moseby

Claro Removal

11 posts in this topic

Good Morning,

I have been infected by the Claro redirect file. I read through a great solution by Maniac. I have utilized his advice of downloading and using OTL and aswMBR.exe.

I am posting the logs to each below. If you can determine a way to help, it would be greatly appreciated. Thanks so much in advance.

OTL LOG:

OTL Extras logfile created on: 8/14/2012 6:37:57 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.16% Memory free

15.98 Gb Paging File | 14.09 Gb Available in Paging File | 88.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 284.05 Gb Free Space | 60.99% Space Free | Partition Type: NTFS

Computer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.js [@ = js_auto_file] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5\Adobe Dreamweaver CS5.exe (Adobe Systems, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- Reg Error: Value error.

jsfile [open] -- Reg Error: Value error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

jsfile [edit] -- Reg Error: Value error.

jsfile [open] -- Reg Error: Value error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01618F3C-29BF-44A4-9EBE-8CF22CEEBBAA}" = rport=137 | protocol=17 | dir=out | app=system |

"{05D1FA9D-49DD-48A3-908B-93B4A150BD45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0E973838-30AA-4B7F-84EE-A16C09A145A8}" = lport=139 | protocol=6 | dir=in | app=system |

"{1BA3A98A-531F-49F7-B08F-86AAF9C3F4BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{2095ABA0-94D6-4F6D-9836-57B1D5FC0114}" = lport=2869 | protocol=6 | dir=in | app=system |

"{26ADB68D-DDB6-41C0-A6FB-D7E32CD58BC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2793C2EE-881B-4E16-882A-9F96CC1240AE}" = lport=137 | protocol=17 | dir=in | app=system |

"{45085DBB-A194-442E-8860-231B659EBA6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{4AE0E8FA-95D1-4A70-9DDD-AE27F4EFCF16}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5585C12A-D629-48D7-8975-B7682B024DC0}" = rport=10243 | protocol=6 | dir=out | app=system |

"{582A51D3-A43C-4A8D-B722-6F594AC0E199}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5DFA9468-843D-4196-B7E2-A2821AD40B82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{626B10BB-5767-4F61-BCB1-881DA62156F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{664D5522-2638-44CF-A65E-AB57F3F9DD6E}" = lport=10243 | protocol=6 | dir=in | app=system |

"{68E1C44F-1AC0-48C7-BAD9-AFCE565BBDF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{6C06F979-2EC4-44EA-90B3-91AE125D1085}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{79F5A21D-9CFF-425D-A170-D854078879D6}" = rport=445 | protocol=6 | dir=out | app=system |

"{8AA47926-89D4-45FB-BEE3-4E8172865EA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{93E4A9FA-7A1E-4665-9DB0-650144919085}" = lport=445 | protocol=6 | dir=in | app=system |

"{9C5DAC14-D2EC-426C-A373-012F4190D561}" = lport=138 | protocol=17 | dir=in | app=system |

"{A112CB41-B0F6-45D3-B943-B7D65EA394C2}" = rport=139 | protocol=6 | dir=out | app=system |

"{A35C94BF-94A3-4FB4-957F-553787E6F27F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{AEFB37BC-B111-45FD-A789-9B8076AAB05E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B34B4B53-414F-462B-B268-7AAE10769442}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{BE00C8D6-F663-45F6-A58C-B244D1DC4498}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C5152A66-02BF-42FA-A40B-E5F4A73CC813}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{C8E1C89F-ABDE-455A-8622-66F395848002}" = rport=138 | protocol=17 | dir=out | app=system |

"{CD04D0FE-8A52-44FB-B7A6-DD72BD41B5C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CE764402-0756-4520-A71E-C417C8F946FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CEB2E632-7964-4758-A3F1-91B26EE95AA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CFEA2916-C28A-4FBB-9C25-5E2E300CE731}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D09CAEED-E3B9-45F0-B97D-7AD445B9F129}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DB96043F-87CB-43D6-9BA1-AE665B71C2C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E0B4A356-A6D6-4583-A244-E7B0CD35CFCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{023A18A2-AC01-4B1D-B5CA-BAB052DE20F4}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |

"{074401AA-7229-4C75-BE6A-0EBAA405CE96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{13CB329B-CCE6-4EAC-8B92-FE2FB47D8CCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{1CA403B2-AC4E-4B90-AFD1-BD8EF313D560}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{257F5D87-4BC4-4170-91BE-C8EF83861026}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{2F4767EB-E154-4C24-AE4F-A7DC2B18837D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{363CE2D6-08BB-4E63-BFF9-815FCD79E0E9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3BC24252-DF46-40F9-A648-0A033A19BC25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |

"{47D22BFF-0D31-4920-8F13-123EE02B4DBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{488E6986-A001-46AE-953D-0FA5F0A03C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{491FB5DB-921E-4FBF-8F39-642353033025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |

"{59996473-479A-4322-8BB7-FDC92C21BA92}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5A7FFA9D-7876-4CF2-93D4-330BA5F2B47D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5B9F0691-0B4E-428E-B710-5405B0072F1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |

"{5DB7C0CC-4662-43FD-8D12-3EDE2F2FB4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |

"{5E5AB7B4-ACFE-4187-8685-4D811704C529}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{636434CF-7735-4539-8B29-99A93CE2E2ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{68E02BC3-E968-40D2-8B20-877EA23D668B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6DC65077-ECEA-4F42-A2AC-1AD48C7624FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{70E6E72E-DBF7-4AA1-A90C-428E1AF1D40D}" = protocol=6 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |

"{71AB7B2E-1CE8-447F-AA10-B063A2D2F372}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{730ADC6C-6CDC-4883-9B9D-0BBFB682E816}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |

"{79780685-B051-4412-A09A-CC972D87F421}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7B4E32E5-5A4A-4DE0-96B3-E4200C90AEDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{8036F035-DB91-4F60-B020-BC8C2186A99C}" = protocol=58 | dir=in | app=system |

"{8FB0EB32-1F3C-46A2-AA83-BCF799B3DC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A47171C3-0A1C-4120-AA11-A3FCAC732B81}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{AB796BE5-1A03-443C-ABF2-04143287B88B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B9693DB1-BEDF-4D74-AD99-926AA975FA07}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |

"{C2DA823F-058C-49FC-BC30-A560540ABF63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{C2EB43A7-8DF0-4E88-9FD9-A911CDE4469E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{C30D111E-0853-4DD9-B2C2-7D3B433FA2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{C6FBFD45-719C-45F2-84DD-7EB861A26F23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{CB1D69D2-995C-45A5-BCF9-A6F44C21A28D}" = protocol=17 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |

"{CC22C63A-BB0F-42AE-AEA9-AA56E082A907}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |

"{CE1F7968-6DD3-422E-8417-84C2C329C534}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\day of defeat source\hl2.exe |

"{D0E2558C-1B46-45C9-8014-AF6D0A836998}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D148DEEA-C70F-4E24-978B-949F4906DAC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D30DA9AF-1C2D-4BC1-8820-FA78D7AD0895}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D4200345-F598-4EF4-9C6C-2F5CD01CC52B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E3123181-E1A7-49FE-8FC2-B2052695A85B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{E31ED0B7-F2FF-4CD5-BA4C-011CCA2FA880}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E9DCE756-DB57-4ABB-8FE5-7DBFF0F3823C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F21D84C1-1B0A-4641-BAF9-39EBFC4B4A47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\day of defeat source\hl2.exe |

"{F4A0A63D-CCA6-4B63-9395-AA03F405274C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F7824FDA-9AAF-4652-ACC2-51099242EA88}" = protocol=6 | dir=out | app=system |

"TCP Query User{0860123D-2CAA-4450-9657-C653337EB512}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |

"TCP Query User{4BBC93DC-02B3-4A18-B27B-D5A56D1AC19C}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |

"TCP Query User{4D947123-DCF2-41A0-A9CA-89FFD6834E48}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"TCP Query User{635C1CA2-D2B1-40D3-B56C-C9C22BE6B89B}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe |

"TCP Query User{A087C06D-5997-4A0A-B946-656B495C454F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{BFCB559C-1551-4D90-8B64-4BF9CA598BE0}C:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe |

"UDP Query User{0003C5FF-A55F-42D9-A47E-87EF626F2FB3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{20509A8D-DEEC-4C28-8383-6BE191A3D088}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"UDP Query User{3541729E-F8EE-4DF8-AE32-84D88A87B5D7}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe |

"UDP Query User{94E6885E-9637-47B3-90A9-00CE71D2A9DF}C:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe |

"UDP Query User{A9FCABD0-E6F8-44C3-929F-87B383CC0CE5}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |

"UDP Query User{F54DD4A2-3DCC-4576-94B3-075305D42957}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour

"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DF4E551-4EC7-11E1-9BA3-B8AC6F97B88E}" = Google Earth Pro

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}" = ResumeMaker

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ALchemy" = Creative ALchemy

"AoA DVD Ripper_is1" = AoA DVD Ripper

"AudioCS" = Creative Audio Control Panel

"Console Launcher" = Creative Console Launcher

"CopyPod Suite" = CopyPod Suite (remove only)

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"Diagnostics 4_5" = Creative Diagnostics

"Dolby Digital Live Pack" = Dolby Digital Live Pack

"DTS Connect Pack" = DTS Connect Pack

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50

"Free Easy Burner_is1" = Free Easy Burner V 4.1

"Free FLV Converter_is1" = Free FLV Converter V 7.0.0

"Internet Download Manager" = Internet Download Manager

"Magic FLAC to MP3 Converter_is1" = Magic FLAC to MP3 Converter 3.71

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"Steam App 440" = Team Fortress 2

"VLC media player" = VLC media player 2.0.2

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/18/2012 10:47:07 PM | Computer Name = pblan105295 | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4f28cccc Exception code: 0xc0000005 Fault offset: 0x6d29f1c9 Faulting

process id: 0x14e4 Faulting application start time: 0x01cd0577dd342de3 Faulting application

path: c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe Faulting

module path: filesystem_steam.dll Report Id: d0bb3586-716d-11e1-9793-00261893f6eb

Error - 3/19/2012 9:16:48 PM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 3/20/2012 3:30:34 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 3/21/2012 3:30:44 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 3/22/2012 3:30:45 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 3/22/2012 8:35:07 PM | Computer Name = pblan105295 | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,

time stamp: 0x4ce7a313 Faulting module name: IDMIECC64.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4f44fe11 Exception code: 0xc0000005 Fault offset: 0x000000018000cd06

Faulting

process id: 0x16e8 Faulting application start time: 0x01cd088cc04aa467 Faulting application

path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: IDMIECC64.dll

Report

Id: 09db9faf-7480-11e1-9742-00261893f6eb

Error - 3/23/2012 9:42:52 PM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 3/24/2012 10:18:47 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 3/25/2012 10:39:59 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

Error - 3/26/2012 3:30:38 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824

Description = Activation context generation failed for "c:\program files\microsoft

security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft

security client\MSESysprep.dll" on line 10. The element imaging appears as a child

of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by

this version of Windows.

[ OSession Events ]

Error - 11/30/2011 8:36:20 PM | Computer Name = pblan105295 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 8/13/2012 7:37:56 PM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 8/13/2012 7:38:11 PM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ASPI32

Error - 8/14/2012 8:34:39 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 8/14/2012 8:34:55 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ASPI32

Error - 8/14/2012 9:27:04 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 8/14/2012 9:27:23 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ASPI32

Error - 8/14/2012 9:29:26 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 8/14/2012 9:29:43 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ASPI32

Error - 8/14/2012 9:30:52 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading

due to incompatibility with this system. Please contact your software vendor for

a compatible version of the driver.

Error - 8/14/2012 9:31:10 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

ASPI32

< End of report >

The other log is below:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-14 06:47:34

-----------------------------

06:47:34.374 OS Version: Windows x64 6.1.7601 Service Pack 1

06:47:34.374 Number of processors: 4 586 0x2505

06:47:34.375 ComputerName: PBLAN105295 UserName:

06:47:35.601 Initialize success

06:47:54.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

06:47:54.492 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3

06:47:54.507 Disk 0 MBR read successfully

06:47:54.511 Disk 0 MBR scan

06:47:54.515 Disk 0 Windows VISTA default MBR code

06:47:54.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048

06:47:54.533 Disk 0 scanning C:\Windows\system32\drivers

06:47:59.091 Service scanning

06:48:08.644 Modules scanning

06:48:08.655 Disk 0 trace - called modules:

06:48:08.664 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

06:48:08.672 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800997d060]

06:48:08.677 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80078a0050]

06:48:08.680 Scan finished successfully

06:48:19.793 Disk 0 MBR has been saved successfully to "C:\Users\Paul Blanchard\Desktop\MBR.dat"

06:48:19.797 The log file has been saved successfully to "C:\Users\Paul Blanchard\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

Hello moseby and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

This is Extras.txt, not OTL.txt. Please post OTL.txt

Share this post


Link to post
Share on other sites

Wow. Thanks so much for the quick response. Here is the OTL Text. Sorry about that.

OTL logfile created on: 8/14/2012 6:37:57 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.16% Memory free

15.98 Gb Paging File | 14.09 Gb Available in Paging File | 88.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 284.05 Gb Free Space | 60.99% Space Free | Partition Type: NTFS

Computer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

PRC - [2012/08/03 16:44:00 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2012/07/30 20:56:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/07/25 06:18:46 | 003,515,840 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/01 05:09:23 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/08/01 05:09:20 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/08/01 05:09:17 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/08/01 05:09:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/08/01 05:09:13 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/07/30 20:56:04 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/06/13 03:26:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012/06/13 03:26:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/13 03:04:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/12 03:35:57 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll

MOD - [2012/05/12 03:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/12 03:26:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/12 03:26:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/12 03:26:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/12 03:26:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/12 03:26:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/01/07 20:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/11/15 07:41:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/07/30 20:56:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/01 15:14:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/02/09 18:20:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2011/02/09 18:18:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/20 09:01:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)

DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/09/15 19:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)

DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)

DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6eb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://falcon-nw.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 16 F0 87 98 64 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.falcon-nw.com/

IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6eb

IE - HKCU\..\SearchScopes\{BDC8AA5C-9595-485F-959C-6A0EE260CBA5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111204&iesrc={referrer:source}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"

FF - prefs.js..browser.search.order.1: "Claro Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.wsj.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4

FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Paul Blanchard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/15 07:06:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 20:56:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 14:14:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]

[2011/02/15 15:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Extensions

[2012/07/30 17:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions

[2011/02/21 17:31:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

[2011/02/21 11:08:33 | 000,000,000 | ---D | M] (fireform) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\fireform@mozilla.org

[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.565.25\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

[2012/07/29 19:41:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\IDM\IDMMZCC5

[2012/07/30 17:30:38 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YUCTPW67.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

[2012/07/30 20:56:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/27 06:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/06/18 10:36:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/18 10:36:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/03/09 11:21:04 | 000,000,904 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: unisonsite.com ([sms] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E5C0F67-64EC-424A-AF47-E4D5E9CF8F36}: DhcpNameServer = 192.168.0.3 192.168.0.4

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell - "" = AutoRun

O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell - "" = AutoRun

O33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 06:37:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar

[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon

[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/08/12 11:18:14 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5

[2012/08/03 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Unison Offers

[2012/07/30 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/07/29 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software

[2012/07/29 10:32:46 | 000,000,000 | ---D | C] -- C:\ConvertTemp

[2012/07/29 10:31:34 | 000,000,000 | ---D | C] -- C:\Output Files

[2012/07/29 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free

[2012/07/28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Susanna Hoffs

[2012/07/28 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Documents\Resume Formats

[2012/07/25 06:20:40 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

[2012/07/15 15:34:13 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/15 15:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/15 15:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2011/02/20 09:01:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip

[2012/08/14 06:38:15 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 06:38:15 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

[2012/08/14 06:37:18 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/14 06:37:18 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/14 06:37:18 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/14 06:31:07 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/14 06:30:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/14 06:30:53 | 2139,656,191 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/14 06:30:18 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/14 06:30:18 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/14 06:30:18 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/14 06:07:24 | 002,739,724 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Hijacked by Isearch.clarosearch.com- Remove Claro Search Redirect Virus - YooSecurity Removal Guides.webm

[2012/08/14 06:01:04 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/13 05:45:17 | 000,058,469 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\(imported Resume).rmr

[2012/08/12 19:20:14 | 000,000,098 | ---- | M] () -- C:\user.js

[2012/08/10 19:11:35 | 037,744,732 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf

[2012/08/05 12:17:51 | 000,118,560 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf

[2012/08/05 07:18:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/05 07:18:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/01 21:04:04 | 001,650,438 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG

[2012/07/30 20:56:10 | 000,002,053 | ---- | M] () -- C:\Users\Paul Blanchard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/07/30 19:36:25 | 000,001,189 | ---- | M] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml

[2012/07/29 15:32:22 | 000,779,733 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf

[2012/07/26 22:10:15 | 2344,480,526 | ---- | M] () -- C:\Users\Paul Blanchard\Kamasutra.2012.720p.BluRay.x264-MOOVEE.mkv

[2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

[2012/07/15 15:34:13 | 000,000,219 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Team Fortress 2.url

[2012/07/15 15:30:00 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip

[2012/08/14 06:07:33 | 002,739,724 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Hijacked by Isearch.clarosearch.com- Remove Claro Search Redirect Virus - YooSecurity Removal Guides.webm

[2012/08/12 19:20:14 | 000,000,098 | ---- | C] () -- C:\user.js

[2012/08/10 19:09:32 | 037,744,732 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf

[2012/08/05 12:17:51 | 000,118,560 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf

[2012/08/01 21:02:00 | 001,650,438 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG

[2012/07/29 15:32:22 | 000,779,733 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf

[2012/07/26 19:10:53 | 2344,480,526 | ---- | C] () -- C:\Users\Paul Blanchard\Kamasutra.2012.720p.BluRay.x264-MOOVEE.mkv

[2012/07/15 15:34:13 | 000,000,219 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Team Fortress 2.url

[2012/07/15 15:30:00 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk

[2012/07/04 08:50:27 | 137,007,842 | ---- | C] () -- C:\Users\Paul Blanchard\CCR-Chronicles.20GH.rar

[2012/04/02 20:46:33 | 000,122,363 | ---- | C] () -- C:\Users\Paul Blanchard\Look who's the champ.PNG

[2012/03/16 16:35:27 | 001,606,656 | ---- | C] () -- C:\Users\Paul Blanchard\SteamInstall.msi

[2011/07/27 18:38:04 | 000,026,112 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/18 07:10:55 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI

[2011/04/04 09:51:54 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011/03/27 12:34:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL

[2011/03/27 12:34:02 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2011/03/22 15:18:41 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/03/10 15:40:45 | 000,001,456 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/02/20 09:09:54 | 000,001,189 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml

[2011/02/20 09:01:58 | 000,099,384 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\inst.exe

[2011/02/20 09:01:58 | 000,007,859 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.cat

[2011/02/20 09:01:58 | 000,001,167 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.inf

[2011/02/16 10:13:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/02/16 08:17:40 | 000,007,597 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Resmon.ResmonCfg

[2011/02/09 18:18:09 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011/02/09 18:18:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011/02/09 16:51:36 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:30FD0CBD

< End of report >

Share this post


Link to post
Share on other sites

You have not followed my instructions carefully. Let's try again:

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Sorry about that. Here is the first scan:

OTL logfile created on: 8/15/2012 6:31:06 AM - Run 3

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 76.70% Memory free

15.98 Gb Paging File | 14.02 Gb Available in Paging File | 87.74% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 336.16 Gb Free Space | 72.17% Space Free | Partition Type: NTFS

Drive D: | 264.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

PRC - [2012/08/03 16:44:00 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2012/07/30 20:56:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/01 05:09:23 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/08/01 05:09:20 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/08/01 05:09:17 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/08/01 05:09:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/08/01 05:09:13 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/07/30 20:56:04 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/06/13 03:26:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/13 03:04:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/12 03:35:57 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll

MOD - [2012/05/12 03:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/12 03:26:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/12 03:26:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/12 03:26:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/12 03:26:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/12 03:26:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

MOD - [2011/01/07 20:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2010/10/25 16:13:40 | 002,893,216 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll

MOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL

MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/11/15 07:41:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/07/30 20:56:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/01 15:14:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/02/09 18:20:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2011/02/09 18:18:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/20 09:01:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)

DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/09/15 19:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)

DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)

DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6eb

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://falcon-nw.com/

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 16 F0 87 98 64 CA 01 [binary data]

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.falcon-nw.com/

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6eb

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{BDC8AA5C-9595-485F-959C-6A0EE260CBA5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111204&iesrc={referrer:source}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"

FF - prefs.js..browser.search.order.1: "Claro Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.wsj.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4

FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Paul Blanchard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/15 07:06:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 20:56:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 14:14:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]

[2011/02/15 15:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Extensions

[2012/07/30 17:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions

[2011/02/21 17:31:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

[2011/02/21 11:08:33 | 000,000,000 | ---D | M] (fireform) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\fireform@mozilla.org

[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.565.25\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

[2012/07/29 19:41:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\IDM\IDMMZCC5

[2012/07/30 17:30:38 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YUCTPW67.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

[2012/07/30 20:56:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/27 06:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/06/18 10:36:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/18 10:36:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/03/09 11:21:04 | 000,000,904 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..Trusted Domains: unisonsite.com ([sms] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E5C0F67-64EC-424A-AF47-E4D5E9CF8F36}: DhcpNameServer = 192.168.0.3 192.168.0.4

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell - "" = AutoRun

O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell - "" = AutoRun

O33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 17:18:45 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2012/08/14 17:18:43 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/08/14 17:18:43 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2012/08/14 17:18:43 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/08/14 17:18:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012/08/14 17:18:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2012/08/14 17:18:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/08/14 17:18:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012/08/14 17:18:41 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2012/08/14 17:18:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2012/08/14 17:18:33 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/08/14 17:18:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/08/14 17:18:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/08/14 17:18:32 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/08/14 17:18:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/08/14 17:18:31 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/08/14 17:18:31 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/08/14 17:18:28 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2012/08/14 12:50:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012/08/14 06:47:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe

[2012/08/14 06:37:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar

[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon

[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/08/12 11:18:14 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5

[2012/08/03 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Unison Offers

[2012/07/30 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/07/29 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software

[2012/07/29 10:32:46 | 000,000,000 | ---D | C] -- C:\ConvertTemp

[2012/07/29 10:31:34 | 000,000,000 | ---D | C] -- C:\Output Files

[2012/07/29 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free

[2012/07/28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Susanna Hoffs

[2012/07/28 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Documents\Resume Formats

[2012/07/25 06:20:40 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

[2011/02/20 09:01:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip

[2012/08/15 06:01:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/15 03:27:23 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/15 03:27:23 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/15 03:27:23 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/15 03:20:35 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/15 03:20:18 | 005,006,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/08/15 03:20:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/15 03:19:41 | 2139,656,191 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/15 03:18:47 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/14 22:07:27 | 1077,688,900 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv

[2012/08/14 07:51:28 | 002,525,695 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a

[2012/08/14 07:42:29 | 001,563,342 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a

[2012/08/14 06:48:19 | 000,000,512 | ---- | M] () -- C:\Users\Paul Blanchard\MBR.dat

[2012/08/14 06:47:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe

[2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

[2012/08/13 05:45:17 | 000,058,469 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\(imported Resume).rmr

[2012/08/12 19:20:14 | 000,000,098 | ---- | M] () -- C:\user.js

[2012/08/10 19:11:35 | 037,744,732 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf

[2012/08/05 12:17:51 | 000,118,560 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf

[2012/08/05 07:18:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/05 07:18:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/01 21:04:04 | 001,650,438 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG

[2012/07/30 20:56:10 | 000,002,053 | ---- | M] () -- C:\Users\Paul Blanchard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/07/30 19:36:25 | 000,001,189 | ---- | M] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml

[2012/07/29 15:32:22 | 000,779,733 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf

[2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip

[2012/08/14 22:00:07 | 1077,688,900 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv

[2012/08/14 07:51:27 | 002,525,695 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a

[2012/08/14 07:42:28 | 001,563,342 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a

[2012/08/14 06:48:19 | 000,000,512 | ---- | C] () -- C:\Users\Paul Blanchard\MBR.dat

[2012/08/12 19:20:14 | 000,000,098 | ---- | C] () -- C:\user.js

[2012/08/10 19:09:32 | 037,744,732 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf

[2012/08/05 12:17:51 | 000,118,560 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf

[2012/08/01 21:02:00 | 001,650,438 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG

[2012/07/29 15:32:22 | 000,779,733 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf

[2012/04/02 20:46:33 | 000,122,363 | ---- | C] () -- C:\Users\Paul Blanchard\Look who's the champ.PNG

[2012/03/16 16:35:27 | 001,606,656 | ---- | C] () -- C:\Users\Paul Blanchard\SteamInstall.msi

[2011/07/27 18:38:04 | 000,026,112 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/18 07:10:55 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI

[2011/04/04 09:51:54 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011/03/27 12:34:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL

[2011/03/27 12:34:02 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2011/03/22 15:18:41 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/03/10 15:40:45 | 000,001,456 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/02/20 09:09:54 | 000,001,189 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml

[2011/02/20 09:01:58 | 000,099,384 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\inst.exe

[2011/02/20 09:01:58 | 000,007,859 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.cat

[2011/02/20 09:01:58 | 000,001,167 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.inf

[2011/02/16 10:13:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/02/16 08:17:40 | 000,007,597 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Resmon.ResmonCfg

[2011/02/09 18:18:09 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011/02/09 18:18:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011/02/09 16:51:36 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:30FD0CBD

< End of report >

Share this post


Link to post
Share on other sites

and here is the quick scan:

OTL logfile created on: 8/15/2012 6:37:10 AM - Run 3

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 77.79% Memory free

15.98 Gb Paging File | 14.23 Gb Available in Paging File | 89.05% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 336.16 Gb Free Space | 72.17% Space Free | Partition Type: NTFS

Drive D: | 264.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

PRC - [2012/08/03 16:44:00 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe

PRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe

PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/01 05:09:23 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/08/01 05:09:20 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/08/01 05:09:17 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/08/01 05:09:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/08/01 05:09:13 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/06/13 03:26:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/13 03:04:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/12 03:35:57 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll

MOD - [2012/05/12 03:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/12 03:26:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/12 03:26:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/12 03:26:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/12 03:26:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/12 03:26:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/11/15 07:41:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/07/30 20:56:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/01 15:14:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/02/09 18:20:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2011/02/09 18:18:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/20 09:01:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)

DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/09/15 19:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)

DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)

DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6eb

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://falcon-nw.com/

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 16 F0 87 98 64 CA 01 [binary data]

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.falcon-nw.com/

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6eb

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{BDC8AA5C-9595-485F-959C-6A0EE260CBA5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111204&iesrc={referrer:source}

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Claro Search"

FF - prefs.js..browser.search.order.1: "Claro Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.wsj.com"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4

FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Paul Blanchard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/15 07:06:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 20:56:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 14:14:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]

[2011/02/15 15:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Extensions

[2012/07/30 17:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions

[2011/02/21 17:31:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

[2011/02/21 11:08:33 | 000,000,000 | ---D | M] (fireform) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\fireform@mozilla.org

[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com

File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.565.25\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION

[2012/07/29 19:41:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\IDM\IDMMZCC5

[2012/07/30 17:30:38 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YUCTPW67.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

[2012/07/30 20:56:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/27 06:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll

[2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/06/18 10:36:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/18 10:36:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/03/09 11:21:04 | 000,000,904 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..Trusted Domains: unisonsite.com ([sms] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E5C0F67-64EC-424A-AF47-E4D5E9CF8F36}: DhcpNameServer = 192.168.0.3 192.168.0.4

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell - "" = AutoRun

O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell - "" = AutoRun

O33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 12:50:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012/08/14 06:47:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe

[2012/08/14 06:37:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar

[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon

[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/08/12 11:18:14 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5

[2012/08/03 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Unison Offers

[2012/07/30 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/07/29 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software

[2012/07/29 10:32:46 | 000,000,000 | ---D | C] -- C:\ConvertTemp

[2012/07/29 10:31:34 | 000,000,000 | ---D | C] -- C:\Output Files

[2012/07/29 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free

[2012/07/28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Susanna Hoffs

[2012/07/28 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Documents\Resume Formats

[2012/07/25 06:20:40 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

[2011/02/20 09:01:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip

[2012/08/15 06:01:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/15 03:27:23 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/15 03:27:23 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/15 03:27:23 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/15 03:20:35 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/15 03:20:18 | 005,006,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/08/15 03:20:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/15 03:19:41 | 2139,656,191 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/15 03:18:47 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx

[2012/08/14 22:07:27 | 1077,688,900 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv

[2012/08/14 07:51:28 | 002,525,695 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a

[2012/08/14 07:42:29 | 001,563,342 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a

[2012/08/14 06:48:19 | 000,000,512 | ---- | M] () -- C:\Users\Paul Blanchard\MBR.dat

[2012/08/14 06:47:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe

[2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe

[2012/08/13 05:45:17 | 000,058,469 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\(imported Resume).rmr

[2012/08/12 19:20:14 | 000,000,098 | ---- | M] () -- C:\user.js

[2012/08/10 19:11:35 | 037,744,732 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf

[2012/08/05 12:17:51 | 000,118,560 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf

[2012/08/01 21:04:04 | 001,650,438 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG

[2012/07/30 20:56:10 | 000,002,053 | ---- | M] () -- C:\Users\Paul Blanchard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/07/30 19:36:25 | 000,001,189 | ---- | M] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml

[2012/07/29 15:32:22 | 000,779,733 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf

[2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip

[2012/08/14 22:00:07 | 1077,688,900 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv

[2012/08/14 07:51:27 | 002,525,695 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a

[2012/08/14 07:42:28 | 001,563,342 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a

[2012/08/14 06:48:19 | 000,000,512 | ---- | C] () -- C:\Users\Paul Blanchard\MBR.dat

[2012/08/12 19:20:14 | 000,000,098 | ---- | C] () -- C:\user.js

[2012/08/10 19:09:32 | 037,744,732 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf

[2012/08/05 12:17:51 | 000,118,560 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf

[2012/08/01 21:02:00 | 001,650,438 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG

[2012/07/29 15:32:22 | 000,779,733 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf

[2012/04/02 20:46:33 | 000,122,363 | ---- | C] () -- C:\Users\Paul Blanchard\Look who's the champ.PNG

[2012/03/16 16:35:27 | 001,606,656 | ---- | C] () -- C:\Users\Paul Blanchard\SteamInstall.msi

[2011/07/27 18:38:04 | 000,026,112 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/18 07:10:55 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI

[2011/04/04 09:51:54 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011/03/27 12:34:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL

[2011/03/27 12:34:02 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2011/03/22 15:18:41 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/03/10 15:40:45 | 000,001,456 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/02/20 09:09:54 | 000,001,189 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml

[2011/02/20 09:01:58 | 000,099,384 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\inst.exe

[2011/02/20 09:01:58 | 000,007,859 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.cat

[2011/02/20 09:01:58 | 000,001,167 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.inf

[2011/02/16 10:13:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/02/16 08:17:40 | 000,007,597 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Resmon.ResmonCfg

[2011/02/09 18:18:09 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011/02/09 18:18:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011/02/09 16:51:36 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/08/12 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon

[2012/08/12 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar

[2012/02/28 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\calibre

[2011/02/17 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\CopyPod

[2011/02/18 07:36:19 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\CopyPodPhoto

[2011/02/17 08:07:16 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\CopyTrans

[2012/08/15 03:18:32 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\DMCache

[2011/09/17 08:41:43 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\doctor

[2011/07/10 11:39:10 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\FLV2MP3

[2012/01/08 12:36:37 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\FreeBurner

[2011/03/07 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\FreeFLVConverter

[2012/06/13 05:45:16 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\IDM

[2012/07/13 09:11:42 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Individual Software

[2011/03/27 14:25:24 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\John Daly's Pro Stroke Golf 2010

[2011/02/18 07:37:50 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\SyncGuardian

[2012/07/30 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Vso

[2011/02/16 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Windows Live Writer

[2011/02/17 07:49:59 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\WindSolutions

[2011/04/09 08:37:41 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Xilisoft

[2012/06/30 12:15:23 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:30FD0CBD

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6eb
    IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6eb
    FF - prefs.js..browser.search.defaultenginename: "Claro Search"
    FF - prefs.js..browser.search.order.1: "Claro Search"
    [2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar
    [2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon
    [2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Maniac,

Here is the log:

All processes killed

========== OTL ==========

HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Prefs.js: "Claro Search" removed from browser.search.defaultenginename

Prefs.js: "Claro Search" removed from browser.search.order.1

C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.

C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\IE folder moved successfully.

C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\FF folder moved successfully.

C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\CR folder moved successfully.

C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar folder moved successfully.

C:\Users\Paul Blanchard\AppData\Roaming\Babylon folder moved successfully.

C:\ProgramData\Babylon folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Paul Blanchard\Desktop\cmd.bat deleted successfully.

C:\Users\Paul Blanchard\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Paul Blanchard

->Temp folder emptied: 34579350 bytes

->Temporary Internet Files folder emptied: 103919677 bytes

->Java cache emptied: 677845 bytes

->FireFox cache emptied: 349621815 bytes

->Flash cache emptied: 32444 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 58998222 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 727 bytes

Total Files Cleaned = 523.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08152012_101038

Files\Folders moved on Reboot...

C:\Users\Paul Blanchard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{53DE3AAA-4508-4C96-AD2F-57C3EB2EDBE5}.tmp not found!

File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B05299C6-316B-477E-9C60-EF69BE1F264D}.tmp not found!

File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DFA7A3E9-B2EF-4380-BFED-01A0F68A4D40}.tmp not found!

C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\ctrl_message[1].htc moved successfully.

C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\pdec30[1].htc moved successfully.

File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_formatbar[1].htc not found!

File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_tree[1].htc not found!

PendingFileRenameOperations files...

File C:\Users\Paul Blanchard\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{53DE3AAA-4508-4C96-AD2F-57C3EB2EDBE5}.tmp not found!

File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B05299C6-316B-477E-9C60-EF69BE1F264D}.tmp not found!

File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DFA7A3E9-B2EF-4380-BFED-01A0F68A4D40}.tmp not found!

File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\ctrl_message[1].htc not found!

File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\pdec30[1].htc not found!

File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_formatbar[1].htc not found!

File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_tree[1].htc not found!

Registry entries deleted on Reboot...

However, the claro search is still in charge of new tabs via mozella firefox. I think I am going to wipe my hard drive. I have everything backed up.

Thanks so much for all of your help.

Share this post


Link to post
Share on other sites

@moseby

Are you still with us? Have you resolved your issue ?

If we do not hear back from you soon, this thread will be closed.

Share this post


Link to post
Share on other sites

Moseby has resolved the issue & re-installed Windows. I am marking this as resolved.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.