Here are the logs as requested. Thanks!
OTL Extras logfile created on: 1/20/2013 6:46:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.74 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 51.92% Memory free
7.48 Gb Paging File | 5.44 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 38.19 Gb Free Space | 39.10% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.32 Gb Free Space | 96.22% Space Free | Partition Type: FAT32
Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0546580F-CAB2-48A8-BF60-E4C68DF92688}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{0689B1FF-683C-43E6-83BB-DD0F80DE11F3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA603FAC-03D3-4629-9740-F517BF778467}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B68C6B59-BC57-4C12-B480-601DFAA89ED0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA605F73-49C7-40C2-AA72-40B200A95DBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EFC8B490-2B58-42AD-9FF2-D61E6105E596}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14981194-FE1E-433A-899E-32AFE7BFE0A2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CF6F8A5-FA17-4BB9-81CA-DD9A01249187}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{1E71C1B5-8752-4101-BBE9-31CE23DF4212}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1E78F17E-B547-4D1C-858F-E10BB22F208B}" = protocol=58 | dir=out |
[email protected],-503 |
"{22111A55-9C1B-4FC0-883E-2DE61E7A38D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{28F04990-405D-4D8A-B574-7D73C3897886}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{2BD03955-94CA-43FA-8125-6BADDAE26ED9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3439C8DC-776E-455F-8CD2-15A97406D4E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37A20445-D07B-4356-9A5A-F02B4A099A77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{396A89B4-1219-4E1C-A040-6FAEC6DFA5EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3FA1CD60-7AD2-443A-A679-10E90CCC67D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{42714734-C1A2-4352-A666-E14D0814586F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{42C89126-4EA8-4B4A-9945-A31CE52AF909}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4B1B62C0-211D-4E86-B024-7CE47A7F6B34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{53ACC000-3139-40CB-B3F4-AE67642B1D6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5B94837F-CB60-4B9C-B1F4-9C90AC3329C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{70A28F44-216A-4B68-99B4-C01DB7850483}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{816D133D-BDB9-4553-9E9A-146E41A1B26F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85F104A7-B077-49E2-8EE4-C382C8165F42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{95296ACC-2EDE-427C-AB71-D925ACDEB5EA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9776124F-808E-4993-BBEC-1D73E5F9F157}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{99688802-8D8C-4AAA-BD59-DB1A1554C91A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{9C2AD601-973D-4436-9712-5087A457E7F8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{A0EBADA1-3CD8-4A0D-82F6-650E90923AB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{A3DF69EF-D0AF-4F17-BCA6-7AFEEA3E0344}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9D60719-F426-48E9-B07F-594400D461FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AAF61B06-63EB-42C0-9D37-94FE4546677B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B8C4823E-AC83-4E97-ADD7-FFF0E1EAD25F}" = protocol=58 | dir=in | app=system |
"{B95F9969-4FB4-41A8-ABD9-62E103E1CE99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BFA79688-FD2F-4ED9-B1FF-BD995FAB269A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C46FFFAE-5BE2-4B21-BB3E-B4A4EACCE646}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D07FFBA4-21A6-4D75-81FE-AED11ED603DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D4F37394-044B-462F-B5B1-73516260E0FA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D7ECA04C-1099-43A1-AFCB-EAF43860EADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{D9D37369-D700-4736-A390-D5981C288F52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{DAE701D9-E467-4A4B-AC2F-EC3AF75CE17D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E9502437-3B3C-4B29-AAA1-37C69EA3F6F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB086C7C-0FC8-40DE-972B-C09BFFBACAB8}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{EE2DF59E-E49C-4B94-8924-5DECF8CD33BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FA1884E7-EB1A-4805-A247-E18FC57B91CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4C06D1-9C55-473D-8343-E6431B3159FA}" = Boulevard 2013
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AVG Secure Search" = AVG Security Toolbar
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"Fraps" = Fraps
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Virtual Technician" = McAfee Virtual Technician
"MSC" = McAfee Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WiseConvert_2.1 Toolbar" = WiseConvert 2.1 Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 11/12/2012 11:35:39 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/12/2012 11:35:39 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5164
Error - 11/12/2012 11:35:39 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5164
Error - 11/12/2012 11:35:40 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 11/12/2012 11:35:40 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6162
Error - 11/12/2012 11:35:40 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6162
Error - 11/13/2012 1:07:09 AM | Computer Name = Balthazaar | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.6.259.0, time
stamp: 0x5040f1f9 Faulting module name: mfefwctl.dll, version: 15.1.0.518, time stamp:
0x4fc63ec0 Exception code: 0xc0000005 Fault offset: 0x000000000000f90e Faulting process
id: 0x648 Faulting application start time: 0x01cdc0d38e0f5c57 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll Report Id: f9823f97-2d4f-11e2-bc24-7071bc1c99b3
Error - 11/13/2012 8:37:25 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =
Error - 11/14/2012 8:30:56 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =
Error - 11/15/2012 8:31:29 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 1/19/2013 10:34:13 PM | Computer Name = Balthazaar | Source = DCOM | ID = 10005
Description =
Error - 1/19/2013 10:34:13 PM | Computer Name = Balthazaar | Source = DCOM | ID = 10005
Description =
Error - 1/19/2013 11:11:29 PM | Computer Name = Balthazaar | Source = DCOM | ID = 10010
Description =
Error - 1/20/2013 5:31:21 AM | Computer Name = Balthazaar | Source = DCOM | ID = 10010
Description =
Error - 1/20/2013 5:38:11 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7031
Description = The McAfee Home Network service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/20/2013 5:38:11 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.
Error - 1/20/2013 5:38:11 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 1/20/2013 5:38:11 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7031
Description = The McAfee Platform Services service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 1/20/2013 5:38:11 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/20/2013 5:38:11 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
< End of report >
OTL logfile created on: 1/20/2013 6:59:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.74 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 45.07% Memory free
7.48 Gb Paging File | 5.32 Gb Available in Paging File | 71.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 38.34 Gb Free Space | 39.26% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.32 Gb Free Space | 96.22% Space Free | Partition Type: FAT32
Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/01/20 06:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/11/08 16:50:47 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/08 16:50:47 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/07/27 14:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/03 12:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2009/08/26 12:34:32 | 010,633,856 | ---- | M] (MakeMusic Inc.) -- C:\Program Files (x86)\Finale PrintMusic 2010\printmusic.exe
========== Modules (No Company Name) ========== MOD - [2012/11/08 16:50:47 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/08 16:50:47 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 16:50:47 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/25 17:42:48 | 000,285,184 | ---- | M] () -- C:\Program Files (x86)\Finale PrintMusic 2010\Component Files\systemdivider.dll
MOD - [2009/05/22 13:37:28 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Finale PrintMusic 2010\FinaleVST\softsynth_vst.dll
========== Services (SafeList) ========== SRV:
64bit: - [2012/11/22 04:42:06 | 000,378,952 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:
64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:
64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:
64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:
64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:
64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:
64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:
64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:
64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:
64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:
64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:
64bit: - [2009/11/17 12:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:
64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 11:59:05 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/08 16:50:47 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/22 15:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:
64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:
64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:
64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:
64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:
64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:
64bit: - [2012/11/08 16:50:47 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:
64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:
64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:
64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:
64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/11 06:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:
64bit: - [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2010/04/13 19:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:
64bit: - [2009/11/13 08:53:36 | 000,030,248 | ---- | M] (Fintek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FintekCIR.sys -- (FintekCIR)
DRV:
64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:
64bit: - [2009/09/16 23:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:
64bit: - [2009/09/16 23:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:
64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:
64bit: - [2009/06/17 12:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:
64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2009/06/10 14:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:
64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT3208938 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\The Cross Family\Downloads
IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-655021921-481352255-711363081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\..\SearchScopes,DefaultScope = {7F9E2D3B-70C9-41D8-B9EF-71DF17886010}
IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\..\SearchScopes\{776228B8-FE0C-48BC-A99A-7D399A39B280}: "URL" =
http://search.yahoo....p={SearchTerms}IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\..\SearchScopes\{7F9E2D3B-70C9-41D8-B9EF-71DF17886010}: "URL" =
http://www.google.co...1I7ADRA_enUS466IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-655021921-481352255-711363081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF:
64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 17:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/19 19:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/21 06:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/12/07 17:34:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\McAfee\MSK [2013/01/05 11:08:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 17:34:39 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - homepage:
http://www.google.comCHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://www.google.comCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Docs = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: AVG Secure Search = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Gmail = C:\Users\The Cross Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:
64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-655021921-481352255-711363081-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-655021921-481352255-711363081-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-655021921-481352255-711363081-1001\..\Toolbar\WebBrowser: (WiseConvert 2.1 Toolbar) - {ECCE0073-A837-45A2-95B9-600420505F7E} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
F3:
64bit: - HKU\S-1-5-21-655021921-481352255-711363081-1001 WinNT: Load - (C:\Users\THECRO~1\LOCALS~1\Temp\msoimhi.bat) - File not found
F3 - HKU\S-1-5-21-655021921-481352255-711363081-1001 WinNT: Load - (C:\Users\THECRO~1\LOCALS~1\Temp\msoimhi.bat) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}: DhcpNameServer = 10.0.0.1
O18:
64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18:
64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PMWinSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/01/20 06:58:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/01/20 06:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/01/19 21:08:50 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/19 21:08:50 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/19 21:08:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/19 21:08:26 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/19 21:08:17 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/19 21:08:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/19 21:08:17 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/19 21:08:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/19 21:08:17 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/19 21:08:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/19 21:08:17 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/19 21:08:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/19 21:08:17 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/19 21:08:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/19 21:08:17 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/19 21:08:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/19 21:08:17 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/19 21:08:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/19 21:08:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/19 21:08:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/19 21:08:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/19 21:08:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/19 21:08:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/19 21:08:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/19 21:08:17 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/19 21:08:16 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/19 21:08:16 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/19 21:08:16 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/19 21:08:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/19 21:08:16 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/19 21:08:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/19 21:08:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/19 21:08:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/19 21:08:16 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/19 21:08:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/19 21:08:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/19 21:07:40 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/19 21:07:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/19 21:07:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/19 21:07:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/19 21:07:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/19 21:07:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/19 21:07:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/19 21:07:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/19 21:07:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/19 21:07:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/19 21:07:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/19 21:07:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/19 21:07:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/19 21:07:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/19 21:07:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/19 21:07:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/19 21:07:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/19 21:07:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/19 21:07:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/19 21:07:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/19 21:07:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/19 21:07:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/19 21:07:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/19 21:07:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/19 21:07:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/19 21:07:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/19 21:07:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/19 21:07:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/19 21:07:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/19 21:07:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/19 21:07:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/19 21:07:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/19 21:07:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/19 21:07:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/19 21:07:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/19 21:07:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/19 21:07:14 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/19 20:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/19 20:34:57 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/15 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Programs
[2013/01/08 17:13:38 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\{A8199740-A1BD-4184-AAE3-CFF9CD163390}
[2013/01/08 17:13:37 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\{2E1C1693-C4D9-46CB-A998-3E1FD7887421}
[2013/01/05 11:55:56 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Blvd
[2013/01/05 11:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main Street Software
[2013/01/05 11:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blvd2013
[2013/01/05 10:48:33 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/01/05 10:46:34 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/01/04 21:14:11 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\{44F8C8C0-5D65-46D3-AEA6-2E63807A52F2}
[2013/01/04 21:10:11 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/01/04 21:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/01/04 21:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/01/04 21:04:28 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013/01/04 21:04:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2013/01/04 21:04:28 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013/01/04 21:04:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013/01/04 21:04:12 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013/01/04 21:04:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013/01/04 21:02:30 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Windows Live
[2013/01/04 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/01/04 19:28:24 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\Desktop\Herobrine's Mansion by Hypixel
[2012/12/26 17:27:31 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Diagnostics
[2012/12/22 14:07:44 | 002,055,680 | ---- | C] (craften.de) -- C:\Users\The Cross Family\Desktop\Minecraft Version Changer.exe
[2012/12/22 13:53:07 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\craften.de
[2012/12/22 13:52:36 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Minecraft Version Changer
[2012/12/22 12:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blvd 2012
[2012/12/22 03:01:04 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/22 03:01:04 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/22 03:01:04 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/22 03:01:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/01/20 06:58:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/01/20 06:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 06:48:37 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/01/20 06:44:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 03:41:22 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 03:41:22 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/20 03:38:20 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/20 03:38:20 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/20 03:38:20 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/20 03:33:16 | 001,257,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/20 03:32:48 | 3012,907,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 20:34:58 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 20:33:11 | 000,001,254 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/17 23:04:35 | 000,000,022 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-17_230419.ZIP
[2013/01/16 13:30:40 | 002,824,864 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-16_133034.ZIP
[2013/01/15 21:53:40 | 002,824,864 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-15_215335.ZIP
[2013/01/15 20:42:49 | 002,824,842 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-15_204241.ZIP
[2013/01/14 14:24:39 | 002,824,842 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-14_142433.ZIP
[2013/01/14 12:21:13 | 002,824,842 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-14_122107.ZIP
[2013/01/14 11:55:49 | 002,824,841 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-14_115543.ZIP
[2013/01/12 19:10:51 | 002,825,726 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-12_191045.ZIP
[2013/01/11 07:08:40 | 002,822,856 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-11_070834.ZIP
[2013/01/11 06:50:11 | 002,822,350 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-11_065006.ZIP
[2013/01/09 15:06:04 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2013/01/09 11:59:04 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 11:59:03 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 21:42:46 | 000,014,401 | ---- | M] () -- C:\Users\The Cross Family\Documents\Whale Ad.wlmp
[2013/01/05 11:42:33 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Blvd 2013.lnk
[2013/01/05 11:27:29 | 000,000,192 | ---- | M] () -- C:\Users\The Cross Family\Documents\BLVD.ldb
[2013/01/05 11:24:43 | 014,032,896 | ---- | M] () -- C:\Users\The Cross Family\Documents\BLVD.MDB
[2013/01/04 09:11:21 | 000,000,447 | ---- | M] () -- C:\Users\The Cross Family\Lord Gunash.png
[2013/01/04 09:11:21 | 000,000,447 | ---- | M] () -- C:\Users\The Cross Family\Documents\Lord Gunash.png
[2013/01/02 16:31:07 | 000,041,472 | ---- | M] () -- C:\Users\The Cross Family\Documents\Diving ad.sig
[2013/01/02 16:08:03 | 000,095,232 | ---- | M] () -- C:\Users\The Cross Family\Documents\scuba ad.bro
[2012/12/31 13:22:01 | 000,000,541 | ---- | M] () -- C:\Users\The Cross Family\Desktop\Happy Wheels.website
[2012/12/22 17:40:30 | 000,098,816 | ---- | M] () -- C:\Users\The Cross Family\Documents\Hot Buttered Rum Batter Label.sig
[2012/12/22 13:52:18 | 002,055,680 | ---- | M] (craften.de) -- C:\Users\The Cross Family\Desktop\Minecraft Version Changer.exe
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/01/19 20:34:58 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/17 23:04:23 | 000,000,022 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-17_230419.ZIP
[2013/01/16 13:30:37 | 002,824,864 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-16_133034.ZIP
[2013/01/15 21:53:38 | 002,824,864 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-15_215335.ZIP
[2013/01/15 20:42:44 | 002,824,842 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-15_204241.ZIP
[2013/01/14 14:24:36 | 002,824,842 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-14_142433.ZIP
[2013/01/14 12:21:11 | 002,824,842 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-14_122107.ZIP
[2013/01/14 11:55:47 | 002,824,841 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-14_115543.ZIP
[2013/01/12 19:10:49 | 002,825,726 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-12_191045.ZIP
[2013/01/11 07:08:38 | 002,822,856 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-11_070834.ZIP
[2013/01/11 06:50:09 | 002,822,350 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-01-11_065006.ZIP
[2013/01/05 11:42:33 | 000,002,693 | ---- | C] () -- C:\Users\Public\Desktop\Blvd 2013.lnk
[2013/01/05 11:09:46 | 000,000,192 | ---- | C] () -- C:\Users\The Cross Family\Documents\BLVD.ldb
[2013/01/05 10:48:10 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
[2013/01/05 10:48:09 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
[2013/01/04 21:35:06 | 000,014,401 | ---- | C] () -- C:\Users\The Cross Family\Documents\Whale Ad.wlmp
[2013/01/04 21:09:05 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013/01/04 21:08:01 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013/01/04 09:13:52 | 000,000,447 | ---- | C] () -- C:\Users\The Cross Family\Lord Gunash.png
[2013/01/04 09:11:20 | 000,000,447 | ---- | C] () -- C:\Users\The Cross Family\Documents\Lord Gunash.png
[2013/01/02 16:31:06 | 000,041,472 | ---- | C] () -- C:\Users\The Cross Family\Documents\Diving ad.sig
[2013/01/02 16:08:02 | 000,095,232 | ---- | C] () -- C:\Users\The Cross Family\Documents\scuba ad.bro
[2012/12/22 13:37:51 | 000,098,816 | ---- | C] () -- C:\Users\The Cross Family\Documents\Hot Buttered Rum Batter Label.sig
[2012/12/09 07:35:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\06811000sm.pad
[2012/10/23 19:24:29 | 000,000,422 | ---- | C] () -- C:\Users\The Cross Family\Farmer
[2012/06/07 13:30:34 | 000,000,506 | ---- | C] () -- C:\Users\The Cross Family\Army Bowman
[2012/06/07 13:20:56 | 000,000,310 | ---- | C] () -- C:\Users\The Cross Family\Miner
[2012/06/07 13:12:42 | 000,000,286 | ---- | C] () -- C:\Users\The Cross Family\Herobrine
[2012/06/07 12:36:35 | 000,000,258 | ---- | C] () -- C:\Users\The Cross Family\Miner (Deprived of Diamonds)
[2012/06/07 12:31:21 | 000,000,354 | ---- | C] () -- C:\Users\The Cross Family\Jungle Explorer
[2012/05/05 17:05:04 | 000,000,292 | ---- | C] () -- C:\Users\The Cross Family\Sniper II
[2012/05/04 15:18:05 | 000,000,435 | ---- | C] () -- C:\Users\The Cross Family\Ghost
[2012/05/04 15:14:51 | 000,000,310 | ---- | C] () -- C:\Users\The Cross Family\Spy
[2012/05/04 15:08:45 | 000,000,328 | ---- | C] () -- C:\Users\The Cross Family\Assasin
[2012/05/03 18:40:11 | 000,000,189 | ---- | C] () -- C:\Users\The Cross Family\Ninja
[2012/05/03 18:34:41 | 000,000,304 | ---- | C] () -- C:\Users\The Cross Family\U.S. Spy
[2012/05/03 18:23:02 | 000,000,369 | ---- | C] () -- C:\Users\The Cross Family\Archer
[2012/05/03 17:56:24 | 000,000,355 | ---- | C] () -- C:\Users\The Cross Family\Drew Skin
[2012/05/03 17:41:21 | 000,000,264 | ---- | C] () -- C:\Users\The Cross Family\Sniper
[2012/05/03 15:17:23 | 000,000,305 | ---- | C] () -- C:\Users\The Cross Family\my_skin.png
[2012/02/04 20:50:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 05:20:21 | 000,221,807 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/02 05:20:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/02/01 20:52:51 | 000,221,556 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/02/01 20:10:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/01/24 16:33:20 | 002,902,379 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
[2012/01/23 17:42:33 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
[2012/01/22 21:51:57 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
[2012/01/21 15:27:20 | 002,899,672 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
[2012/01/20 15:14:55 | 002,888,191 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
[2012/01/20 09:08:07 | 002,888,193 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
[2012/01/18 09:52:09 | 002,862,537 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
[2012/01/16 00:49:47 | 002,850,107 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
[2012/01/15 16:10:51 | 002,842,675 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
[2012/01/15 13:19:26 | 002,842,674 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb
========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ========== ========== Base Services ==========SRV:
64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:
64bit: - [2010/11/20 07:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:
64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:
64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:
64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:
64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:
64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:
64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:
64bit: - [2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:
64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:
64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:
64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:
64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:
64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:
64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:
64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:
64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:
64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:
64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:
64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:
64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:
64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:
64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:
64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:
64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:
64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:
64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:
64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:
64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:
64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:
64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:
64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:
64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:
64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:
64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:
64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:
64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:
64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:
64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:
64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:
64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:
64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:
64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:
64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:
64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:
64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:
64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:
64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:
64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:
64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SERVICES >[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2012/01/07 19:51:11 | 000,017,486 | ---- | M] () MD5=EB684BFAA25E3CF14FD4A863120BDC53 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
< MD5 for: SERVICES.CFG >[2012/07/27 14:51:52 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2012/07/27 14:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 14:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2010/10/25 14:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000050\10.0.0\services.cfg
< MD5 for: SERVICES.EXE >[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.HEARSTMAGS[1].XML >[2012/09/05 20:58:49 | 000,000,114 | ---- | M] () MD5=D679CAEA734296E2960D6DC1BB34E2B5 -- C:\Users\The Cross Family\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\U9OQIDO4\services.hearstmags[1].xml
< MD5 for: SERVICES.LNK >[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.LOG >[2012/02/01 20:59:01 | 000,059,505 | ---- | M] () MD5=65882ED8B7F90091CED4961A43791C56 -- C:\ProgramData\HP\Installer\Temp\services.log
[2012/02/01 20:59:01 | 000,059,505 | ---- | M] () MD5=65882ED8B7F90091CED4961A43791C56 -- C:\Users\All Users\HP\Installer\Temp\services.log
< MD5 for: SERVICES.MOCHIADS.COM.SOL >[2012/12/09 19:45:25 | 000,000,470 | ---- | M] () MD5=81FE00E615B5089B9C54AC2B08DCDE52 -- C:\Users\The Cross Family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RD58S2QY\mochiads.com\services.mochiads.com.sol
< MD5 for: SERVICES.MOF >[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SVCHOST.EXE >[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty
< End of report >
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 07:19:42
-----------------------------
07:19:42.819 OS Version: Windows x64 6.1.7601 Service Pack 1
07:19:42.819 Number of processors: 4 586 0x2502
07:19:42.819 ComputerName: BALTHAZAAR UserName:
07:19:45.461 Initialize success
07:22:44.023 AVAST engine defs: 13012000
07:27:18.956 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:27:18.966 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 11
07:27:18.986 Disk 0 MBR read successfully
07:27:18.986 Disk 0 MBR scan
07:27:19.026 Disk 0 Windows 7 default MBR code
07:27:19.036 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:27:19.076 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 206848
07:27:19.146 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12978 MB offset 1926941121
07:27:19.256 Disk 0 scanning C:\Windows\system32\drivers
07:27:37.434 Service scanning
07:28:10.887 Modules scanning
07:28:10.887 Disk 0 trace - called modules:
07:28:10.907 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
07:28:10.907 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c54060]
07:28:10.907 3 CLASSPNP.SYS[fffff880016a643f] -> nt!IofCallDriver -> [0xfffffa800491c0d0]
07:28:10.907 5 ACPI.sys[fffff88000f0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004949060]
07:28:11.828 AVAST engine scan C:\Windows
07:28:13.868 AVAST engine scan C:\Windows\system32
07:32:54.196 AVAST engine scan C:\Windows\system32\drivers
07:33:19.971 AVAST engine scan C:\Users\The Cross Family
07:37:23.499 Disk 0 MBR has been saved successfully to "C:\Users\The Cross Family\Desktop\MBR.dat"
07:37:23.541 The log file has been saved successfully to "C:\Users\The Cross Family\Desktop\aswMBR.txt"