moseby Posted August 14, 2012 ID:585043 Share Posted August 14, 2012 Good Morning,I have been infected by the Claro redirect file. I read through a great solution by Maniac. I have utilized his advice of downloading and using OTL and aswMBR.exe.I am posting the logs to each below. If you can determine a way to help, it would be greatly appreciated. Thanks so much in advance.OTL LOG:OTL Extras logfile created on: 8/14/2012 6:37:57 AM - Run 1OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.16% Memory free15.98 Gb Paging File | 14.09 Gb Available in Paging File | 88.18% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.76 Gb Total Space | 284.05 Gb Free Space | 60.99% Space Free | Partition Type: NTFSComputer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation).js [@ = js_auto_file] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5\Adobe Dreamweaver CS5.exe (Adobe Systems, Inc.)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)jsfile [edit] -- Reg Error: Value error.jsfile [open] -- Reg Error: Value error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)jsfile [edit] -- Reg Error: Value error.jsfile [open] -- Reg Error: Value error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01618F3C-29BF-44A4-9EBE-8CF22CEEBBAA}" = rport=137 | protocol=17 | dir=out | app=system |"{05D1FA9D-49DD-48A3-908B-93B4A150BD45}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{0E973838-30AA-4B7F-84EE-A16C09A145A8}" = lport=139 | protocol=6 | dir=in | app=system |"{1BA3A98A-531F-49F7-B08F-86AAF9C3F4BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |"{2095ABA0-94D6-4F6D-9836-57B1D5FC0114}" = lport=2869 | protocol=6 | dir=in | app=system |"{26ADB68D-DDB6-41C0-A6FB-D7E32CD58BC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{2793C2EE-881B-4E16-882A-9F96CC1240AE}" = lport=137 | protocol=17 | dir=in | app=system |"{45085DBB-A194-442E-8860-231B659EBA6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |"{4AE0E8FA-95D1-4A70-9DDD-AE27F4EFCF16}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{5585C12A-D629-48D7-8975-B7682B024DC0}" = rport=10243 | protocol=6 | dir=out | app=system |"{582A51D3-A43C-4A8D-B722-6F594AC0E199}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{5DFA9468-843D-4196-B7E2-A2821AD40B82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{626B10BB-5767-4F61-BCB1-881DA62156F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{664D5522-2638-44CF-A65E-AB57F3F9DD6E}" = lport=10243 | protocol=6 | dir=in | app=system |"{68E1C44F-1AC0-48C7-BAD9-AFCE565BBDF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{6C06F979-2EC4-44EA-90B3-91AE125D1085}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |"{79F5A21D-9CFF-425D-A170-D854078879D6}" = rport=445 | protocol=6 | dir=out | app=system |"{8AA47926-89D4-45FB-BEE3-4E8172865EA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{93E4A9FA-7A1E-4665-9DB0-650144919085}" = lport=445 | protocol=6 | dir=in | app=system |"{9C5DAC14-D2EC-426C-A373-012F4190D561}" = lport=138 | protocol=17 | dir=in | app=system |"{A112CB41-B0F6-45D3-B943-B7D65EA394C2}" = rport=139 | protocol=6 | dir=out | app=system |"{A35C94BF-94A3-4FB4-957F-553787E6F27F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |"{AEFB37BC-B111-45FD-A789-9B8076AAB05E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{B34B4B53-414F-462B-B268-7AAE10769442}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |"{BE00C8D6-F663-45F6-A58C-B244D1DC4498}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{C5152A66-02BF-42FA-A40B-E5F4A73CC813}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{C8E1C89F-ABDE-455A-8622-66F395848002}" = rport=138 | protocol=17 | dir=out | app=system |"{CD04D0FE-8A52-44FB-B7A6-DD72BD41B5C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{CE764402-0756-4520-A71E-C417C8F946FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{CEB2E632-7964-4758-A3F1-91B26EE95AA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{CFEA2916-C28A-4FBB-9C25-5E2E300CE731}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{D09CAEED-E3B9-45F0-B97D-7AD445B9F129}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{DB96043F-87CB-43D6-9BA1-AE665B71C2C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{E0B4A356-A6D6-4583-A244-E7B0CD35CFCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{023A18A2-AC01-4B1D-B5CA-BAB052DE20F4}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |"{074401AA-7229-4C75-BE6A-0EBAA405CE96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{13CB329B-CCE6-4EAC-8B92-FE2FB47D8CCE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |"{1CA403B2-AC4E-4B90-AFD1-BD8EF313D560}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{257F5D87-4BC4-4170-91BE-C8EF83861026}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |"{2F4767EB-E154-4C24-AE4F-A7DC2B18837D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |"{363CE2D6-08BB-4E63-BFF9-815FCD79E0E9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{3BC24252-DF46-40F9-A648-0A033A19BC25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |"{47D22BFF-0D31-4920-8F13-123EE02B4DBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{488E6986-A001-46AE-953D-0FA5F0A03C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{491FB5DB-921E-4FBF-8F39-642353033025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |"{59996473-479A-4322-8BB7-FDC92C21BA92}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{5A7FFA9D-7876-4CF2-93D4-330BA5F2B47D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{5B9F0691-0B4E-428E-B710-5405B0072F1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |"{5DB7C0CC-4662-43FD-8D12-3EDE2F2FB4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |"{5E5AB7B4-ACFE-4187-8685-4D811704C529}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{636434CF-7735-4539-8B29-99A93CE2E2ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{68E02BC3-E968-40D2-8B20-877EA23D668B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{6DC65077-ECEA-4F42-A2AC-1AD48C7624FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{70E6E72E-DBF7-4AA1-A90C-428E1AF1D40D}" = protocol=6 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |"{71AB7B2E-1CE8-447F-AA10-B063A2D2F372}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{730ADC6C-6CDC-4883-9B9D-0BBFB682E816}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |"{79780685-B051-4412-A09A-CC972D87F421}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{7B4E32E5-5A4A-4DE0-96B3-E4200C90AEDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |"{8036F035-DB91-4F60-B020-BC8C2186A99C}" = protocol=58 | dir=in | app=system |"{8FB0EB32-1F3C-46A2-AA83-BCF799B3DC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{A47171C3-0A1C-4120-AA11-A3FCAC732B81}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |"{AB796BE5-1A03-443C-ABF2-04143287B88B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{B9693DB1-BEDF-4D74-AD99-926AA975FA07}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |"{C2DA823F-058C-49FC-BC30-A560540ABF63}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{C2EB43A7-8DF0-4E88-9FD9-A911CDE4469E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{C30D111E-0853-4DD9-B2C2-7D3B433FA2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |"{C6FBFD45-719C-45F2-84DD-7EB861A26F23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{CB1D69D2-995C-45A5-BCF9-A6F44C21A28D}" = protocol=17 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |"{CC22C63A-BB0F-42AE-AEA9-AA56E082A907}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |"{CE1F7968-6DD3-422E-8417-84C2C329C534}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\day of defeat source\hl2.exe |"{D0E2558C-1B46-45C9-8014-AF6D0A836998}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{D148DEEA-C70F-4E24-978B-949F4906DAC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{D30DA9AF-1C2D-4BC1-8820-FA78D7AD0895}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{D4200345-F598-4EF4-9C6C-2F5CD01CC52B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{E3123181-E1A7-49FE-8FC2-B2052695A85B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |"{E31ED0B7-F2FF-4CD5-BA4C-011CCA2FA880}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{E9DCE756-DB57-4ABB-8FE5-7DBFF0F3823C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{F21D84C1-1B0A-4641-BAF9-39EBFC4B4A47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\day of defeat source\hl2.exe |"{F4A0A63D-CCA6-4B63-9395-AA03F405274C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{F7824FDA-9AAF-4652-ACC2-51099242EA88}" = protocol=6 | dir=out | app=system |"TCP Query User{0860123D-2CAA-4450-9657-C653337EB512}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |"TCP Query User{4BBC93DC-02B3-4A18-B27B-D5A56D1AC19C}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |"TCP Query User{4D947123-DCF2-41A0-A9CA-89FFD6834E48}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |"TCP Query User{635C1CA2-D2B1-40D3-B56C-C9C22BE6B89B}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe |"TCP Query User{A087C06D-5997-4A0A-B946-656B495C454F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |"TCP Query User{BFCB559C-1551-4D90-8B64-4BF9CA598BE0}C:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe |"UDP Query User{0003C5FF-A55F-42D9-A47E-87EF626F2FB3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |"UDP Query User{20509A8D-DEEC-4C28-8383-6BE191A3D088}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |"UDP Query User{3541729E-F8EE-4DF8-AE32-84D88A87B5D7}C:\program files (x86)\google\google earth pro\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth pro\googleearth.exe |"UDP Query User{94E6885E-9637-47B3-90A9-00CE71D2A9DF}C:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\paul blanchard\appdata\local\google\google earth\client\googleearth.exe |"UDP Query User{A9FCABD0-E6F8-44C3-929F-87B383CC0CE5}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |"UDP Query User{F54DD4A2-3DCC-4576-94B3-075305D42957}C:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Security Client" = Microsoft Security Essentials"WinRAR archiver" = WinRAR 4.00 (64-bit)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6DF4E551-4EC7-11E1-9BA3-B8AC6F97B88E}" = Google Earth Pro"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}" = ResumeMaker"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"ALchemy" = Creative ALchemy"AoA DVD Ripper_is1" = AoA DVD Ripper"AudioCS" = Creative Audio Control Panel"Console Launcher" = Creative Console Launcher"CopyPod Suite" = CopyPod Suite (remove only)"Creative Software AutoUpdate" = Creative Software AutoUpdate"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition"Diagnostics 4_5" = Creative Diagnostics"Dolby Digital Live Pack" = Dolby Digital Live Pack"DTS Connect Pack" = DTS Connect Pack"ENTERPRISE" = Microsoft Office Enterprise 2007"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50"Free Easy Burner_is1" = Free Easy Burner V 4.1"Free FLV Converter_is1" = Free FLV Converter V 7.0.0"Internet Download Manager" = Internet Download Manager"Magic FLAC to MP3 Converter_is1" = Magic FLAC to MP3 Converter 3.71"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"OpenAL" = OpenAL"Steam App 440" = Team Fortress 2"VLC media player" = VLC media player 2.0.2"WinLiveSuite" = Windows Live Essentials========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]========== Last 20 Event Log Errors ==========[ Application Events ]Error - 3/18/2012 10:47:07 PM | Computer Name = pblan105295 | Source = Application Error | ID = 1000Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:0x4ea78f27 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,time stamp: 0x4f28cccc Exception code: 0xc0000005 Fault offset: 0x6d29f1c9 Faultingprocess id: 0x14e4 Faulting application start time: 0x01cd0577dd342de3 Faulting applicationpath: c:\program files (x86)\steam\steamapps\moseby\team fortress 2\hl2.exe Faultingmodule path: filesystem_steam.dll Report Id: d0bb3586-716d-11e1-9793-00261893f6ebError - 3/19/2012 9:16:48 PM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.Error - 3/20/2012 3:30:34 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.Error - 3/21/2012 3:30:44 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.Error - 3/22/2012 3:30:45 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.Error - 3/22/2012 8:35:07 PM | Computer Name = pblan105295 | Source = Application Error | ID = 1000Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,time stamp: 0x4ce7a313 Faulting module name: IDMIECC64.dll_unloaded, version: 0.0.0.0,time stamp: 0x4f44fe11 Exception code: 0xc0000005 Fault offset: 0x000000018000cd06Faultingprocess id: 0x16e8 Faulting application start time: 0x01cd088cc04aa467 Faulting applicationpath: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: IDMIECC64.dllReportId: 09db9faf-7480-11e1-9742-00261893f6ebError - 3/23/2012 9:42:52 PM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.Error - 3/24/2012 10:18:47 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.Error - 3/25/2012 10:39:59 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.Error - 3/26/2012 3:30:38 AM | Computer Name = pblan105295 | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoftsecurity client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoftsecurity client\MSESysprep.dll" on line 10. The element imaging appears as a childof element urn:schemas-microsoft-com:asm.v1^assembly which is not supported bythis version of Windows.[ OSession Events ]Error - 11/30/2011 8:36:20 PM | Computer Name = pblan105295 | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2seconds with 0 seconds of active time. This session ended with a crash.[ System Events ]Error - 8/13/2012 7:37:56 PM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loadingdue to incompatibility with this system. Please contact your software vendor fora compatible version of the driver.Error - 8/13/2012 7:38:11 PM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: ASPI32Error - 8/14/2012 8:34:39 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loadingdue to incompatibility with this system. Please contact your software vendor fora compatible version of the driver.Error - 8/14/2012 8:34:55 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: ASPI32Error - 8/14/2012 9:27:04 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loadingdue to incompatibility with this system. Please contact your software vendor fora compatible version of the driver.Error - 8/14/2012 9:27:23 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: ASPI32Error - 8/14/2012 9:29:26 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loadingdue to incompatibility with this system. Please contact your software vendor fora compatible version of the driver.Error - 8/14/2012 9:29:43 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: ASPI32Error - 8/14/2012 9:30:52 AM | Computer Name = pblan105295 | Source = Application Popup | ID = 1060Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loadingdue to incompatibility with this system. Please contact your software vendor fora compatible version of the driver.Error - 8/14/2012 9:31:10 AM | Computer Name = pblan105295 | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: ASPI32< End of report >The other log is below:aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-08-14 06:47:34-----------------------------06:47:34.374 OS Version: Windows x64 6.1.7601 Service Pack 106:47:34.374 Number of processors: 4 586 0x250506:47:34.375 ComputerName: PBLAN105295 UserName:06:47:35.601 Initialize success06:47:54.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-006:47:54.492 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 306:47:54.507 Disk 0 MBR read successfully06:47:54.511 Disk 0 MBR scan06:47:54.515 Disk 0 Windows VISTA default MBR code06:47:54.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 204806:47:54.533 Disk 0 scanning C:\Windows\system32\drivers06:47:59.091 Service scanning06:48:08.644 Modules scanning06:48:08.655 Disk 0 trace - called modules:06:48:08.664 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll06:48:08.672 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800997d060]06:48:08.677 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80078a0050]06:48:08.680 Scan finished successfully06:48:19.793 Disk 0 MBR has been saved successfully to "C:\Users\Paul Blanchard\Desktop\MBR.dat"06:48:19.797 The log file has been saved successfully to "C:\Users\Paul Blanchard\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Maniac Posted August 14, 2012 ID:585047 Share Posted August 14, 2012 Hello moseby and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.This is Extras.txt, not OTL.txt. Please post OTL.txt Link to post Share on other sites More sharing options...
moseby Posted August 14, 2012 Author ID:585052 Share Posted August 14, 2012 Wow. Thanks so much for the quick response. Here is the OTL Text. Sorry about that.OTL logfile created on: 8/14/2012 6:37:57 AM - Run 1OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.16% Memory free15.98 Gb Paging File | 14.09 Gb Available in Paging File | 88.18% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.76 Gb Total Space | 284.05 Gb Free Space | 60.99% Space Free | Partition Type: NTFSComputer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exePRC - [2012/08/03 16:44:00 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exePRC - [2012/07/30 20:56:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2012/07/25 06:18:46 | 003,515,840 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exePRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exePRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exePRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exePRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe========== Modules (No Company Name) ==========MOD - [2012/08/01 05:09:23 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dllMOD - [2012/08/01 05:09:20 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dllMOD - [2012/08/01 05:09:17 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dllMOD - [2012/08/01 05:09:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dllMOD - [2012/08/01 05:09:13 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dllMOD - [2012/07/30 20:56:04 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dllMOD - [2012/06/13 03:26:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dllMOD - [2012/06/13 03:26:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dllMOD - [2012/06/13 03:04:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dllMOD - [2012/05/12 03:35:57 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dllMOD - [2012/05/12 03:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dllMOD - [2012/05/12 03:26:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dllMOD - [2012/05/12 03:26:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dllMOD - [2012/05/12 03:26:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dllMOD - [2012/05/12 03:26:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/05/12 03:26:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2011/01/07 20:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dllMOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/11/15 07:41:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/07/30 20:56:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/05/01 15:14:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/02/09 18:20:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)SRV - [2011/02/09 18:18:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/20 09:01:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)DRV:64bit: - [2009/09/15 19:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6ebIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://falcon-nw.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 16 F0 87 98 64 CA 01 [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.falcon-nw.com/IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6ebIE - HKCU\..\SearchScopes\{BDC8AA5C-9595-485F-959C-6A0EE260CBA5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKCU\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111204&iesrc={referrer:source}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Claro Search"FF - prefs.js..browser.search.order.1: "Claro Search"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "www.wsj.com"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.19FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0FF - prefs.js..network.proxy.type: 0FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Paul Blanchard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/15 07:06:03 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 20:56:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 14:14:12 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M][2011/02/15 15:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Extensions[2012/07/30 17:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions[2011/02/21 17:31:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}[2011/02/21 11:08:33 | 000,000,000 | ---D | M] (fireform) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\fireform@mozilla.org[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.comFile not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.565.25\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION[2012/07/29 19:41:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\IDM\IDMMZCC5[2012/07/30 17:30:38 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YUCTPW67.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI[2012/07/30 20:56:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll[2011/10/27 06:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll[2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml[2012/06/18 10:36:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/06/18 10:36:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2011/03/09 11:21:04 | 000,000,904 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.comO2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKCU\..Trusted Domains: unisonsite.com ([sms] https in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E5C0F67-64EC-424A-AF47-E4D5E9CF8F36}: DhcpNameServer = 192.168.0.3 192.168.0.4O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell - "" = AutoRunO33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell\AutoRun\command - "" = E:\Autorun.exeO33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell - "" = AutoRunO33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/08/14 06:37:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/08/12 11:18:14 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5[2012/08/03 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Unison Offers[2012/07/30 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2012/07/29 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software[2012/07/29 10:32:46 | 000,000,000 | ---D | C] -- C:\ConvertTemp[2012/07/29 10:31:34 | 000,000,000 | ---D | C] -- C:\Output Files[2012/07/29 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free[2012/07/28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Susanna Hoffs[2012/07/28 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Documents\Resume Formats[2012/07/25 06:20:40 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys[2012/07/15 15:34:13 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam[2012/07/15 15:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam[2012/07/15 15:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam[2011/02/20 09:01:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.sys========== Files - Modified Within 30 Days ==========File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip[2012/08/14 06:38:15 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/08/14 06:38:15 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe[2012/08/14 06:37:18 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/08/14 06:37:18 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/08/14 06:37:18 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/08/14 06:31:07 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/08/14 06:30:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/08/14 06:30:53 | 2139,656,191 | -HS- | M] () -- C:\hiberfil.sys[2012/08/14 06:30:18 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/14 06:30:18 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/14 06:30:18 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/14 06:07:24 | 002,739,724 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Hijacked by Isearch.clarosearch.com- Remove Claro Search Redirect Virus - YooSecurity Removal Guides.webm[2012/08/14 06:01:04 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/08/13 05:45:17 | 000,058,469 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\(imported Resume).rmr[2012/08/12 19:20:14 | 000,000,098 | ---- | M] () -- C:\user.js[2012/08/10 19:11:35 | 037,744,732 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf[2012/08/05 12:17:51 | 000,118,560 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf[2012/08/05 07:18:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/08/05 07:18:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2012/08/01 21:04:04 | 001,650,438 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG[2012/07/30 20:56:10 | 000,002,053 | ---- | M] () -- C:\Users\Paul Blanchard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2012/07/30 19:36:25 | 000,001,189 | ---- | M] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml[2012/07/29 15:32:22 | 000,779,733 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf[2012/07/26 22:10:15 | 2344,480,526 | ---- | M] () -- C:\Users\Paul Blanchard\Kamasutra.2012.720p.BluRay.x264-MOOVEE.mkv[2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys[2012/07/15 15:34:13 | 000,000,219 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Team Fortress 2.url[2012/07/15 15:30:00 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk========== Files Created - No Company Name ==========File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip[2012/08/14 06:07:33 | 002,739,724 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Hijacked by Isearch.clarosearch.com- Remove Claro Search Redirect Virus - YooSecurity Removal Guides.webm[2012/08/12 19:20:14 | 000,000,098 | ---- | C] () -- C:\user.js[2012/08/10 19:09:32 | 037,744,732 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf[2012/08/05 12:17:51 | 000,118,560 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf[2012/08/01 21:02:00 | 001,650,438 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG[2012/07/29 15:32:22 | 000,779,733 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf[2012/07/26 19:10:53 | 2344,480,526 | ---- | C] () -- C:\Users\Paul Blanchard\Kamasutra.2012.720p.BluRay.x264-MOOVEE.mkv[2012/07/15 15:34:13 | 000,000,219 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Team Fortress 2.url[2012/07/15 15:30:00 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk[2012/07/04 08:50:27 | 137,007,842 | ---- | C] () -- C:\Users\Paul Blanchard\CCR-Chronicles.20GH.rar[2012/04/02 20:46:33 | 000,122,363 | ---- | C] () -- C:\Users\Paul Blanchard\Look who's the champ.PNG[2012/03/16 16:35:27 | 001,606,656 | ---- | C] () -- C:\Users\Paul Blanchard\SteamInstall.msi[2011/07/27 18:38:04 | 000,026,112 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/06/18 07:10:55 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI[2011/04/04 09:51:54 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe GIF Format CS5 Prefs[2011/03/27 12:34:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL[2011/03/27 12:34:02 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll[2011/03/22 15:18:41 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe PNG Format CS5 Prefs[2011/03/10 15:40:45 | 000,001,456 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Adobe Save for Web 12.0 Prefs[2011/02/20 09:09:54 | 000,001,189 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml[2011/02/20 09:01:58 | 000,099,384 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\inst.exe[2011/02/20 09:01:58 | 000,007,859 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.cat[2011/02/20 09:01:58 | 000,001,167 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.inf[2011/02/16 10:13:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/02/16 08:17:40 | 000,007,597 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Resmon.ResmonCfg[2011/02/09 18:18:09 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL[2011/02/09 18:18:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL[2011/02/09 16:51:36 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI========== Alternate Data Streams ==========@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:30FD0CBD< End of report > Link to post Share on other sites More sharing options...
Maniac Posted August 15, 2012 ID:585435 Share Posted August 15, 2012 You have not followed my instructions carefully. Let's try again:Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
moseby Posted August 15, 2012 Author ID:585515 Share Posted August 15, 2012 Sorry about that. Here is the first scan:OTL logfile created on: 8/15/2012 6:31:06 AM - Run 3OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.99 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 76.70% Memory free15.98 Gb Paging File | 14.02 Gb Available in Paging File | 87.74% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.76 Gb Total Space | 336.16 Gb Free Space | 72.17% Space Free | Partition Type: NTFSDrive D: | 264.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exePRC - [2012/08/03 16:44:00 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exePRC - [2012/07/30 20:56:09 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exePRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exePRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe========== Modules (No Company Name) ==========MOD - [2012/08/01 05:09:23 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dllMOD - [2012/08/01 05:09:20 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dllMOD - [2012/08/01 05:09:17 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dllMOD - [2012/08/01 05:09:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dllMOD - [2012/08/01 05:09:13 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dllMOD - [2012/07/30 20:56:04 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dllMOD - [2012/06/13 03:26:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dllMOD - [2012/06/13 03:04:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dllMOD - [2012/05/12 03:35:57 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dllMOD - [2012/05/12 03:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dllMOD - [2012/05/12 03:26:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dllMOD - [2012/05/12 03:26:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dllMOD - [2012/05/12 03:26:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dllMOD - [2012/05/12 03:26:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/05/12 03:26:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLLMOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dllMOD - [2011/01/07 20:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dllMOD - [2010/10/25 16:13:40 | 002,893,216 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dllMOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLLMOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/11/15 07:41:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/07/30 20:56:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/05/01 15:14:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/02/09 18:20:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)SRV - [2011/02/09 18:18:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/20 09:01:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)DRV:64bit: - [2009/09/15 19:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6ebIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://falcon-nw.com/IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 16 F0 87 98 64 CA 01 [binary data]IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.falcon-nw.com/IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6ebIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{BDC8AA5C-9595-485F-959C-6A0EE260CBA5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111204&iesrc={referrer:source}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Claro Search"FF - prefs.js..browser.search.order.1: "Claro Search"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "www.wsj.com"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.19FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0FF - prefs.js..network.proxy.type: 0FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Paul Blanchard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/15 07:06:03 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 20:56:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 14:14:12 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M][2011/02/15 15:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Extensions[2012/07/30 17:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions[2011/02/21 17:31:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}[2011/02/21 11:08:33 | 000,000,000 | ---D | M] (fireform) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\fireform@mozilla.org[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.comFile not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.565.25\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION[2012/07/29 19:41:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\IDM\IDMMZCC5[2012/07/30 17:30:38 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YUCTPW67.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI[2012/07/30 20:56:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll[2011/10/27 06:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll[2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml[2012/06/18 10:36:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/06/18 10:36:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2011/03/09 11:21:04 | 000,000,904 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.comO2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..Trusted Domains: unisonsite.com ([sms] https in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E5C0F67-64EC-424A-AF47-E4D5E9CF8F36}: DhcpNameServer = 192.168.0.3 192.168.0.4O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell - "" = AutoRunO33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell\AutoRun\command - "" = E:\Autorun.exeO33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell - "" = AutoRunO33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/08/14 17:18:45 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll[2012/08/14 17:18:43 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2012/08/14 17:18:43 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2012/08/14 17:18:43 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2012/08/14 17:18:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2012/08/14 17:18:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe[2012/08/14 17:18:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2012/08/14 17:18:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll[2012/08/14 17:18:41 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll[2012/08/14 17:18:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll[2012/08/14 17:18:33 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2012/08/14 17:18:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2012/08/14 17:18:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2012/08/14 17:18:32 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2012/08/14 17:18:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2012/08/14 17:18:31 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2012/08/14 17:18:31 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2012/08/14 17:18:28 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll[2012/08/14 12:50:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0[2012/08/14 06:47:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe[2012/08/14 06:37:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/08/12 11:18:14 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5[2012/08/03 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Unison Offers[2012/07/30 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2012/07/29 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software[2012/07/29 10:32:46 | 000,000,000 | ---D | C] -- C:\ConvertTemp[2012/07/29 10:31:34 | 000,000,000 | ---D | C] -- C:\Output Files[2012/07/29 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free[2012/07/28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Susanna Hoffs[2012/07/28 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Documents\Resume Formats[2012/07/25 06:20:40 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys[2011/02/20 09:01:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.sys========== Files - Modified Within 30 Days ==========File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip[2012/08/15 06:01:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/08/15 03:27:23 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/08/15 03:27:23 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/08/15 03:27:23 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/08/15 03:20:35 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/08/15 03:20:18 | 005,006,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/08/15 03:20:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/08/15 03:19:41 | 2139,656,191 | -HS- | M] () -- C:\hiberfil.sys[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/15 03:18:47 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/14 22:07:27 | 1077,688,900 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv[2012/08/14 07:51:28 | 002,525,695 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a[2012/08/14 07:42:29 | 001,563,342 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a[2012/08/14 06:48:19 | 000,000,512 | ---- | M] () -- C:\Users\Paul Blanchard\MBR.dat[2012/08/14 06:47:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe[2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe[2012/08/13 05:45:17 | 000,058,469 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\(imported Resume).rmr[2012/08/12 19:20:14 | 000,000,098 | ---- | M] () -- C:\user.js[2012/08/10 19:11:35 | 037,744,732 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf[2012/08/05 12:17:51 | 000,118,560 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf[2012/08/05 07:18:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/08/05 07:18:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2012/08/01 21:04:04 | 001,650,438 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG[2012/07/30 20:56:10 | 000,002,053 | ---- | M] () -- C:\Users\Paul Blanchard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2012/07/30 19:36:25 | 000,001,189 | ---- | M] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml[2012/07/29 15:32:22 | 000,779,733 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf[2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys========== Files Created - No Company Name ==========File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip[2012/08/14 22:00:07 | 1077,688,900 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv[2012/08/14 07:51:27 | 002,525,695 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a[2012/08/14 07:42:28 | 001,563,342 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a[2012/08/14 06:48:19 | 000,000,512 | ---- | C] () -- C:\Users\Paul Blanchard\MBR.dat[2012/08/12 19:20:14 | 000,000,098 | ---- | C] () -- C:\user.js[2012/08/10 19:09:32 | 037,744,732 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf[2012/08/05 12:17:51 | 000,118,560 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf[2012/08/01 21:02:00 | 001,650,438 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG[2012/07/29 15:32:22 | 000,779,733 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf[2012/04/02 20:46:33 | 000,122,363 | ---- | C] () -- C:\Users\Paul Blanchard\Look who's the champ.PNG[2012/03/16 16:35:27 | 001,606,656 | ---- | C] () -- C:\Users\Paul Blanchard\SteamInstall.msi[2011/07/27 18:38:04 | 000,026,112 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/06/18 07:10:55 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI[2011/04/04 09:51:54 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe GIF Format CS5 Prefs[2011/03/27 12:34:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL[2011/03/27 12:34:02 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll[2011/03/22 15:18:41 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe PNG Format CS5 Prefs[2011/03/10 15:40:45 | 000,001,456 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Adobe Save for Web 12.0 Prefs[2011/02/20 09:09:54 | 000,001,189 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml[2011/02/20 09:01:58 | 000,099,384 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\inst.exe[2011/02/20 09:01:58 | 000,007,859 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.cat[2011/02/20 09:01:58 | 000,001,167 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.inf[2011/02/16 10:13:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/02/16 08:17:40 | 000,007,597 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Resmon.ResmonCfg[2011/02/09 18:18:09 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL[2011/02/09 18:18:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL[2011/02/09 16:51:36 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI========== Alternate Data Streams ==========@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:30FD0CBD< End of report > Link to post Share on other sites More sharing options...
moseby Posted August 15, 2012 Author ID:585516 Share Posted August 15, 2012 and here is the quick scan:OTL logfile created on: 8/15/2012 6:37:10 AM - Run 3OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul Blanchard\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy7.99 Gb Total Physical Memory | 6.22 Gb Available Physical Memory | 77.79% Memory free15.98 Gb Paging File | 14.23 Gb Available in Paging File | 89.05% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.76 Gb Total Space | 336.16 Gb Free Space | 72.17% Space Free | Partition Type: NTFSDrive D: | 264.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: PBLAN105295 | User Name: Paul Blanchard | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exePRC - [2012/08/03 16:44:00 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exePRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2010/07/07 21:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exePRC - [2010/07/07 21:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exePRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe========== Modules (No Company Name) ==========MOD - [2012/08/01 05:09:23 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dllMOD - [2012/08/01 05:09:20 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dllMOD - [2012/08/01 05:09:17 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dllMOD - [2012/08/01 05:09:15 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dllMOD - [2012/08/01 05:09:13 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dllMOD - [2012/06/13 03:26:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dllMOD - [2012/06/13 03:04:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dllMOD - [2012/05/12 03:35:57 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dllMOD - [2012/05/12 03:27:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dllMOD - [2012/05/12 03:26:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dllMOD - [2012/05/12 03:26:36 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dllMOD - [2012/05/12 03:26:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dllMOD - [2012/05/12 03:26:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/05/12 03:26:28 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2010/07/07 21:33:04 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL========== Win32 Services (SafeList) ==========SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/11/15 07:41:47 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/07/30 20:56:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/05/01 15:14:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2011/02/09 18:20:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)SRV - [2011/02/09 18:18:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/20 09:01:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)DRV:64bit: - [2009/09/15 19:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2009/06/10 13:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV:64bit: - [2007/08/20 12:05:02 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2004/06/22 16:44:50 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Aspi32.sys -- (ASPI32)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6ebIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://falcon-nw.com/IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 16 F0 87 98 64 CA 01 [binary data]IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.falcon-nw.com/IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6ebIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{BDC8AA5C-9595-485F-959C-6A0EE260CBA5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{F99D3F43-D6BF-E64F-D25A-DF3E0DB5D180}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z196&form=ZGAIDF&install_date=20111204&iesrc={referrer:source}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Claro Search"FF - prefs.js..browser.search.order.1: "Claro Search"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "www.wsj.com"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.11FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.3.19FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0FF - prefs.js..network.proxy.type: 0FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not foundFF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Paul Blanchard\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/15 07:06:03 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 20:56:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 14:14:12 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Paul Blanchard\AppData\Roaming\IDM\idmmzcc5 [2012/07/29 19:41:24 | 000,000,000 | ---D | M][2011/02/15 15:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Extensions[2012/07/30 17:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions[2011/02/21 17:31:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}[2011/02/21 11:08:33 | 000,000,000 | ---D | M] (fireform) -- C:\Users\Paul Blanchard\AppData\Roaming\Mozilla\Firefox\Profiles\yuctpw67.default\extensions\fireform@mozilla.org[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/08/12 19:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.comFile not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.565.25\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION[2012/07/29 19:41:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\IDM\IDMMZCC5[2012/07/30 17:30:38 | 000,375,811 | ---- | M] () (No name found) -- C:\USERS\PAUL BLANCHARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YUCTPW67.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI[2012/07/30 20:56:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll[2011/10/27 06:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll[2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml[2012/06/18 10:36:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/06/18 10:36:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xmlO1 HOSTS File: ([2011/03/09 11:21:04 | 000,000,904 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.comO2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..Trusted Domains: unisonsite.com ([sms] https in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D6A468E-C096-46AD-A244-90503E9C47B8}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E5C0F67-64EC-424A-AF47-E4D5E9CF8F36}: DhcpNameServer = 192.168.0.3 192.168.0.4O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell - "" = AutoRunO33 - MountPoints2\{7e7f3806-34a1-11e0-a383-00261893e9da}\Shell\AutoRun\command - "" = E:\Autorun.exeO33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell - "" = AutoRunO33 - MountPoints2\{ebf807be-3b69-11e0-9379-00261893e9da}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/08/14 12:50:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0[2012/08/14 06:47:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe[2012/08/14 06:37:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2012/08/12 11:18:14 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Portable.Dreamweaver.CS5[2012/08/03 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Unison Offers[2012/07/30 20:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2012/07/29 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software[2012/07/29 10:32:46 | 000,000,000 | ---D | C] -- C:\ConvertTemp[2012/07/29 10:31:34 | 000,000,000 | ---D | C] -- C:\Output Files[2012/07/29 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Pdf to Jpg Jpeg Tiff Free[2012/07/28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Desktop\Susanna Hoffs[2012/07/28 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\Documents\Resume Formats[2012/07/25 06:20:40 | 000,158,944 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys[2011/02/20 09:01:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.sys========== Files - Modified Within 30 Days ==========File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip[2012/08/15 06:01:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/08/15 03:27:35 | 000,018,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/08/15 03:27:23 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/08/15 03:27:23 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/08/15 03:27:23 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/08/15 03:20:35 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/08/15 03:20:18 | 005,006,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/08/15 03:20:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/08/15 03:19:41 | 2139,656,191 | -HS- | M] () -- C:\hiberfil.sys[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/15 03:18:47 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/15 03:18:47 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx[2012/08/14 22:07:27 | 1077,688,900 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv[2012/08/14 07:51:28 | 002,525,695 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a[2012/08/14 07:42:29 | 001,563,342 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a[2012/08/14 06:48:19 | 000,000,512 | ---- | M] () -- C:\Users\Paul Blanchard\MBR.dat[2012/08/14 06:47:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Paul Blanchard\Desktop\aswMBR.exe[2012/08/14 06:37:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul Blanchard\Desktop\OTL.exe[2012/08/13 05:45:17 | 000,058,469 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\(imported Resume).rmr[2012/08/12 19:20:14 | 000,000,098 | ---- | M] () -- C:\user.js[2012/08/10 19:11:35 | 037,744,732 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf[2012/08/05 12:17:51 | 000,118,560 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf[2012/08/01 21:04:04 | 001,650,438 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG[2012/07/30 20:56:10 | 000,002,053 | ---- | M] () -- C:\Users\Paul Blanchard\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2012/07/30 19:36:25 | 000,001,189 | ---- | M] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml[2012/07/29 15:32:22 | 000,779,733 | ---- | M] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf[2012/07/25 18:03:40 | 000,158,944 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys========== Files Created - No Company Name ==========File not found -- C:\Users\Paul Blanchard\Desktop\Broken Bells.zip[2012/08/14 22:00:07 | 1077,688,900 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\White.Collar.S04E05.720p.HDTV.x264-IMMERSE.mkv[2012/08/14 07:51:27 | 002,525,695 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Bloodstream Stateless Stateless.m4a[2012/08/14 07:42:28 | 001,563,342 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Zombie Jay Brannan In Living Color.m4a[2012/08/14 06:48:19 | 000,000,512 | ---- | C] () -- C:\Users\Paul Blanchard\MBR.dat[2012/08/12 19:20:14 | 000,000,098 | ---- | C] () -- C:\user.js[2012/08/10 19:09:32 | 037,744,732 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Fast_Company__September_2012.pdf[2012/08/05 12:17:51 | 000,118,560 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\paul_fact_sheet_color_version_option_2.pdf[2012/08/01 21:02:00 | 001,650,438 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\photo.JPG[2012/07/29 15:32:22 | 000,779,733 | ---- | C] () -- C:\Users\Paul Blanchard\Desktop\Why-delivery-approach-matters-for-IT-initiatives.pdf[2012/04/02 20:46:33 | 000,122,363 | ---- | C] () -- C:\Users\Paul Blanchard\Look who's the champ.PNG[2012/03/16 16:35:27 | 001,606,656 | ---- | C] () -- C:\Users\Paul Blanchard\SteamInstall.msi[2011/07/27 18:38:04 | 000,026,112 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/06/18 07:10:55 | 000,000,067 | ---- | C] () -- C:\Windows\AoADVDRipper.INI[2011/04/04 09:51:54 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe GIF Format CS5 Prefs[2011/03/27 12:34:04 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL[2011/03/27 12:34:02 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll[2011/03/22 15:18:41 | 000,000,132 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\Adobe PNG Format CS5 Prefs[2011/03/10 15:40:45 | 000,001,456 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Adobe Save for Web 12.0 Prefs[2011/02/20 09:09:54 | 000,001,189 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\vso_ts_preview.xml[2011/02/20 09:01:58 | 000,099,384 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\inst.exe[2011/02/20 09:01:58 | 000,007,859 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.cat[2011/02/20 09:01:58 | 000,001,167 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Roaming\pcouffin.inf[2011/02/16 10:13:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2011/02/16 08:17:40 | 000,007,597 | ---- | C] () -- C:\Users\Paul Blanchard\AppData\Local\Resmon.ResmonCfg[2011/02/09 18:18:09 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL[2011/02/09 18:18:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL[2011/02/09 16:51:36 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI========== LOP Check ==========[2012/08/12 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon[2012/08/12 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar[2012/02/28 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\calibre[2011/02/17 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\CopyPod[2011/02/18 07:36:19 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\CopyPodPhoto[2011/02/17 08:07:16 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\CopyTrans[2012/08/15 03:18:32 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\DMCache[2011/09/17 08:41:43 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\doctor[2011/07/10 11:39:10 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\FLV2MP3[2012/01/08 12:36:37 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\FreeBurner[2011/03/07 10:47:56 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\FreeFLVConverter[2012/06/13 05:45:16 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\IDM[2012/07/13 09:11:42 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Individual Software[2011/03/27 14:25:24 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\John Daly's Pro Stroke Golf 2010[2011/02/18 07:37:50 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\SyncGuardian[2012/07/30 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Vso[2011/02/16 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Windows Live Writer[2011/02/17 07:49:59 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\WindSolutions[2011/04/09 08:37:41 | 000,000,000 | ---D | M] -- C:\Users\Paul Blanchard\AppData\Roaming\Xilisoft[2012/06/30 12:15:23 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:30FD0CBD< End of report > Link to post Share on other sites More sharing options...
Maniac Posted August 15, 2012 ID:585562 Share Posted August 15, 2012 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3212_1&babsrc=HP_iclro&mntrId=f862faf600000000000000261893f6ebIE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1561166958-412737209-2657457700-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3212_1&babsrc=SP_iclro&mntrId=f862faf600000000000000261893f6ebFF - prefs.js..browser.search.defaultenginename: "Claro Search"FF - prefs.js..browser.search.order.1: "Claro Search"[2012/08/12 19:20:04 | 000,006,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml[2012/08/12 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Paul Blanchard\AppData\Roaming\Babylon[2012/08/12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon:filesipconfig /flushdns /c:Commands[emptytemp]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply. Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Link to post Share on other sites More sharing options...
moseby Posted August 15, 2012 Author ID:585610 Share Posted August 15, 2012 Maniac,Here is the log:All processes killed========== OTL ==========HKU\S-1-5-21-1561166958-412737209-2657457700-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!HKEY_USERS\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-1561166958-412737209-2657457700-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.Prefs.js: "Claro Search" removed from browser.search.defaultenginenamePrefs.js: "Claro Search" removed from browser.search.order.1C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\IE folder moved successfully.C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\FF folder moved successfully.C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar\CR folder moved successfully.C:\Users\Paul Blanchard\AppData\Roaming\BabylonToolbar folder moved successfully.C:\Users\Paul Blanchard\AppData\Roaming\Babylon folder moved successfully.C:\ProgramData\Babylon folder moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Paul Blanchard\Desktop\cmd.bat deleted successfully.C:\Users\Paul Blanchard\Desktop\cmd.txt deleted successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Paul Blanchard->Temp folder emptied: 34579350 bytes->Temporary Internet Files folder emptied: 103919677 bytes->Java cache emptied: 677845 bytes->FireFox cache emptied: 349621815 bytes->Flash cache emptied: 32444 bytesUser: Public%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 58998222 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytesRecycleBin emptied: 727 bytesTotal Files Cleaned = 523.00 mbOTL by OldTimer - Version 3.2.57.0 log created on 08152012_101038Files\Folders moved on Reboot...C:\Users\Paul Blanchard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{53DE3AAA-4508-4C96-AD2F-57C3EB2EDBE5}.tmp not found!File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B05299C6-316B-477E-9C60-EF69BE1F264D}.tmp not found!File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DFA7A3E9-B2EF-4380-BFED-01A0F68A4D40}.tmp not found!C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\ctrl_message[1].htc moved successfully.C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\pdec30[1].htc moved successfully.File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_formatbar[1].htc not found!File\Folder C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_tree[1].htc not found!PendingFileRenameOperations files...File C:\Users\Paul Blanchard\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{53DE3AAA-4508-4C96-AD2F-57C3EB2EDBE5}.tmp not found!File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B05299C6-316B-477E-9C60-EF69BE1F264D}.tmp not found!File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DFA7A3E9-B2EF-4380-BFED-01A0F68A4D40}.tmp not found!File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\ctrl_message[1].htc not found!File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPOL8A39\pdec30[1].htc not found!File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_formatbar[1].htc not found!File C:\Users\Paul Blanchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY5UXDY\ctrl_tree[1].htc not found!Registry entries deleted on Reboot...However, the claro search is still in charge of new tabs via mozella firefox. I think I am going to wipe my hard drive. I have everything backed up.Thanks so much for all of your help. Link to post Share on other sites More sharing options...
Maniac Posted August 17, 2012 ID:586750 Share Posted August 17, 2012 Are you sure? We can fix this? Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2012 ID:589066 Share Posted August 23, 2012 @mosebyAre you still with us? Have you resolved your issue ?If we do not hear back from you soon, this thread will be closed. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 23, 2012 ID:589134 Share Posted August 23, 2012 Moseby has resolved the issue & re-installed Windows. I am marking this as resolved. Link to post Share on other sites More sharing options...
Recommended Posts