Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected PUP.Dealply [Closed]


  • This topic is locked This topic is locked

#1
Conrad 678

Conrad 678

    Member

  • Member
  • PipPipPip
  • 103 posts
I have a bug: PUP.DEALPLY. I tried removing with Malwarebytes, both in regular and safe mode and it keeps regenerating. Please help me be rid of this.

Thanks!
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, Conrad 678 and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please note, that my answers could come with a slight delay, because they are checked by my teacher.

To start with I need to get some logs. Please, follow these steps:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here are the logs as requested. Thank you for your help in this matter.

OTL Extras logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0546580F-CAB2-48A8-BF60-E4C68DF92688}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{0689B1FF-683C-43E6-83BB-DD0F80DE11F3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA603FAC-03D3-4629-9740-F517BF778467}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B68C6B59-BC57-4C12-B480-601DFAA89ED0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA605F73-49C7-40C2-AA72-40B200A95DBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EFC8B490-2B58-42AD-9FF2-D61E6105E596}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CEFD97-A873-43F3-BB25-324CEE89DAB5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{14981194-FE1E-433A-899E-32AFE7BFE0A2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CF6F8A5-FA17-4BB9-81CA-DD9A01249187}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{1E71C1B5-8752-4101-BBE9-31CE23DF4212}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{22111A55-9C1B-4FC0-883E-2DE61E7A38D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{28F04990-405D-4D8A-B574-7D73C3897886}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{2BD03955-94CA-43FA-8125-6BADDAE26ED9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3439C8DC-776E-455F-8CD2-15A97406D4E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37A20445-D07B-4356-9A5A-F02B4A099A77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{396A89B4-1219-4E1C-A040-6FAEC6DFA5EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3FA1CD60-7AD2-443A-A679-10E90CCC67D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{42714734-C1A2-4352-A666-E14D0814586F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{42C89126-4EA8-4B4A-9945-A31CE52AF909}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4B1B62C0-211D-4E86-B024-7CE47A7F6B34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{53ACC000-3139-40CB-B3F4-AE67642B1D6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5B94837F-CB60-4B9C-B1F4-9C90AC3329C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{70A28F44-216A-4B68-99B4-C01DB7850483}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{74458AED-B228-43B1-8A2D-EAD1E2F59876}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7D0913EA-1D81-4C45-808D-E544032A90C6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7FDD0815-E96A-4893-B8E1-78DD887773C3}" = protocol=58 | dir=out | [email protected],-503 |
"{816D133D-BDB9-4553-9E9A-146E41A1B26F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85F104A7-B077-49E2-8EE4-C382C8165F42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{88DF9613-7A64-41A6-BF09-5E1AD2900F9F}" = protocol=58 | dir=in | app=system |
"{89D16E61-FF4D-4808-9DF5-26B84B4B4C33}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9776124F-808E-4993-BBEC-1D73E5F9F157}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{99688802-8D8C-4AAA-BD59-DB1A1554C91A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{99EC9384-4F2D-4AFF-80B1-505FC912FAF1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{A0EBADA1-3CD8-4A0D-82F6-650E90923AB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{A3DF69EF-D0AF-4F17-BCA6-7AFEEA3E0344}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9D60719-F426-48E9-B07F-594400D461FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AAF61B06-63EB-42C0-9D37-94FE4546677B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B95F9969-4FB4-41A8-ABD9-62E103E1CE99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BFA79688-FD2F-4ED9-B1FF-BD995FAB269A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C46FFFAE-5BE2-4B21-BB3E-B4A4EACCE646}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D07FFBA4-21A6-4D75-81FE-AED11ED603DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D413B71C-8358-4327-820D-CA2BFE43FC43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D4F37394-044B-462F-B5B1-73516260E0FA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D5080D0E-724A-4EAF-BDBF-F7F5E7174D00}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D7ECA04C-1099-43A1-AFCB-EAF43860EADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{D9D37369-D700-4736-A390-D5981C288F52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{DAE701D9-E467-4A4B-AC2F-EC3AF75CE17D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E63191E1-E450-4220-A0FA-AC13DF13D0AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{E9502437-3B3C-4B29-AAA1-37C69EA3F6F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB086C7C-0FC8-40DE-972B-C09BFFBACAB8}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{EE2DF59E-E49C-4B94-8924-5DECF8CD33BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FA1884E7-EB1A-4805-A247-E18FC57B91CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FDF2EBFE-CF46-46F3-BA4C-49502CBA39A3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{FE9DB5FF-200F-40CF-9EEC-0EB134D41291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"TCP Query User{1B6682DF-A740-4F5C-BDC6-4CE8B53233A6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D1C37A83-651E-417E-B634-02DF715BF214}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{9F85E94E-1850-4932-95D1-28546BFA8655}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{EDBE1024-D9C1-4215-A319-034AC2356B67}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1012___is1" = Garritan ARIA Player vAppVersion=v1.504
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ARIA Engine_is1" = ARIA Engine v1.5.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{574E78B1-E6B0-45A1-9BCE-E0906F572583}_is1" = RetroCopy version 0.960
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4C06D1-9C55-473D-8343-E6431B3159FA}" = Boulevard 2013
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Finale 2012" = Finale 2012
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"MSC" = McAfee Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 16.0" = RealPlayer
"StarCraft II" = StarCraft II
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WiseConvert_2.1 Toolbar" = WiseConvert 2.1 Toolbar
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2012 11:11:53 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210

Error - 9/22/2012 11:11:53 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210

Error - 9/22/2012 11:37:39 PM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1598 Start
Time: 01cd993c58931cf2 Termination Time: 65 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 9/23/2012 7:57:04 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/23/2012 10:25:54 AM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2a4 Start
Time: 01cd99858dd6f963 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 9/23/2012 7:31:26 PM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 7.0.50.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1598 Start Time:
01cd99e11037bec2 Termination Time: 133 Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Report
Id: c242d740-05d6-11e2-aa0e-7071bc1c99b3

Error - 9/24/2012 6:40:59 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/24/2012 7:29:56 AM | Computer Name = Balthazaar | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.6.195.0, time
stamp: 0x4face9fb Faulting module name: mfefwctl.dll, version: 15.1.0.518, time stamp:
0x4fc63ec0 Exception code: 0xc0000005 Fault offset: 0x000000000000f90e Faulting process
id: 0x70c Faulting application start time: 0x01cd9a40c770c101 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll Report Id: 29f4bc9a-063b-11e2-a636-7071bc1c99b3

Error - 9/24/2012 9:52:53 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/24/2012 10:25:38 PM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 6:51:08 AM | Computer Name = Balthazaar | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286).


< End of report >


OTL logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/20 10:24:17 | 000,501,328 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2013/06/20 10:24:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/10 02:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/11 22:58:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 07:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/13 09:53:36 | 000,030,248 | ---- | M] (Fintek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FintekCIR.sys -- (FintekCIR)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 00:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/17 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3208938

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\The Cross Family\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F9E2D3B-70C9-41D8-B9EF-71DF17886010}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{776228B8-FE0C-48BC-A99A-7D399A39B280}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{7F9E2D3B-70C9-41D8-B9EF-71DF17886010}: "URL" = http://www.google.co...1I7ADRA_enUS466
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/18 06:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/14 07:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/17 20:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]

[2013/07/15 14:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Cross Family\AppData\Roaming\Mozilla\Extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/20 09:36:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 2.1 Toolbar) - {ECCE0073-A837-45A2-95B9-600420505F7E} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PMWinSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/18 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/18 17:42:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/17 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 20:28:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Mozilla
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Mozilla
[2013/07/15 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Deployment
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Apps
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/06/30 10:37:24 | 000,000,000 | ---D | C] -- C:\vstplugins
[2013/06/20 10:26:06 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\RealNetworks
[2013/06/20 10:26:00 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Real
[2013/06/20 10:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/06/20 10:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/20 10:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/06/20 10:24:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/06/20 10:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/06/20 10:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/06/20 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Real
[2013/06/20 10:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/06/20 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:23 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/18 17:39:51 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/18 17:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 17:36:55 | 001,265,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 17:35:50 | 3012,907,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 06:02:58 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 06:02:58 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 06:02:58 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 05:58:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 20:29:08 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:56 | 002,840,498 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:30 | 002,840,015 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:37 | 002,839,692 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:50 | 002,834,908 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:02 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:23 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:40 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:54 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:59 | 001,019,378 | ---- | M] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:19 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:46 | 002,832,981 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/30 10:37:42 | 000,001,003 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/06/30 10:37:42 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/06/30 10:37:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/06/30 10:28:40 | 000,001,036 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2013/06/30 10:28:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2013/06/29 10:39:14 | 000,251,660 | ---- | M] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:39 | 000,247,960 | ---- | M] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/20 10:24:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/17 20:29:08 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:54 | 002,840,498 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:28 | 002,840,015 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:35 | 002,839,692 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:48 | 002,834,908 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:00 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:21 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:38 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:52 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:50 | 001,019,378 | ---- | C] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:15 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:44 | 002,832,981 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/29 07:44:04 | 000,251,660 | ---- | C] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:17 | 000,247,960 | ---- | C] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/07 13:01:27 | 000,001,089 | ---- | C] () -- C:\Program Files\StarCraft II.lnk
[2013/06/04 19:06:46 | 000,001,774 | ---- | C] () -- C:\Users\The Cross Family\balkrad asdfa.png
[2013/06/04 16:46:57 | 000,001,771 | ---- | C] () -- C:\Users\The Cross Family\omg epicskin.png
[2013/05/03 16:47:11 | 000,000,472 | -H-- | C] () -- C:\Users\The Cross Family\Ninja Fighter.png
[2013/04/16 17:24:15 | 000,000,334 | -H-- | C] () -- C:\Users\The Cross Family\Confusing PVP Skin.png
[2013/04/16 17:10:44 | 000,000,473 | -H-- | C] () -- C:\Users\The Cross Family\Lord Blarlarlar.png
[2013/03/16 18:42:51 | 000,000,509 | -H-- | C] () -- C:\Users\The Cross Family\Soldier.png
[2013/03/02 08:17:05 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/01/04 10:13:52 | 000,000,447 | -H-- | C] () -- C:\Users\The Cross Family\Lord Gunash.png
[2012/12/09 08:35:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\06811000sm.pad
[2012/10/23 20:24:29 | 000,000,422 | -H-- | C] () -- C:\Users\The Cross Family\Farmer
[2012/06/07 14:30:34 | 000,000,506 | -H-- | C] () -- C:\Users\The Cross Family\Army Bowman
[2012/06/07 14:20:56 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Miner
[2012/06/07 14:12:42 | 000,000,286 | -H-- | C] () -- C:\Users\The Cross Family\Herobrine
[2012/06/07 13:36:35 | 000,000,258 | -H-- | C] () -- C:\Users\The Cross Family\Miner (Deprived of Diamonds)
[2012/06/07 13:31:21 | 000,000,354 | -H-- | C] () -- C:\Users\The Cross Family\Jungle Explorer
[2012/05/05 18:05:04 | 000,000,292 | -H-- | C] () -- C:\Users\The Cross Family\Sniper II
[2012/05/04 16:18:05 | 000,000,435 | -H-- | C] () -- C:\Users\The Cross Family\Ghost
[2012/05/04 16:14:51 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Spy
[2012/05/04 16:08:45 | 000,000,328 | -H-- | C] () -- C:\Users\The Cross Family\Assasin
[2012/05/03 19:40:11 | 000,000,189 | -H-- | C] () -- C:\Users\The Cross Family\Ninja
[2012/05/03 19:34:41 | 000,000,304 | -H-- | C] () -- C:\Users\The Cross Family\U.S. Spy
[2012/05/03 19:23:02 | 000,000,369 | -H-- | C] () -- C:\Users\The Cross Family\Archer
[2012/05/03 18:56:24 | 000,000,355 | -H-- | C] () -- C:\Users\The Cross Family\Drew Skin
[2012/05/03 18:41:21 | 000,000,264 | -H-- | C] () -- C:\Users\The Cross Family\Sniper
[2012/05/03 16:17:23 | 000,000,305 | -H-- | C] () -- C:\Users\The Cross Family\my_skin.png
[2012/02/04 21:50:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 06:20:21 | 000,221,807 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/02 06:20:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/02/01 21:52:51 | 000,221,556 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/02/01 21:10:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/01/24 17:33:20 | 002,902,379 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
[2012/01/23 18:42:33 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
[2012/01/22 22:51:57 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
[2012/01/21 16:27:20 | 002,899,672 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
[2012/01/20 16:14:55 | 002,888,191 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
[2012/01/20 10:08:07 | 002,888,193 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
[2012/01/18 10:52:09 | 002,862,537 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
[2012/01/16 01:49:47 | 002,850,107 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
[2012/01/15 17:10:51 | 002,842,675 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
[2012/01/15 14:19:26 | 002,842,674 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/17 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\.minecraft
[2012/12/12 09:31:05 | 000,000,000 | -HSD | M] -- C:\Users\The Cross Family\AppData\Roaming\816ED2
[2012/12/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Awsoa
[2012/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Babylon
[2013/07/16 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Blvd
[2012/12/09 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Egorr
[2013/05/15 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Garritan
[2012/12/09 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Gaykho
[2013/05/15 20:01:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\MakeMusic
[2013/04/04 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Minecraft Version Changer
[2013/06/20 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[2013/05/15 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Plogue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty

< End of report >
  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Can you please post a fresh MBAM log? What objects are infected with PUP.DealPly?

Please, follow these steps:

Step 1. Uninstalling programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

  • WiseConvert 2.1 Toolbar

Step 2. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3208938
    O2 - BHO: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 2.1 Toolbar) - {ECCE0073-A837-45A2-95B9-600420505F7E} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
    [2013/06/20 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
    [2013/07/18 17:39:51 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2012/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Babylon
    [2012/12/12 09:31:05 | 000,000,000 | -HSD | M] -- C:\Users\The Cross Family\AppData\Roaming\816ED2
    [2012/12/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Awsoa
    [2012/12/09 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Gaykho
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

  • OTL log
  • AdwCleaner log
  • MBAM log

  • 0

#5
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I deleted the one program (but I had to run the ad program first before it would delete. I couldn't do it beforehand. I have two OTL logs, don't know which one to send, so I'm sending both. Let me know if you need anything else, or if I screwed something up. Thanks for your help.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
The Cross Family :: BALTHAZAAR [administrator]

7/19/2013 6:40:31 PM
MBAM-log-2013-07-19 (19-13-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273586
Time elapsed: 32 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\The Cross Family\AppData\Local\Temp\dp.exe (PUP.DealPly) -> No action taken.

(end)


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecce0073-a837-45a2-95b9-600420505f7e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecce0073-a837-45a2-95b9-600420505f7e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECCE0073-A837-45A2-95B9-600420505F7E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECCE0073-A837-45A2-95B9-600420505F7E}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT deleted successfully.
Folder C:\Users\The Cross Family\AppData\Roaming\OpenCandy\ not found.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job moved successfully.
Folder C:\Users\The Cross Family\AppData\Roaming\Babylon\ not found.
C:\Users\The Cross Family\AppData\Roaming\816ED2 folder moved successfully.
C:\Users\The Cross Family\AppData\Roaming\Awsoa folder moved successfully.
C:\Users\The Cross Family\AppData\Roaming\Gaykho folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 473633 bytes
->Temporary Internet Files folder emptied: 15220585 bytes
->Flash cache emptied: 3030 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: The Cross Family
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 965992729 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18760822 bytes
->Flash cache emptied: 107351 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 254310808 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 543916124 bytes

Total Files Cleaned = 1,716.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07192013_193246

Files\Folders moved on Reboot...
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVNRBLI1\331805-infected-pupdealply[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTGI7XDX\01[2].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS3PLNTS\disp[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS3PLNTS\st[8] moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDUS6EKL\us_my_yahoo_com[4].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO7WPG33\stCAWO41G2 moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIRU2PBT\csc-render[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIRU2PBT\ext-render-secure[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/20 10:24:17 | 000,501,328 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2013/06/20 10:24:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/10 02:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/11 22:58:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 07:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/13 09:53:36 | 000,030,248 | ---- | M] (Fintek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FintekCIR.sys -- (FintekCIR)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 00:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/17 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3208938

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\The Cross Family\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F9E2D3B-70C9-41D8-B9EF-71DF17886010}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{776228B8-FE0C-48BC-A99A-7D399A39B280}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{7F9E2D3B-70C9-41D8-B9EF-71DF17886010}: "URL" = http://www.google.co...1I7ADRA_enUS466
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/18 06:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/14 07:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/17 20:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]

[2013/07/15 14:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Cross Family\AppData\Roaming\Mozilla\Extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/20 09:36:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 2.1 Toolbar) - {ECCE0073-A837-45A2-95B9-600420505F7E} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PMWinSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/18 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/18 17:42:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/17 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 20:28:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Mozilla
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Mozilla
[2013/07/15 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Deployment
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Apps
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/06/30 10:37:24 | 000,000,000 | ---D | C] -- C:\vstplugins
[2013/06/20 10:26:06 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\RealNetworks
[2013/06/20 10:26:00 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Real
[2013/06/20 10:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/06/20 10:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/20 10:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/06/20 10:24:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/06/20 10:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/06/20 10:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/06/20 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Real
[2013/06/20 10:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/06/20 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:23 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/18 17:39:51 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/18 17:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 17:36:55 | 001,265,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 17:35:50 | 3012,907,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 06:02:58 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 06:02:58 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 06:02:58 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 05:58:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 20:29:08 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:56 | 002,840,498 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:30 | 002,840,015 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:37 | 002,839,692 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:50 | 002,834,908 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:02 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:23 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:40 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:54 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:59 | 001,019,378 | ---- | M] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:19 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:46 | 002,832,981 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/30 10:37:42 | 000,001,003 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/06/30 10:37:42 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/06/30 10:37:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/06/30 10:28:40 | 000,001,036 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2013/06/30 10:28:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2013/06/29 10:39:14 | 000,251,660 | ---- | M] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:39 | 000,247,960 | ---- | M] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/20 10:24:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/17 20:29:08 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:54 | 002,840,498 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:28 | 002,840,015 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:35 | 002,839,692 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:48 | 002,834,908 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:00 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:21 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:38 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:52 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:50 | 001,019,378 | ---- | C] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:15 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:44 | 002,832,981 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/29 07:44:04 | 000,251,660 | ---- | C] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:17 | 000,247,960 | ---- | C] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/07 13:01:27 | 000,001,089 | ---- | C] () -- C:\Program Files\StarCraft II.lnk
[2013/06/04 19:06:46 | 000,001,774 | ---- | C] () -- C:\Users\The Cross Family\balkrad asdfa.png
[2013/06/04 16:46:57 | 000,001,771 | ---- | C] () -- C:\Users\The Cross Family\omg epicskin.png
[2013/05/03 16:47:11 | 000,000,472 | -H-- | C] () -- C:\Users\The Cross Family\Ninja Fighter.png
[2013/04/16 17:24:15 | 000,000,334 | -H-- | C] () -- C:\Users\The Cross Family\Confusing PVP Skin.png
[2013/04/16 17:10:44 | 000,000,473 | -H-- | C] () -- C:\Users\The Cross Family\Lord Blarlarlar.png
[2013/03/16 18:42:51 | 000,000,509 | -H-- | C] () -- C:\Users\The Cross Family\Soldier.png
[2013/03/02 08:17:05 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/01/04 10:13:52 | 000,000,447 | -H-- | C] () -- C:\Users\The Cross Family\Lord Gunash.png
[2012/12/09 08:35:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\06811000sm.pad
[2012/10/23 20:24:29 | 000,000,422 | -H-- | C] () -- C:\Users\The Cross Family\Farmer
[2012/06/07 14:30:34 | 000,000,506 | -H-- | C] () -- C:\Users\The Cross Family\Army Bowman
[2012/06/07 14:20:56 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Miner
[2012/06/07 14:12:42 | 000,000,286 | -H-- | C] () -- C:\Users\The Cross Family\Herobrine
[2012/06/07 13:36:35 | 000,000,258 | -H-- | C] () -- C:\Users\The Cross Family\Miner (Deprived of Diamonds)
[2012/06/07 13:31:21 | 000,000,354 | -H-- | C] () -- C:\Users\The Cross Family\Jungle Explorer
[2012/05/05 18:05:04 | 000,000,292 | -H-- | C] () -- C:\Users\The Cross Family\Sniper II
[2012/05/04 16:18:05 | 000,000,435 | -H-- | C] () -- C:\Users\The Cross Family\Ghost
[2012/05/04 16:14:51 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Spy
[2012/05/04 16:08:45 | 000,000,328 | -H-- | C] () -- C:\Users\The Cross Family\Assasin
[2012/05/03 19:40:11 | 000,000,189 | -H-- | C] () -- C:\Users\The Cross Family\Ninja
[2012/05/03 19:34:41 | 000,000,304 | -H-- | C] () -- C:\Users\The Cross Family\U.S. Spy
[2012/05/03 19:23:02 | 000,000,369 | -H-- | C] () -- C:\Users\The Cross Family\Archer
[2012/05/03 18:56:24 | 000,000,355 | -H-- | C] () -- C:\Users\The Cross Family\Drew Skin
[2012/05/03 18:41:21 | 000,000,264 | -H-- | C] () -- C:\Users\The Cross Family\Sniper
[2012/05/03 16:17:23 | 000,000,305 | -H-- | C] () -- C:\Users\The Cross Family\my_skin.png
[2012/02/04 21:50:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 06:20:21 | 000,221,807 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/02 06:20:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/02/01 21:52:51 | 000,221,556 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/02/01 21:10:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/01/24 17:33:20 | 002,902,379 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
[2012/01/23 18:42:33 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
[2012/01/22 22:51:57 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
[2012/01/21 16:27:20 | 002,899,672 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
[2012/01/20 16:14:55 | 002,888,191 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
[2012/01/20 10:08:07 | 002,888,193 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
[2012/01/18 10:52:09 | 002,862,537 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
[2012/01/16 01:49:47 | 002,850,107 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
[2012/01/15 17:10:51 | 002,842,675 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
[2012/01/15 14:19:26 | 002,842,674 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/17 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\.minecraft
[2012/12/12 09:31:05 | 000,000,000 | -HSD | M] -- C:\Users\The Cross Family\AppData\Roaming\816ED2
[2012/12/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Awsoa
[2012/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Babylon
[2013/07/16 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Blvd
[2012/12/09 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Egorr
[2013/05/15 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Garritan
[2012/12/09 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Gaykho
[2013/05/15 20:01:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\MakeMusic
[2013/04/04 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Minecraft Version Changer
[2013/06/20 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[2013/05/15 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Plogue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty

< End of report >

OTL Extras logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0546580F-CAB2-48A8-BF60-E4C68DF92688}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{0689B1FF-683C-43E6-83BB-DD0F80DE11F3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA603FAC-03D3-4629-9740-F517BF778467}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B68C6B59-BC57-4C12-B480-601DFAA89ED0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA605F73-49C7-40C2-AA72-40B200A95DBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EFC8B490-2B58-42AD-9FF2-D61E6105E596}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CEFD97-A873-43F3-BB25-324CEE89DAB5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{14981194-FE1E-433A-899E-32AFE7BFE0A2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CF6F8A5-FA17-4BB9-81CA-DD9A01249187}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{1E71C1B5-8752-4101-BBE9-31CE23DF4212}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{22111A55-9C1B-4FC0-883E-2DE61E7A38D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{28F04990-405D-4D8A-B574-7D73C3897886}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{2BD03955-94CA-43FA-8125-6BADDAE26ED9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3439C8DC-776E-455F-8CD2-15A97406D4E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37A20445-D07B-4356-9A5A-F02B4A099A77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{396A89B4-1219-4E1C-A040-6FAEC6DFA5EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3FA1CD60-7AD2-443A-A679-10E90CCC67D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{42714734-C1A2-4352-A666-E14D0814586F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{42C89126-4EA8-4B4A-9945-A31CE52AF909}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4B1B62C0-211D-4E86-B024-7CE47A7F6B34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{53ACC000-3139-40CB-B3F4-AE67642B1D6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5B94837F-CB60-4B9C-B1F4-9C90AC3329C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{70A28F44-216A-4B68-99B4-C01DB7850483}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{74458AED-B228-43B1-8A2D-EAD1E2F59876}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7D0913EA-1D81-4C45-808D-E544032A90C6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7FDD0815-E96A-4893-B8E1-78DD887773C3}" = protocol=58 | dir=out | [email protected],-503 |
"{816D133D-BDB9-4553-9E9A-146E41A1B26F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85F104A7-B077-49E2-8EE4-C382C8165F42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{88DF9613-7A64-41A6-BF09-5E1AD2900F9F}" = protocol=58 | dir=in | app=system |
"{89D16E61-FF4D-4808-9DF5-26B84B4B4C33}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9776124F-808E-4993-BBEC-1D73E5F9F157}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{99688802-8D8C-4AAA-BD59-DB1A1554C91A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{99EC9384-4F2D-4AFF-80B1-505FC912FAF1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{A0EBADA1-3CD8-4A0D-82F6-650E90923AB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{A3DF69EF-D0AF-4F17-BCA6-7AFEEA3E0344}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9D60719-F426-48E9-B07F-594400D461FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AAF61B06-63EB-42C0-9D37-94FE4546677B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B95F9969-4FB4-41A8-ABD9-62E103E1CE99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BFA79688-FD2F-4ED9-B1FF-BD995FAB269A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C46FFFAE-5BE2-4B21-BB3E-B4A4EACCE646}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D07FFBA4-21A6-4D75-81FE-AED11ED603DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D413B71C-8358-4327-820D-CA2BFE43FC43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D4F37394-044B-462F-B5B1-73516260E0FA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D5080D0E-724A-4EAF-BDBF-F7F5E7174D00}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D7ECA04C-1099-43A1-AFCB-EAF43860EADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{D9D37369-D700-4736-A390-D5981C288F52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{DAE701D9-E467-4A4B-AC2F-EC3AF75CE17D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E63191E1-E450-4220-A0FA-AC13DF13D0AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{E9502437-3B3C-4B29-AAA1-37C69EA3F6F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB086C7C-0FC8-40DE-972B-C09BFFBACAB8}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{EE2DF59E-E49C-4B94-8924-5DECF8CD33BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FA1884E7-EB1A-4805-A247-E18FC57B91CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FDF2EBFE-CF46-46F3-BA4C-49502CBA39A3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{FE9DB5FF-200F-40CF-9EEC-0EB134D41291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"TCP Query User{1B6682DF-A740-4F5C-BDC6-4CE8B53233A6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D1C37A83-651E-417E-B634-02DF715BF214}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{9F85E94E-1850-4932-95D1-28546BFA8655}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{EDBE1024-D9C1-4215-A319-034AC2356B67}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1012___is1" = Garritan ARIA Player vAppVersion=v1.504
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ARIA Engine_is1" = ARIA Engine v1.5.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{574E78B1-E6B0-45A1-9BCE-E0906F572583}_is1" = RetroCopy version 0.960
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4C06D1-9C55-473D-8343-E6431B3159FA}" = Boulevard 2013
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Finale 2012" = Finale 2012
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"MSC" = McAfee Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 16.0" = RealPlayer
"StarCraft II" = StarCraft II
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WiseConvert_2.1 Toolbar" = WiseConvert 2.1 Toolbar
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2012 11:11:53 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210

Error - 9/22/2012 11:11:53 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210

Error - 9/22/2012 11:37:39 PM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1598 Start
Time: 01cd993c58931cf2 Termination Time: 65 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 9/23/2012 7:57:04 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/23/2012 10:25:54 AM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2a4 Start
Time: 01cd99858dd6f963 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 9/23/2012 7:31:26 PM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 7.0.50.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1598 Start Time:
01cd99e11037bec2 Termination Time: 133 Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Report
Id: c242d740-05d6-11e2-aa0e-7071bc1c99b3

Error - 9/24/2012 6:40:59 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/24/2012 7:29:56 AM | Computer Name = Balthazaar | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.6.195.0, time
stamp: 0x4face9fb Faulting module name: mfefwctl.dll, version: 15.1.0.518, time stamp:
0x4fc63ec0 Exception code: 0xc0000005 Fault offset: 0x000000000000f90e Faulting process
id: 0x70c Faulting application start time: 0x01cd9a40c770c101 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll Report Id: 29f4bc9a-063b-11e2-a636-7071bc1c99b3

Error - 9/24/2012 9:52:53 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/24/2012 10:25:38 PM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 6:51:08 AM | Computer Name = Balthazaar | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286).


< End of report >


OTL logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/20 10:24:17 | 000,501,328 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2013/06/20 10:24:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/10 02:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/11 22:58:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 07:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/13 09:53:36 | 000,030,248 | ---- | M] (Fintek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FintekCIR.sys -- (FintekCIR)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 00:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/17 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3208938

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\The Cross Family\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F9E2D3B-70C9-41D8-B9EF-71DF17886010}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{776228B8-FE0C-48BC-A99A-7D399A39B280}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{7F9E2D3B-70C9-41D8-B9EF-71DF17886010}: "URL" = http://www.google.co...1I7ADRA_enUS466
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/18 06:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/14 07:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/17 20:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]

[2013/07/15 14:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Cross Family\AppData\Roaming\Mozilla\Extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/20 09:36:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 2.1 Toolbar) - {ECCE0073-A837-45A2-95B9-600420505F7E} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PMWinSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/18 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/18 17:42:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/17 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 20:28:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Mozilla
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Mozilla
[2013/07/15 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Deployment
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Apps
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/06/30 10:37:24 | 000,000,000 | ---D | C] -- C:\vstplugins
[2013/06/20 10:26:06 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\RealNetworks
[2013/06/20 10:26:00 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Real
[2013/06/20 10:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/06/20 10:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/20 10:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/06/20 10:24:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/06/20 10:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/06/20 10:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/06/20 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Real
[2013/06/20 10:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/06/20 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:23 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/18 17:39:51 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/18 17:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 17:36:55 | 001,265,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 17:35:50 | 3012,907,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 06:02:58 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 06:02:58 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 06:02:58 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 05:58:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 20:29:08 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:56 | 002,840,498 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:30 | 002,840,015 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:37 | 002,839,692 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:50 | 002,834,908 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:02 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:23 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:40 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:54 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:59 | 001,019,378 | ---- | M] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:19 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:46 | 002,832,981 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/30 10:37:42 | 000,001,003 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/06/30 10:37:42 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/06/30 10:37:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/06/30 10:28:40 | 000,001,036 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2013/06/30 10:28:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2013/06/29 10:39:14 | 000,251,660 | ---- | M] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:39 | 000,247,960 | ---- | M] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/20 10:24:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/17 20:29:08 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:54 | 002,840,498 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:28 | 002,840,015 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:35 | 002,839,692 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:48 | 002,834,908 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:00 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:21 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:38 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:52 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:50 | 001,019,378 | ---- | C] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:15 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:44 | 002,832,981 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/29 07:44:04 | 000,251,660 | ---- | C] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:17 | 000,247,960 | ---- | C] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/07 13:01:27 | 000,001,089 | ---- | C] () -- C:\Program Files\StarCraft II.lnk
[2013/06/04 19:06:46 | 000,001,774 | ---- | C] () -- C:\Users\The Cross Family\balkrad asdfa.png
[2013/06/04 16:46:57 | 000,001,771 | ---- | C] () -- C:\Users\The Cross Family\omg epicskin.png
[2013/05/03 16:47:11 | 000,000,472 | -H-- | C] () -- C:\Users\The Cross Family\Ninja Fighter.png
[2013/04/16 17:24:15 | 000,000,334 | -H-- | C] () -- C:\Users\The Cross Family\Confusing PVP Skin.png
[2013/04/16 17:10:44 | 000,000,473 | -H-- | C] () -- C:\Users\The Cross Family\Lord Blarlarlar.png
[2013/03/16 18:42:51 | 000,000,509 | -H-- | C] () -- C:\Users\The Cross Family\Soldier.png
[2013/03/02 08:17:05 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/01/04 10:13:52 | 000,000,447 | -H-- | C] () -- C:\Users\The Cross Family\Lord Gunash.png
[2012/12/09 08:35:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\06811000sm.pad
[2012/10/23 20:24:29 | 000,000,422 | -H-- | C] () -- C:\Users\The Cross Family\Farmer
[2012/06/07 14:30:34 | 000,000,506 | -H-- | C] () -- C:\Users\The Cross Family\Army Bowman
[2012/06/07 14:20:56 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Miner
[2012/06/07 14:12:42 | 000,000,286 | -H-- | C] () -- C:\Users\The Cross Family\Herobrine
[2012/06/07 13:36:35 | 000,000,258 | -H-- | C] () -- C:\Users\The Cross Family\Miner (Deprived of Diamonds)
[2012/06/07 13:31:21 | 000,000,354 | -H-- | C] () -- C:\Users\The Cross Family\Jungle Explorer
[2012/05/05 18:05:04 | 000,000,292 | -H-- | C] () -- C:\Users\The Cross Family\Sniper II
[2012/05/04 16:18:05 | 000,000,435 | -H-- | C] () -- C:\Users\The Cross Family\Ghost
[2012/05/04 16:14:51 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Spy
[2012/05/04 16:08:45 | 000,000,328 | -H-- | C] () -- C:\Users\The Cross Family\Assasin
[2012/05/03 19:40:11 | 000,000,189 | -H-- | C] () -- C:\Users\The Cross Family\Ninja
[2012/05/03 19:34:41 | 000,000,304 | -H-- | C] () -- C:\Users\The Cross Family\U.S. Spy
[2012/05/03 19:23:02 | 000,000,369 | -H-- | C] () -- C:\Users\The Cross Family\Archer
[2012/05/03 18:56:24 | 000,000,355 | -H-- | C] () -- C:\Users\The Cross Family\Drew Skin
[2012/05/03 18:41:21 | 000,000,264 | -H-- | C] () -- C:\Users\The Cross Family\Sniper
[2012/05/03 16:17:23 | 000,000,305 | -H-- | C] () -- C:\Users\The Cross Family\my_skin.png
[2012/02/04 21:50:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 06:20:21 | 000,221,807 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/02 06:20:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/02/01 21:52:51 | 000,221,556 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/02/01 21:10:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/01/24 17:33:20 | 002,902,379 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
[2012/01/23 18:42:33 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
[2012/01/22 22:51:57 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
[2012/01/21 16:27:20 | 002,899,672 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
[2012/01/20 16:14:55 | 002,888,191 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
[2012/01/20 10:08:07 | 002,888,193 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
[2012/01/18 10:52:09 | 002,862,537 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
[2012/01/16 01:49:47 | 002,850,107 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
[2012/01/15 17:10:51 | 002,842,675 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
[2012/01/15 14:19:26 | 002,842,674 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/17 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\.minecraft
[2012/12/12 09:31:05 | 000,000,000 | -HSD | M] -- C:\Users\The Cross Family\AppData\Roaming\816ED2
[2012/12/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Awsoa
[2012/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Babylon
[2013/07/16 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Blvd
[2012/12/09 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Egorr
[2013/05/15 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Garritan
[2012/12/09 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Gaykho
[2013/05/15 20:01:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\MakeMusic
[2013/04/04 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Minecraft Version Changer
[2013/06/20 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[2013/05/15 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Plogue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty

< End of report >
  • 0

#6
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I deleted the one program (but I had to run the ad program first before it would delete. I couldn't do it beforehand. I have two OTL logs, don't know which one to send, so I'm sending both. Let me know if you need anything else, or if I screwed something up. Thanks for your help.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
The Cross Family :: BALTHAZAAR [administrator]

7/19/2013 6:40:31 PM
MBAM-log-2013-07-19 (19-13-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273586
Time elapsed: 32 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\The Cross Family\AppData\Local\Temp\dp.exe (PUP.DealPly) -> No action taken.

(end)


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecce0073-a837-45a2-95b9-600420505f7e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecce0073-a837-45a2-95b9-600420505f7e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecce0073-a837-45a2-95b9-600420505f7e}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECCE0073-A837-45A2-95B9-600420505F7E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECCE0073-A837-45A2-95B9-600420505F7E}\ not found.
File C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT deleted successfully.
Folder C:\Users\The Cross Family\AppData\Roaming\OpenCandy\ not found.
C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job moved successfully.
Folder C:\Users\The Cross Family\AppData\Roaming\Babylon\ not found.
C:\Users\The Cross Family\AppData\Roaming\816ED2 folder moved successfully.
C:\Users\The Cross Family\AppData\Roaming\Awsoa folder moved successfully.
C:\Users\The Cross Family\AppData\Roaming\Gaykho folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 473633 bytes
->Temporary Internet Files folder emptied: 15220585 bytes
->Flash cache emptied: 3030 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: The Cross Family
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 965992729 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18760822 bytes
->Flash cache emptied: 107351 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 254310808 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 543916124 bytes

Total Files Cleaned = 1,716.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07192013_193246

Files\Folders moved on Reboot...
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OVNRBLI1\331805-infected-pupdealply[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTGI7XDX\01[2].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS3PLNTS\disp[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS3PLNTS\st[8] moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDUS6EKL\us_my_yahoo_com[4].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EO7WPG33\stCAWO41G2 moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIRU2PBT\csc-render[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIRU2PBT\ext-render-secure[1].htm moved successfully.
C:\Users\The Cross Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/20 10:24:17 | 000,501,328 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2013/06/20 10:24:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/10 02:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/11 22:58:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 07:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/13 09:53:36 | 000,030,248 | ---- | M] (Fintek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FintekCIR.sys -- (FintekCIR)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 00:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/17 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3208938

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\The Cross Family\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F9E2D3B-70C9-41D8-B9EF-71DF17886010}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{776228B8-FE0C-48BC-A99A-7D399A39B280}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{7F9E2D3B-70C9-41D8-B9EF-71DF17886010}: "URL" = http://www.google.co...1I7ADRA_enUS466
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/18 06:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/14 07:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/17 20:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]

[2013/07/15 14:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Cross Family\AppData\Roaming\Mozilla\Extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/20 09:36:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 2.1 Toolbar) - {ECCE0073-A837-45A2-95B9-600420505F7E} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PMWinSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/18 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/18 17:42:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/17 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 20:28:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Mozilla
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Mozilla
[2013/07/15 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Deployment
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Apps
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/06/30 10:37:24 | 000,000,000 | ---D | C] -- C:\vstplugins
[2013/06/20 10:26:06 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\RealNetworks
[2013/06/20 10:26:00 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Real
[2013/06/20 10:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/06/20 10:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/20 10:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/06/20 10:24:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/06/20 10:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/06/20 10:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/06/20 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Real
[2013/06/20 10:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/06/20 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:23 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/18 17:39:51 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/18 17:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 17:36:55 | 001,265,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 17:35:50 | 3012,907,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 06:02:58 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 06:02:58 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 06:02:58 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 05:58:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 20:29:08 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:56 | 002,840,498 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:30 | 002,840,015 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:37 | 002,839,692 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:50 | 002,834,908 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:02 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:23 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:40 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:54 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:59 | 001,019,378 | ---- | M] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:19 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:46 | 002,832,981 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/30 10:37:42 | 000,001,003 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/06/30 10:37:42 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/06/30 10:37:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/06/30 10:28:40 | 000,001,036 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2013/06/30 10:28:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2013/06/29 10:39:14 | 000,251,660 | ---- | M] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:39 | 000,247,960 | ---- | M] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/20 10:24:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/17 20:29:08 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:54 | 002,840,498 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:28 | 002,840,015 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:35 | 002,839,692 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:48 | 002,834,908 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:00 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:21 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:38 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:52 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:50 | 001,019,378 | ---- | C] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:15 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:44 | 002,832,981 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/29 07:44:04 | 000,251,660 | ---- | C] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:17 | 000,247,960 | ---- | C] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/07 13:01:27 | 000,001,089 | ---- | C] () -- C:\Program Files\StarCraft II.lnk
[2013/06/04 19:06:46 | 000,001,774 | ---- | C] () -- C:\Users\The Cross Family\balkrad asdfa.png
[2013/06/04 16:46:57 | 000,001,771 | ---- | C] () -- C:\Users\The Cross Family\omg epicskin.png
[2013/05/03 16:47:11 | 000,000,472 | -H-- | C] () -- C:\Users\The Cross Family\Ninja Fighter.png
[2013/04/16 17:24:15 | 000,000,334 | -H-- | C] () -- C:\Users\The Cross Family\Confusing PVP Skin.png
[2013/04/16 17:10:44 | 000,000,473 | -H-- | C] () -- C:\Users\The Cross Family\Lord Blarlarlar.png
[2013/03/16 18:42:51 | 000,000,509 | -H-- | C] () -- C:\Users\The Cross Family\Soldier.png
[2013/03/02 08:17:05 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/01/04 10:13:52 | 000,000,447 | -H-- | C] () -- C:\Users\The Cross Family\Lord Gunash.png
[2012/12/09 08:35:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\06811000sm.pad
[2012/10/23 20:24:29 | 000,000,422 | -H-- | C] () -- C:\Users\The Cross Family\Farmer
[2012/06/07 14:30:34 | 000,000,506 | -H-- | C] () -- C:\Users\The Cross Family\Army Bowman
[2012/06/07 14:20:56 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Miner
[2012/06/07 14:12:42 | 000,000,286 | -H-- | C] () -- C:\Users\The Cross Family\Herobrine
[2012/06/07 13:36:35 | 000,000,258 | -H-- | C] () -- C:\Users\The Cross Family\Miner (Deprived of Diamonds)
[2012/06/07 13:31:21 | 000,000,354 | -H-- | C] () -- C:\Users\The Cross Family\Jungle Explorer
[2012/05/05 18:05:04 | 000,000,292 | -H-- | C] () -- C:\Users\The Cross Family\Sniper II
[2012/05/04 16:18:05 | 000,000,435 | -H-- | C] () -- C:\Users\The Cross Family\Ghost
[2012/05/04 16:14:51 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Spy
[2012/05/04 16:08:45 | 000,000,328 | -H-- | C] () -- C:\Users\The Cross Family\Assasin
[2012/05/03 19:40:11 | 000,000,189 | -H-- | C] () -- C:\Users\The Cross Family\Ninja
[2012/05/03 19:34:41 | 000,000,304 | -H-- | C] () -- C:\Users\The Cross Family\U.S. Spy
[2012/05/03 19:23:02 | 000,000,369 | -H-- | C] () -- C:\Users\The Cross Family\Archer
[2012/05/03 18:56:24 | 000,000,355 | -H-- | C] () -- C:\Users\The Cross Family\Drew Skin
[2012/05/03 18:41:21 | 000,000,264 | -H-- | C] () -- C:\Users\The Cross Family\Sniper
[2012/05/03 16:17:23 | 000,000,305 | -H-- | C] () -- C:\Users\The Cross Family\my_skin.png
[2012/02/04 21:50:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 06:20:21 | 000,221,807 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/02 06:20:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/02/01 21:52:51 | 000,221,556 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/02/01 21:10:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/01/24 17:33:20 | 002,902,379 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
[2012/01/23 18:42:33 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
[2012/01/22 22:51:57 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
[2012/01/21 16:27:20 | 002,899,672 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
[2012/01/20 16:14:55 | 002,888,191 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
[2012/01/20 10:08:07 | 002,888,193 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
[2012/01/18 10:52:09 | 002,862,537 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
[2012/01/16 01:49:47 | 002,850,107 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
[2012/01/15 17:10:51 | 002,842,675 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
[2012/01/15 14:19:26 | 002,842,674 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/17 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\.minecraft
[2012/12/12 09:31:05 | 000,000,000 | -HSD | M] -- C:\Users\The Cross Family\AppData\Roaming\816ED2
[2012/12/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Awsoa
[2012/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Babylon
[2013/07/16 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Blvd
[2012/12/09 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Egorr
[2013/05/15 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Garritan
[2012/12/09 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Gaykho
[2013/05/15 20:01:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\MakeMusic
[2013/04/04 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Minecraft Version Changer
[2013/06/20 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[2013/05/15 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Plogue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty

< End of report >

OTL Extras logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0546580F-CAB2-48A8-BF60-E4C68DF92688}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{0689B1FF-683C-43E6-83BB-DD0F80DE11F3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA603FAC-03D3-4629-9740-F517BF778467}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B68C6B59-BC57-4C12-B480-601DFAA89ED0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA605F73-49C7-40C2-AA72-40B200A95DBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EFC8B490-2B58-42AD-9FF2-D61E6105E596}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CEFD97-A873-43F3-BB25-324CEE89DAB5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{14981194-FE1E-433A-899E-32AFE7BFE0A2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1CF6F8A5-FA17-4BB9-81CA-DD9A01249187}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{1E71C1B5-8752-4101-BBE9-31CE23DF4212}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{22111A55-9C1B-4FC0-883E-2DE61E7A38D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{28F04990-405D-4D8A-B574-7D73C3897886}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{2BD03955-94CA-43FA-8125-6BADDAE26ED9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3439C8DC-776E-455F-8CD2-15A97406D4E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37A20445-D07B-4356-9A5A-F02B4A099A77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{396A89B4-1219-4E1C-A040-6FAEC6DFA5EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3FA1CD60-7AD2-443A-A679-10E90CCC67D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{42714734-C1A2-4352-A666-E14D0814586F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{42C89126-4EA8-4B4A-9945-A31CE52AF909}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4B1B62C0-211D-4E86-B024-7CE47A7F6B34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{53ACC000-3139-40CB-B3F4-AE67642B1D6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{5B94837F-CB60-4B9C-B1F4-9C90AC3329C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{70A28F44-216A-4B68-99B4-C01DB7850483}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{74458AED-B228-43B1-8A2D-EAD1E2F59876}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7D0913EA-1D81-4C45-808D-E544032A90C6}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7FDD0815-E96A-4893-B8E1-78DD887773C3}" = protocol=58 | dir=out | [email protected],-503 |
"{816D133D-BDB9-4553-9E9A-146E41A1B26F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85F104A7-B077-49E2-8EE4-C382C8165F42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{88DF9613-7A64-41A6-BF09-5E1AD2900F9F}" = protocol=58 | dir=in | app=system |
"{89D16E61-FF4D-4808-9DF5-26B84B4B4C33}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9776124F-808E-4993-BBEC-1D73E5F9F157}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{99688802-8D8C-4AAA-BD59-DB1A1554C91A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{99EC9384-4F2D-4AFF-80B1-505FC912FAF1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{A0EBADA1-3CD8-4A0D-82F6-650E90923AB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{A3DF69EF-D0AF-4F17-BCA6-7AFEEA3E0344}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9D60719-F426-48E9-B07F-594400D461FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AAF61B06-63EB-42C0-9D37-94FE4546677B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B95F9969-4FB4-41A8-ABD9-62E103E1CE99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BFA79688-FD2F-4ED9-B1FF-BD995FAB269A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C46FFFAE-5BE2-4B21-BB3E-B4A4EACCE646}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{D07FFBA4-21A6-4D75-81FE-AED11ED603DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{D413B71C-8358-4327-820D-CA2BFE43FC43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D4F37394-044B-462F-B5B1-73516260E0FA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D5080D0E-724A-4EAF-BDBF-F7F5E7174D00}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D7ECA04C-1099-43A1-AFCB-EAF43860EADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{D9D37369-D700-4736-A390-D5981C288F52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{DAE701D9-E467-4A4B-AC2F-EC3AF75CE17D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E63191E1-E450-4220-A0FA-AC13DF13D0AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{E9502437-3B3C-4B29-AAA1-37C69EA3F6F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB086C7C-0FC8-40DE-972B-C09BFFBACAB8}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{EE2DF59E-E49C-4B94-8924-5DECF8CD33BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FA1884E7-EB1A-4805-A247-E18FC57B91CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FDF2EBFE-CF46-46F3-BA4C-49502CBA39A3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{FE9DB5FF-200F-40CF-9EEC-0EB134D41291}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"TCP Query User{1B6682DF-A740-4F5C-BDC6-4CE8B53233A6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D1C37A83-651E-417E-B634-02DF715BF214}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{9F85E94E-1850-4932-95D1-28546BFA8655}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{EDBE1024-D9C1-4215-A319-034AC2356B67}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1012___is1" = Garritan ARIA Player vAppVersion=v1.504
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"ARIA Engine_is1" = ARIA Engine v1.5.0.4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{574E78B1-E6B0-45A1-9BCE-E0906F572583}_is1" = RetroCopy version 0.960
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4C06D1-9C55-473D-8343-E6431B3159FA}" = Boulevard 2013
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Finale 2012" = Finale 2012
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"MSC" = McAfee Internet Security
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 16.0" = RealPlayer
"StarCraft II" = StarCraft II
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
"WiseConvert_2.1 Toolbar" = WiseConvert 2.1 Toolbar
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2012 11:11:53 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210

Error - 9/22/2012 11:11:53 PM | Computer Name = Balthazaar | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210

Error - 9/22/2012 11:37:39 PM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1598 Start
Time: 01cd993c58931cf2 Termination Time: 65 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 9/23/2012 7:57:04 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/23/2012 10:25:54 AM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2a4 Start
Time: 01cd99858dd6f963 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 9/23/2012 7:31:26 PM | Computer Name = Balthazaar | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 7.0.50.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1598 Start Time:
01cd99e11037bec2 Termination Time: 133 Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe

Report
Id: c242d740-05d6-11e2-aa0e-7071bc1c99b3

Error - 9/24/2012 6:40:59 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/24/2012 7:29:56 AM | Computer Name = Balthazaar | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 2.6.195.0, time
stamp: 0x4face9fb Faulting module name: mfefwctl.dll, version: 15.1.0.518, time stamp:
0x4fc63ec0 Exception code: 0xc0000005 Fault offset: 0x000000000000f90e Faulting process
id: 0x70c Faulting application start time: 0x01cd9a40c770c101 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll Report Id: 29f4bc9a-063b-11e2-a636-7071bc1c99b3

Error - 9/24/2012 9:52:53 AM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

Error - 9/24/2012 10:25:38 PM | Computer Name = Balthazaar | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:47 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 5:51:48 AM | Computer Name = Balthazaar | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/18/2013 6:51:08 AM | Computer Name = Balthazaar | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286).


< End of report >


OTL logfile created on: 7/18/2013 5:43:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.72% Memory free
7.48 Gb Paging File | 5.20 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.71 Gb Free Space | 14.03% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/20 10:24:17 | 000,501,328 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2013/06/20 10:24:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/10 02:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/11 22:58:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 07:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/13 09:53:36 | 000,030,248 | ---- | M] (Fintek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FintekCIR.sys -- (FintekCIR)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 00:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/17 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3208938

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\The Cross Family\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F9E2D3B-70C9-41D8-B9EF-71DF17886010}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{776228B8-FE0C-48BC-A99A-7D399A39B280}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{7F9E2D3B-70C9-41D8-B9EF-71DF17886010}: "URL" = http://www.google.co...1I7ADRA_enUS466
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/18 06:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/14 07:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/17 20:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]

[2013/07/15 14:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Cross Family\AppData\Roaming\Mozilla\Extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/20 09:36:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WiseConvert 2.1 Toolbar) - {ecce0073-a837-45a2-95b9-600420505f7e} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert 2.1 Toolbar) - {ECCE0073-A837-45A2-95B9-600420505F7E} - C:\Program Files (x86)\WiseConvert_2.1\prxtbWise.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PMWinSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/18 17:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/18 17:42:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/17 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 20:28:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Mozilla
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Mozilla
[2013/07/15 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Deployment
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Apps
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/06/30 10:37:24 | 000,000,000 | ---D | C] -- C:\vstplugins
[2013/06/20 10:26:06 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\RealNetworks
[2013/06/20 10:26:00 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Real
[2013/06/20 10:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/06/20 10:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/06/20 10:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/06/20 10:24:16 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/06/20 10:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/06/20 10:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/06/20 10:23:08 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Real
[2013/06/20 10:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/06/20 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:35 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 17:44:23 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/18 17:39:51 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/18 17:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 17:36:55 | 001,265,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 17:35:50 | 3012,907,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 06:02:58 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 06:02:58 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 06:02:58 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 05:58:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 20:29:08 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:56 | 002,840,498 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:30 | 002,840,015 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:37 | 002,839,692 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:50 | 002,834,908 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:02 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:23 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:40 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:54 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:59 | 001,019,378 | ---- | M] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:19 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:46 | 002,832,981 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/30 10:37:42 | 000,001,003 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/06/30 10:37:42 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/06/30 10:37:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/06/30 10:28:40 | 000,001,036 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2013/06/30 10:28:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2013/06/29 10:39:14 | 000,251,660 | ---- | M] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:39 | 000,247,960 | ---- | M] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/20 10:24:16 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/17 20:29:08 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:54 | 002,840,498 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:28 | 002,840,015 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:35 | 002,839,692 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:48 | 002,834,908 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:00 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:21 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:38 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:52 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:50 | 001,019,378 | ---- | C] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:15 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/07/05 07:44:44 | 002,832,981 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-05_074440.ZIP
[2013/06/29 07:44:04 | 000,251,660 | ---- | C] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:17 | 000,247,960 | ---- | C] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/07 13:01:27 | 000,001,089 | ---- | C] () -- C:\Program Files\StarCraft II.lnk
[2013/06/04 19:06:46 | 000,001,774 | ---- | C] () -- C:\Users\The Cross Family\balkrad asdfa.png
[2013/06/04 16:46:57 | 000,001,771 | ---- | C] () -- C:\Users\The Cross Family\omg epicskin.png
[2013/05/03 16:47:11 | 000,000,472 | -H-- | C] () -- C:\Users\The Cross Family\Ninja Fighter.png
[2013/04/16 17:24:15 | 000,000,334 | -H-- | C] () -- C:\Users\The Cross Family\Confusing PVP Skin.png
[2013/04/16 17:10:44 | 000,000,473 | -H-- | C] () -- C:\Users\The Cross Family\Lord Blarlarlar.png
[2013/03/16 18:42:51 | 000,000,509 | -H-- | C] () -- C:\Users\The Cross Family\Soldier.png
[2013/03/02 08:17:05 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/01/04 10:13:52 | 000,000,447 | -H-- | C] () -- C:\Users\The Cross Family\Lord Gunash.png
[2012/12/09 08:35:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\06811000sm.pad
[2012/10/23 20:24:29 | 000,000,422 | -H-- | C] () -- C:\Users\The Cross Family\Farmer
[2012/06/07 14:30:34 | 000,000,506 | -H-- | C] () -- C:\Users\The Cross Family\Army Bowman
[2012/06/07 14:20:56 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Miner
[2012/06/07 14:12:42 | 000,000,286 | -H-- | C] () -- C:\Users\The Cross Family\Herobrine
[2012/06/07 13:36:35 | 000,000,258 | -H-- | C] () -- C:\Users\The Cross Family\Miner (Deprived of Diamonds)
[2012/06/07 13:31:21 | 000,000,354 | -H-- | C] () -- C:\Users\The Cross Family\Jungle Explorer
[2012/05/05 18:05:04 | 000,000,292 | -H-- | C] () -- C:\Users\The Cross Family\Sniper II
[2012/05/04 16:18:05 | 000,000,435 | -H-- | C] () -- C:\Users\The Cross Family\Ghost
[2012/05/04 16:14:51 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Spy
[2012/05/04 16:08:45 | 000,000,328 | -H-- | C] () -- C:\Users\The Cross Family\Assasin
[2012/05/03 19:40:11 | 000,000,189 | -H-- | C] () -- C:\Users\The Cross Family\Ninja
[2012/05/03 19:34:41 | 000,000,304 | -H-- | C] () -- C:\Users\The Cross Family\U.S. Spy
[2012/05/03 19:23:02 | 000,000,369 | -H-- | C] () -- C:\Users\The Cross Family\Archer
[2012/05/03 18:56:24 | 000,000,355 | -H-- | C] () -- C:\Users\The Cross Family\Drew Skin
[2012/05/03 18:41:21 | 000,000,264 | -H-- | C] () -- C:\Users\The Cross Family\Sniper
[2012/05/03 16:17:23 | 000,000,305 | -H-- | C] () -- C:\Users\The Cross Family\my_skin.png
[2012/02/04 21:50:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 06:20:21 | 000,221,807 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/02 06:20:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/02/01 21:52:51 | 000,221,556 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/02/01 21:10:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/01/24 17:33:20 | 002,902,379 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
[2012/01/23 18:42:33 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
[2012/01/22 22:51:57 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
[2012/01/21 16:27:20 | 002,899,672 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
[2012/01/20 16:14:55 | 002,888,191 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
[2012/01/20 10:08:07 | 002,888,193 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
[2012/01/18 10:52:09 | 002,862,537 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
[2012/01/16 01:49:47 | 002,850,107 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
[2012/01/15 17:10:51 | 002,842,675 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
[2012/01/15 14:19:26 | 002,842,674 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/17 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\.minecraft
[2012/12/12 09:31:05 | 000,000,000 | -HSD | M] -- C:\Users\The Cross Family\AppData\Roaming\816ED2
[2012/12/09 08:34:53 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Awsoa
[2012/04/18 17:52:48 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Babylon
[2013/07/16 16:54:51 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Blvd
[2012/12/09 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Egorr
[2013/05/15 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Garritan
[2012/12/09 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Gaykho
[2013/05/15 20:01:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\MakeMusic
[2013/04/04 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Minecraft Version Changer
[2013/06/20 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\OpenCandy
[2013/05/15 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Plogue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty

< End of report >
  • 0

#7
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
How your computer is running now?

Can you please post AdwCleaner log? You can find it in the root of your C drive.
  • 0

#8
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here is the log; I was wondering where it went. Actually, the infected computer is my wife's computer and she is out of town this weekend. No one has really been on it since we discovered the bug. Once again, thanks for all your help. I wish I knew more about computers.

# AdwCleaner v2.306 - Logfile created 07/19/2013 at 19:20:20
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : The Cross Family - BALTHAZAAR
# Boot Mode : Normal
# Running from : C:\Users\The Cross Family\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Users\THECRO~1\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\WiseConvert_2.1
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\The Cross Family\AppData\Local\Babylon
Folder Deleted : C:\Users\The Cross Family\AppData\Local\Conduit
Folder Deleted : C:\Users\The Cross Family\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\The Cross Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\The Cross Family\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\The Cross Family\AppData\LocalLow\WiseConvert_2.1
Folder Deleted : C:\Users\The Cross Family\AppData\Roaming\Babylon
Folder Deleted : C:\Users\The Cross Family\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\THECRO~1\AppData\Local\Temp\[email protected]
Folder Deleted : C:\Users\THECRO~1\AppData\Local\Temp\BabylonToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WiseConvert_2.1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ECCE0073-A837-45A2-95B9-600420505F7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ECCE0073-A837-45A2-95B9-600420505F7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3208938
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E50B7E38-622C-4B2D-9C27-8EA71952741A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\WiseConvert_2.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E50B7E38-622C-4B2D-9C27-8EA71952741A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ECCE0073-A837-45A2-95B9-600420505F7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBE75BE7-AFE5-4A5B-9B28-9B6A2C90FF99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAC8C993-7152-4B9A-989F-2D1E89F6B6DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECCE0073-A837-45A2-95B9-600420505F7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert_2.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ECCE0073-A837-45A2-95B9-600420505F7E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ECCE0073-A837-45A2-95B9-600420505F7E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{ECCE0073-A837-45A2-95B9-600420505F7E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

*************************

AdwCleaner[S1].txt - [9521 octets] - [19/07/2013 19:20:20]

########## EOF - C:\AdwCleaner[S1].txt - [9581 octets] ##########
  • 0

#9
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

Actually, the infected computer is my wife's computer and she is out of town this weekend.


Okay, when she will be back, please inform me, how her computer is running.

OTL logfile created on: 7/18/2013 5:43:17 PM - Run 1


Seems that you posted old OTL log. When you will have an access to infected computer, can you please run OTL Quick Scan and post a fresh OTL log?
  • 0

#10
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here is the latest log.

OTL logfile created on: 7/20/2013 4:05:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Cross Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.46% Memory free
7.48 Gb Paging File | 5.83 Gb Available in Paging File | 77.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 13.02 Gb Free Space | 13.33% Space Free | Partition Type: NTFS
Drive D: | 12.67 Gb Total Space | 7.97 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive H: | 7.60 Gb Total Space | 7.30 Gb Free Space | 95.97% Space Free | Partition Type: FAT32

Computer Name: BALTHAZAAR | User Name: The Cross Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/20 10:24:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/10 02:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/11/17 13:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/11 22:58:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/22 16:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 07:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/11/13 09:53:36 | 000,030,248 | ---- | M] (Fintek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FintekCIR.sys -- (FintekCIR)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:56:34 | 000,014,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2009/09/17 00:56:32 | 000,025,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/17 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\The Cross Family\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7F9E2D3B-70C9-41D8-B9EF-71DF17886010}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{776228B8-FE0C-48BC-A99A-7D399A39B280}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{7F9E2D3B-70C9-41D8-B9EF-71DF17886010}: "URL" = http://www.google.co...1I7ADRA_enUS466
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/18 06:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/14 07:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/20 10:25:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/17 20:23:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/12/07 18:34:39 | 000,000,000 | ---D | M]

[2013/07/15 14:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Cross Family\AppData\Roaming\Mozilla\Extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/15 14:23:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/20 09:36:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD6B9A8-E581-48E6-A247-C44C0395B8AD}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c709a053-3996-11e1-8a9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\PMWinSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/20 16:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/19 19:32:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/18 17:42:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/17 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/17 20:28:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Roaming\Mozilla
[2013/07/15 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Mozilla
[2013/07/15 14:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Deployment
[2013/07/06 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\The Cross Family\AppData\Local\Apps
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/02 09:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/06/30 10:37:24 | 000,000,000 | ---D | C] -- C:\vstplugins
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/20 16:10:12 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 16:10:12 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 16:09:55 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2013/07/20 16:02:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/20 16:02:25 | 3012,907,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/19 22:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 19:19:28 | 000,666,633 | ---- | M] () -- C:\Users\The Cross Family\Desktop\AdwCleaner.exe
[2013/07/19 14:18:41 | 002,840,498 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-19_141835.ZIP
[2013/07/18 17:42:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Cross Family\Desktop\OTL.exe
[2013/07/18 17:36:55 | 001,265,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/18 06:02:58 | 000,753,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 06:02:58 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 06:02:58 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/17 20:29:08 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:56 | 002,840,498 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:30 | 002,840,015 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:37 | 002,839,692 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:50 | 002,834,908 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:02 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:23 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:40 | 002,833,895 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:54 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:59 | 001,019,378 | ---- | M] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:19 | 002,833,649 | ---- | M] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/06/30 10:37:42 | 000,001,003 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/06/30 10:37:42 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/06/30 10:37:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/06/30 10:28:40 | 000,001,036 | ---- | M] () -- C:\Users\The Cross Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2012.lnk
[2013/06/30 10:28:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2012.lnk
[2013/06/29 10:39:14 | 000,251,660 | ---- | M] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:39 | 000,247,960 | ---- | M] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[5 C:\Users\The Cross Family\Documents\*.tmp files -> C:\Users\The Cross Family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/19 19:19:12 | 000,666,633 | ---- | C] () -- C:\Users\The Cross Family\Desktop\AdwCleaner.exe
[2013/07/19 14:18:39 | 002,840,498 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-19_141835.ZIP
[2013/07/17 20:29:08 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 16:54:54 | 002,840,498 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_165451.ZIP
[2013/07/16 16:46:28 | 002,840,015 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_164624.ZIP
[2013/07/16 16:27:35 | 002,839,692 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-16_162731.ZIP
[2013/07/14 23:19:48 | 002,834,908 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-14_231944.ZIP
[2013/07/13 20:28:00 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_202756.ZIP
[2013/07/13 20:06:21 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_200618.ZIP
[2013/07/13 12:09:38 | 002,833,895 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-13_120934.ZIP
[2013/07/12 21:40:52 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-12_214049.ZIP
[2013/07/11 08:18:50 | 001,019,378 | ---- | C] () -- C:\Users\The Cross Family\Documents\2013-07-10_15.10.40.png
[2013/07/09 22:59:15 | 002,833,649 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\BLVD BACKUP_2013-07-09_225912.ZIP
[2013/06/29 07:44:04 | 000,251,660 | ---- | C] () -- C:\Users\The Cross Family\Documents\Festival March-WMB (Full Score) II.mus
[2013/06/27 11:41:17 | 000,247,960 | ---- | C] () -- C:\Users\The Cross Family\Documents\morganfreemanimpression ofme.avi
[2013/06/07 13:01:27 | 000,001,089 | ---- | C] () -- C:\Program Files\StarCraft II.lnk
[2013/06/04 19:06:46 | 000,001,774 | ---- | C] () -- C:\Users\The Cross Family\balkrad asdfa.png
[2013/06/04 16:46:57 | 000,001,771 | ---- | C] () -- C:\Users\The Cross Family\omg epicskin.png
[2013/05/03 16:47:11 | 000,000,472 | -H-- | C] () -- C:\Users\The Cross Family\Ninja Fighter.png
[2013/04/16 17:24:15 | 000,000,334 | -H-- | C] () -- C:\Users\The Cross Family\Confusing PVP Skin.png
[2013/04/16 17:10:44 | 000,000,473 | -H-- | C] () -- C:\Users\The Cross Family\Lord Blarlarlar.png
[2013/03/16 18:42:51 | 000,000,509 | -H-- | C] () -- C:\Users\The Cross Family\Soldier.png
[2013/03/02 08:17:05 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/01/04 10:13:52 | 000,000,447 | -H-- | C] () -- C:\Users\The Cross Family\Lord Gunash.png
[2012/12/09 08:35:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\06811000sm.pad
[2012/10/23 20:24:29 | 000,000,422 | -H-- | C] () -- C:\Users\The Cross Family\Farmer
[2012/06/07 14:30:34 | 000,000,506 | -H-- | C] () -- C:\Users\The Cross Family\Army Bowman
[2012/06/07 14:20:56 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Miner
[2012/06/07 14:12:42 | 000,000,286 | -H-- | C] () -- C:\Users\The Cross Family\Herobrine
[2012/06/07 13:36:35 | 000,000,258 | -H-- | C] () -- C:\Users\The Cross Family\Miner (Deprived of Diamonds)
[2012/06/07 13:31:21 | 000,000,354 | -H-- | C] () -- C:\Users\The Cross Family\Jungle Explorer
[2012/05/05 18:05:04 | 000,000,292 | -H-- | C] () -- C:\Users\The Cross Family\Sniper II
[2012/05/04 16:18:05 | 000,000,435 | -H-- | C] () -- C:\Users\The Cross Family\Ghost
[2012/05/04 16:14:51 | 000,000,310 | -H-- | C] () -- C:\Users\The Cross Family\Spy
[2012/05/04 16:08:45 | 000,000,328 | -H-- | C] () -- C:\Users\The Cross Family\Assasin
[2012/05/03 19:40:11 | 000,000,189 | -H-- | C] () -- C:\Users\The Cross Family\Ninja
[2012/05/03 19:34:41 | 000,000,304 | -H-- | C] () -- C:\Users\The Cross Family\U.S. Spy
[2012/05/03 19:23:02 | 000,000,369 | -H-- | C] () -- C:\Users\The Cross Family\Archer
[2012/05/03 18:56:24 | 000,000,355 | -H-- | C] () -- C:\Users\The Cross Family\Drew Skin
[2012/05/03 18:41:21 | 000,000,264 | -H-- | C] () -- C:\Users\The Cross Family\Sniper
[2012/05/03 16:17:23 | 000,000,305 | -H-- | C] () -- C:\Users\The Cross Family\my_skin.png
[2012/02/04 21:50:09 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/02 06:20:21 | 000,221,807 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/02 06:20:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/02/01 21:52:51 | 000,221,556 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/02/01 21:10:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/01/24 17:33:20 | 002,902,379 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-24_163317.zdb
[2012/01/23 18:42:33 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-23_174230.zdb
[2012/01/22 22:51:57 | 002,901,671 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-22_215154.zdb
[2012/01/21 16:27:20 | 002,899,672 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-21_132717.zdb
[2012/01/20 16:14:55 | 002,888,191 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_131452.zdb
[2012/01/20 10:08:07 | 002,888,193 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-20_070804.zdb
[2012/01/18 10:52:09 | 002,862,537 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-18_075206.zdb
[2012/01/16 01:49:47 | 002,850,107 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_224944.zdb
[2012/01/15 17:10:51 | 002,842,675 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_141048.zdb
[2012/01/15 14:19:26 | 002,842,674 | ---- | C] () -- C:\Users\The Cross Family\AppData\Roaming\Blvd Backup_2012-01-15_111923.zdb

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/17 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\.minecraft
[2013/07/19 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Blvd
[2012/12/09 10:19:25 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Egorr
[2013/05/15 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Garritan
[2013/05/15 20:01:09 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\MakeMusic
[2013/04/04 06:48:50 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Minecraft Version Changer
[2013/05/15 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\The Cross Family\AppData\Roaming\Plogue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\Recipes, September 2012.nws:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\The Cross Family\Documents\GIANT BOX O' FUN.nws:OECustomProperty

< End of report >
  • 0

Advertisements


#11
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Looking nice. What's up with problem?
  • 0

#12
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
My son was on it all last night and it seems to running just fine. I have another computer that is running very slowly (and has been for some time). A McAfee scan takes about 4 days to complete. I rsn Malwarebytes on it, but it came up empty. Can you help me with this one?

I appreciate all your help in this matter thus far.

Thanks!
  • 0

#13
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

Can you help me with this one?


Yep, but you should create seperate topic with description of your problem. 1 PC = 1 Topic.

Step 1. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.

After reboot:

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. MBAM scan.

Please run MBAM scan once more and post a new log.

Step 3. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

  • MBAM log
  • ESET Online Scanner log
  • AdwCleaner log

  • 0

#14
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Here are the Malware and Adware logs. The ESET scan seemed to jam @ 37%. We ran if for 12 hours. It was at 37% for five of those. I did try to pull a log from what it has scanned and attached here. Hope this helps.

Thanks!

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 18:02:37
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : The Cross Family - BALTHAZAAR
# Boot Mode : Normal
# Running from : C:\Users\The Cross Family\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

*************************

AdwCleaner[R1].txt - [835 octets] - [21/07/2013 19:11:35]
AdwCleaner[S1].txt - [9642 octets] - [19/07/2013 19:20:20]
AdwCleaner[S2].txt - [776 octets] - [21/07/2013 18:59:51]
AdwCleaner[S3].txt - [894 octets] - [21/07/2013 19:40:28]
AdwCleaner[S4].txt - [826 octets] - [22/07/2013 18:02:37]

########## EOF - C:\AdwCleaner[S4].txt - [885 octets] ##########





Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
The Cross Family :: BALTHAZAAR [administrator]

7/22/2013 6:06:25 PM
mbam-log-2013-07-22 (18-06-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261318
Time elapsed: 21 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And the partial ESET log:

C:\Users\The Cross Family\AppData\Local\Temp\Shortcut_SweetImSetup[1].exe a variant of Win32/SweetIM.C application
C:\Users\The Cross Family\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application
  • 0

#15
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
So, do you still have any problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP