
2011-08-15 22:59 . 2011-08-15 22:59 -------- d-----w- c:\programdata\Sierra Wireless
2011-08-14 22:00 . 2011-08-14 22:00 -------- d-----w- c:\program files\Default Company Name
2011-08-12 08:06 . 2011-08-12 08:06 -------- d-----w- c:\program files\iPod
2011-08-12 08:06 . 2011-08-12 08:07 -------- d-----w- c:\program files\iTunes
2011-08-12 07:57 . 2011-08-12 07:57 -------- d-----w- c:\program files\Bonjour
2011-08-11 03:12 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-03 09:52 . 2011-08-03 09:52 -------- d-----w- c:\users\Samuel Husky\AppData\Roaming\Titanium Gears
2011-08-03 09:51 . 2011-08-03 09:51 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2011-08-03 09:51 . 2011-08-03 09:51 -------- d-----w- c:\program files\Music Oasis
2011-08-03 09:49 . 2011-08-03 09:49 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-07-30 22:52 . 2011-07-30 22:52 -------- d-----w- c:\program files\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-02 13:34 . 2011-07-12 21:31 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"attcm.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm.exe" [2010-09-24 269520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-31 1398024]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-12-04 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-12-04 402984]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-19 37888]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}"="c:\program files\Cricket Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-05-01 273544]
"FilmFanatic Browser Plugin Loader"="c:\progra~1\FILMFA~2\bar\1.bin\pabrmon.exe" [2011-05-12 27648]
"PhotoSurfer Auto Acquire"="c:\program files\PhotoSurfer\photosurferAutoAcquire.exe" [2010-05-04 461984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2010-09-24 203776]
.
c:\users\Samuel Husky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 21:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-12 22:10 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-06-12 05:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 11:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-05 50256]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [2009-10-27 22032]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2010-06-21 201088]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2010-06-21 156544]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-04-14 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-31 648456]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2008-02-15 141840]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 FilmFanaticService;FilmFanatic Service;c:\progra~1\FILMFA~2\bar\1.bin\pabarsvc.exe [2011-05-12 36864]
S2 IERA;Sierra Wireless Error Reporting Agent;c:\program files\Sierra Wireless Inc\IERA\IERA.exe [2010-09-09 153968]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2010-09-13 230768]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2008-02-15 234512]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [2009-10-27 54544]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [2009-10-27 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [2009-10-27 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [2009-10-27 115216]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [2009-10-27 160400]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644376211-1445054588-4029643106-1000Core.job
- c:\users\Samuel Husky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 16:14]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-644376211-1445054588-4029643106-1000UA.job
- c:\users\Samuel Husky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-20 16:14]
.
2011-08-19 c:\windows\Tasks\User_Feed_Synchronization-{0FC7DB92-1C09-47FE-B098-CE698B68D13A}.job
- c:\windows\system32\msfeedssync.exe [2011-08-11 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: af.mil\www.my
Trusted Zone: logmeinrescue.com\secure
Trusted Zone: rapidsurveygroup.com
Trusted Zone: rapidsurveygroup.com\sketch
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://www.nationalcreditors.com/WebSys/ClientView/ImgUpload/WebResource.axd?d=zvA57Fzn7oOWlQqr85HCbxNgwpyugemK1m6ZZ0NDe-LXt9UMgCS_hbTY05rFjcoOxmpHgYo2DJpyFNMTeKsflCgtGORRmYIH13nmHqRrw-Z_YrVLc2CQQL0TzPmN6g2GE7BiO9Z4LsehlG3agoT0HDOxZyuuZYDsVKhsiHEXH5g6sFrf0&t=633888745160000000
DPF: {C5A7D325-20E3-4183-9FBE-BEF5359188E3} - hxxp://sketch.rapidsurveygroup.com/eRapidSketch.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{631acb68-57c3-48af-9cc5-fcec0837ffd3} - c:\progra~1\FILMFA~2\bar\1.bin\pabar.dll
Toolbar-10 - (no file)
HKCU-Run-limewire plus+ - c:\program files\Limewire Plus+\limewire.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 17:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-19 17:49:46
ComboFix-quarantined-files.txt 2011-08-19 22:49
.
Pre-Run: 132,184,522,752 bytes free
Post-Run: 135,259,791,360 bytes free
.
- - End Of File - - 216060DD7A2D337577FD6D361D017905
  • 0

#4
Gammo
Posted 20 August 2011 - 06:22 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services
FilmFanaticService
Viewpoint Manager Service

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FilmFanatic Browser Plugin Loader"=-

:Files
ipconfig /flushdns /c
c:\program files\FilmFanatic
c:\program files\VlcPlus
c:\program files\PriceGong
c:\program files\BabylonToolbar
c:\users\Samuel Husky\AppData\Roaming\Babylon
c:\users\Samuel Husky\AppData\Local\Babylon
c:\programdata\Babylon
c:\program files\Music Oasis
c:\program files\Free Offers from Freeze.com
c:\program files\Limewire Plus
C:\Program Files\Viewpoint
C:\Users\Samuel Husky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Oasis
C:\Users\Samuel Husky\Desktop\VLC.lnk
C:\Users\Public\Desktop\Babylon.lnk
C:\Users\Public\Desktop\Music Oasis.lnk
C:\Users\Samuel Husky\Desktop\Create Your Own Video Screensaver!.lnk
C:\Users\Samuel Husky\Desktop\Free Dolphin Screensaver.lnk
C:\Users\Samuel Husky\Desktop\Free Games!!.lnk
C:\Users\Samuel Husky\AppData\Roaming\DriverCure
C:\Users\Samuel Husky\AppData\Roaming\ParetoLogic

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.





Run OTL again
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP