Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ZeroAccess? problems/ regsvr32 missing
Message
<blockquote data-quote="bravebird" data-source="post: 125038" data-attributes="member: 9121"><p>OTL logfile created on: 6/17/2013 7:26:29 AM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OfficeMax\Downloads</p><p>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>2.99 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.91% Memory free</p><p>6.18 Gb Paging File | 5.19 Gb Available in Paging File | 84.02% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 221.19 Gb Total Space | 152.25 Gb Free Space | 68.83% Space Free | Partition Type: NTFS</p><p>Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.31% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: LATANYA | User Name: OfficeMax | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\OfficeMax\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)</p><p>PRC - C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe ()</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)</p><p>PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)</p><p>PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</p><p>PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe ()</p><p>MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()</p><p>MOD - C:\Windows\System32\igfxTMM.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (UEBZ) -- C:\Users\OFFICE~1\AppData\Local\Temp\UEBZ.exe File not found</p><p>SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</p><p>SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)</p><p>SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)</p><p>SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS File not found</p><p>DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS File not found</p><p>DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS File not found</p><p>DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found</p><p>DRV - (SymIM) -- system32\DRIVERS\SymIMv.sys File not found</p><p>DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS File not found</p><p>DRV - (SymEvent) -- C:\Windows\system32\Drivers\SYMEVENT.SYS File not found</p><p>DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS File not found</p><p>DRV - (SRTSPX) -- System32\Drivers\SRTSPX.SYS File not found</p><p>DRV - (SRTSPL) -- System32\Drivers\SRTSPL.SYS File not found</p><p>DRV - (SRTSP) -- System32\Drivers\SRTSP.SYS File not found</p><p>DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys File not found</p><p>DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found</p><p>DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found</p><p>DRV - (NAVEX15) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVEX15.SYS File not found</p><p>DRV - (NAVENG) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVENG.SYS File not found</p><p>DRV - (MpNWMon) -- system32\DRIVERS\MpNWMon.sys File not found</p><p>DRV - (MpKsldcfe8f12) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC112CF5-CDBF-44A3-BF92-6D576069C4ED}\MpKsldcfe8f12.sys File not found</p><p>DRV - (MpKsld0dcd759) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7328A9AA-F1E4-4103-BDCB-3C82A17A8BAA}\MpKsld0dcd759.sys File not found</p><p>DRV - (MpKsla944542e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56FF3638-EEF9-4A79-A64E-2825324F5A73}\MpKsla944542e.sys File not found</p><p>DRV - (MpKsl8adbd91b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43900AF4-7886-4B5D-83D4-14E77764DA65}\MpKsl8adbd91b.sys File not found</p><p>DRV - (MpKsl7ee4e834) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl7ee4e834.sys File not found</p><p>DRV - (MpKsl6430cb37) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl6430cb37.sys File not found</p><p>DRV - (MpKsl546e8a23) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F17E6CC9-177C-42B6-922C-E607BD01FE85}\MpKsl546e8a23.sys File not found</p><p>DRV - (MpKsl3539e50a) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E65AD0FB-B77D-47EA-B867-4BB6ED644CD5}\MpKsl3539e50a.sys File not found</p><p>DRV - (mfeapfk) -- C:\Windows\\SystemRoot\\SystemRoot\system32\drivers\mfeapfk.sys File not found</p><p>DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found</p><p>DRV - (IDSvix86) -- C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090217.004\IDSvix86.sys File not found</p><p>DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found</p><p>DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys File not found</p><p>DRV - (COH_Mon) -- C:\Windows\system32\Drivers\COH_Mon.sys File not found</p><p>DRV - (CO_Mon) -- C:\Windows\system32\drivers\CO_Mon.sys File not found</p><p>DRV - (catchme) -- C:\ComboFix\catchme.sys File not found</p><p>DRV - (A2DDA) -- F:\EmsisoftEmergencyKit\Run\a2ddax86.sys File not found</p><p>DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()</p><p>DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)</p><p>DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)</p><p>DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)</p><p>DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )</p><p>DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)</p><p>DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)</p><p>DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)</p><p>DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)</p><p>DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)</p><p>DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)</p><p>DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)</p><p>DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (All) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p>IE - HKLM\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd</p><p>IE - HKLM\..\SearchScopes\{98C5ECE9-8E95-48C4-B2AA-8202E3547581}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome</p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome</p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)</p><p> </p><p>IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)</p><p> </p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://i-houseclean.com/key.php?a=0</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes\{98C5ECE9-8E95-48C4-B2AA-8202E3547581}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119</p><p>FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:7</p><p>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0</p><p>FF - user.js - File not found</p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()</p><p>FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\OfficeMax\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)</p><p>FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\OfficeMax\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OfficeMax\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OfficeMax\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OfficeMax\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OfficeMax\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:44 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/23 16:08:25 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/16 21:46:14 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/16 21:46:03 | 000,000,000 | ---D | M]</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\OfficeMax\AppData\Roaming\Move Networks [2009/09/05 17:45:25 | 000,000,000 | ---D | M]</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/16 21:46:14 | 000,000,000 | ---D | M]</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/16 21:46:03 | 000,000,000 | ---D | M]</p><p> </p><p>[2010/10/26 13:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Extensions</p><p>[2010/10/26 13:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</p><p>[2012/12/07 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Firefox\Profiles\86awjfba.default\extensions</p><p>[2012/08/22 20:46:38 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Firefox\Profiles\86awjfba.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}</p><p>[2012/02/29 16:42:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\firefox\profiles\86awjfba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi</p><p>[2013/06/16 21:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions</p><p>[2013/06/16 21:46:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p>[2009/09/05 17:45:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OFFICEMAX\APPDATA\ROAMING\MOVE NETWORKS</p><p>[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll</p><p>[2012/04/22 20:29:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll</p><p>[2011/07/11 15:33:12 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll</p><p>[2011/07/11 15:34:39 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll</p><p>[2011/07/11 15:32:58 | 000,105,472 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - homepage: http://www.google.com</p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}</p><p>CHR - homepage: http://www.google.com</p><p>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</p><p>CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OfficeMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\</p><p> </p><p>O1 HOSTS File: ([2013/06/16 17:38:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.</p><p>O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</p><p>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</p><p>O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.</p><p>O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.</p><p>O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)</p><p>O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.</p><p>O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)</p><p>O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)</p><p>O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)</p><p>O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</p><p>O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)</p><p>O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)</p><p>O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)</p><p>O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)</p><p>O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)</p><p>O4 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000..\Run: [F.lux] C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe ()</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = </p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = </p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17</p><p>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)</p><p>O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)</p><p>O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)</p><p>O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)</p><p>O15 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..Trusted Domains: //@install.mar@/ ([]msni in Computer)</p><p>O15 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)</p><p>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)</p><p>O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CA14594-3DD1-4783-9A06-03A53BE47B0F}: DhcpNameServer = 192.168.1.254</p><p>O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)</p><p>O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)</p><p>O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)</p><p>O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)</p><p>O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)</p><p>O24 - Desktop WallPaper: C:\Users\OfficeMax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg</p><p>O24 - Desktop BackupWallPaper: C:\Users\OfficeMax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg</p><p>O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)</p><p>O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)</p><p>O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)</p><p>O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)</p><p>O31 - SafeBoot: AlternateShell - cmd.exe</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2008/02/17 23:28:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/06/17 04:17:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb</p><p>[2013/06/17 04:17:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll</p><p>[2013/06/17 04:17:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll</p><p>[2013/06/17 04:17:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll</p><p>[2013/06/17 04:17:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe</p><p>[2013/06/17 04:17:39 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll</p><p>[2013/06/17 04:17:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll</p><p>[2013/06/17 04:17:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl</p><p>[2013/06/17 04:13:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi</p><p>[2013/06/17 03:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype</p><p>[2013/06/17 03:05:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype</p><p>[2013/06/17 03:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype</p><p>[2013/06/17 03:02:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll</p><p>[2013/06/17 03:02:47 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll</p><p>[2013/06/17 03:02:47 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys</p><p>[2013/06/17 03:02:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll</p><p>[2013/06/17 03:02:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll</p><p>[2013/06/17 03:02:45 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll</p><p>[2013/06/16 21:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox</p><p>[2013/06/16 19:21:36 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</p><p>[2013/06/16 19:12:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll</p><p>[2013/06/16 19:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>[2013/06/16 19:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2013/06/16 19:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2013/06/16 19:02:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys</p><p>[2013/06/16 18:56:54 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe</p><p>[2013/06/16 18:56:54 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe</p><p>[2013/06/16 18:56:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll</p><p>[2013/06/16 18:49:58 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll</p><p>[2013/06/16 18:49:58 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe</p><p>[2013/06/16 18:49:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll</p><p>[2013/06/16 18:48:39 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll</p><p>[2013/06/16 18:44:23 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll</p><p>[2013/06/16 18:44:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll</p><p>[2013/06/16 18:44:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll</p><p>[2013/06/16 18:41:42 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe</p><p>[2013/06/16 18:41:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll</p><p>[2013/06/16 18:34:18 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll</p><p>[2013/06/16 18:26:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll</p><p>[2013/06/16 17:53:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll</p><p>[2013/06/16 17:53:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll</p><p>[2013/06/16 17:44:04 | 000,000,000 | ---D | C] -- C:\Windows\temp</p><p>[2013/06/16 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Local\temp</p><p>[2013/06/16 17:38:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN</p><p>[2013/06/16 15:43:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe</p><p>[2013/06/16 15:43:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe</p><p>[2013/06/16 15:43:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe</p><p>[2013/06/16 15:43:52 | 000,000,000 | ---D | C] -- C:\Qoobox</p><p>[2013/06/16 15:43:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt</p><p>[2013/06/16 15:30:09 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\Desktop\RK_Quarantine</p><p>[2013/06/16 13:41:41 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\Desktop\mbar-1.06.0.1003(1)</p><p>[2013/06/13 20:22:54 | 000,000,000 | ---D | C] -- C:\found.011</p><p>[2013/06/13 16:27:16 | 000,000,000 | ---D | C] -- C:\found.010</p><p>[2013/06/13 10:55:15 | 000,000,000 | ---D | C] -- C:\366eab9c421c2d96fcef6e403a01ad</p><p>[2013/06/13 10:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up</p><p>[2013/06/13 10:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE</p><p>[2013/06/12 20:06:49 | 000,000,000 | ---D | C] -- C:\c84656d8fdf2402e9d</p><p>[2013/06/12 19:29:59 | 011,091,432 | ---- | C] (Microsoft Corporation) -- C:\Users\OfficeMax\Desktop\mseinstall.exe</p><p>[2013/06/12 19:04:16 | 001,814,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\OfficeMax\Desktop\rkill.exe</p><p>[2013/06/12 18:37:41 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Local\ElevatedDiagnostics</p><p>[2013/06/12 14:50:33 | 000,000,000 | ---D | C] -- C:\found.009</p><p>[2013/06/12 14:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/06/12 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware</p><p>[2013/06/12 13:13:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys</p><p>[2013/06/12 13:13:19 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Roaming\Malwarebytes</p><p>[2013/06/12 13:06:27 | 000,000,000 | ---D | C] -- C:\Quarantine</p><p>[2013/06/11 14:32:45 | 000,101,112 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys</p><p>[2013/06/11 14:32:45 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe</p><p>[2013/06/08 22:06:26 | 000,000,000 | ---D | C] -- C:\63f496ee69557e4f173fcefa</p><p>[2013/06/08 21:49:53 | 000,000,000 | ---D | C] -- C:\f2ea61c736c459e4aad923</p><p>[2013/06/08 18:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>[2013/06/08 18:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2013/06/08 18:49:31 | 000,000,000 | ---D | C] -- C:\mbar-1.06.0.1003</p><p>[2013/06/08 06:11:56 | 000,000,000 | ---D | C] -- C:\Windows\pss</p><p>[2013/06/07 22:15:25 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Local\{3DC96C1F-2044-4286-89AB-5CA5183F11DD}</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/06/17 07:17:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/06/17 07:17:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/06/17 07:15:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000UA.job</p><p>[2013/06/17 06:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/06/17 04:48:42 | 000,398,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2013/06/17 03:05:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk</p><p>[2013/06/16 21:20:08 | 000,000,512 | ---- | M] () -- C:\Users\OfficeMax\Desktop\MBR.dat</p><p>[2013/06/16 19:10:45 | 000,001,692 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/06/16 17:46:23 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys</p><p>[2013/06/16 17:38:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts</p><p>[2013/06/16 16:15:11 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000Core.job</p><p>[2013/06/16 15:39:36 | 000,048,966 | ---- | M] () -- C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm</p><p>[2013/06/16 13:32:50 | 000,001,356 | ---- | M] () -- C:\Users\OfficeMax\AppData\Local\d3d9caps.dat</p><p>[2013/06/16 10:01:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS</p><p>[2013/06/16 10:01:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS</p><p>[2013/06/16 09:06:34 | 001,553,028 | ---- | M] () -- C:\Users\OfficeMax\Documents\cc_20130616_090607.reg</p><p>[2013/06/13 11:16:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif</p><p>[2013/06/12 19:32:30 | 011,091,432 | ---- | M] (Microsoft Corporation) -- C:\Users\OfficeMax\Desktop\mseinstall.exe</p><p>[2013/06/12 19:05:52 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\OfficeMax\Desktop\rkill.exe</p><p>[2013/06/12 14:13:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/06/12 07:19:09 | 000,163,840 | ---- | M] () -- C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2013/06/11 14:32:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat</p><p>[2013/06/09 20:03:43 | 000,605,838 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2013/06/09 20:03:43 | 000,004,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2013/06/08 18:47:42 | 013,169,742 | ---- | M] () -- C:\mbar-1.06.0.1003.zip</p><p>[2013/06/07 22:32:57 | 000,000,344 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/06/17 03:02:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf</p><p>[2013/06/17 03:02:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf</p><p>[2013/06/16 21:20:07 | 000,000,512 | ---- | C] () -- C:\Users\OfficeMax\Desktop\MBR.dat</p><p>[2013/06/16 19:10:45 | 000,001,692 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/06/16 17:46:23 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys</p><p>[2013/06/16 15:43:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</p><p>[2013/06/16 15:43:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</p><p>[2013/06/16 15:43:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</p><p>[2013/06/16 15:43:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</p><p>[2013/06/16 15:43:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</p><p>[2013/06/16 15:39:35 | 000,048,966 | ---- | C] () -- C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm</p><p>[2013/06/16 10:01:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS</p><p>[2013/06/16 10:01:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS</p><p>[2013/06/16 09:06:10 | 001,553,028 | ---- | C] () -- C:\Users\OfficeMax\Documents\cc_20130616_090607.reg</p><p>[2013/06/13 10:37:09 | 000,002,377 | ---- | C] () -- C:\Users\OfficeMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk</p><p>[2013/06/12 14:13:04 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/06/11 14:32:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat</p><p>[2013/06/08 18:38:24 | 013,169,742 | ---- | C] () -- C:\mbar-1.06.0.1003.zip</p><p>[2012/08/22 20:30:53 | 000,241,469 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\census.cache</p><p>[2012/08/22 20:30:46 | 000,224,812 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\ars.cache</p><p>[2012/08/22 19:45:40 | 000,000,036 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\housecall.guid.cache</p><p>[2012/03/23 18:55:09 | 000,000,414 | ---- | C] () -- C:\Windows\videoimp.ini</p><p>[2012/03/23 18:54:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll</p><p>[2011/12/27 15:21:28 | 000,006,680 | -HS- | C] () -- C:\Users\OfficeMax\AppData\Local\8b34281714uia161</p><p>[2010/01/09 17:54:06 | 000,001,356 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\d3d9caps.dat</p><p>[2009/04/01 22:03:46 | 000,024,206 | ---- | C] () -- C:\Users\OfficeMax\AppData\Roaming\UserTile.png</p><p>[2009/01/21 20:13:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat</p><p>[2008/07/07 11:14:52 | 000,163,840 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2011/11/08 08:58:27 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\com.skinkers.aa</p><p>[2013/01/26 17:59:18 | 000,000,000 | -HSD | M] -- C:\Users\OfficeMax\AppData\Roaming\F273EF</p><p>[2009/05/29 19:30:23 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\MSNInstaller</p><p>[2011/08/16 09:05:01 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\ooVoo Details</p><p>[2009/04/01 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\PeerNetworking</p><p>[2012/08/22 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\QuickScan</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p></p><p>< End of report ></p><p></p><p></p><p>OTL Extras logfile created on: 6/17/2013 7:26:29 AM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OfficeMax\Downloads</p><p>Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>2.99 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.91% Memory free</p><p>6.18 Gb Paging File | 5.19 Gb Available in Paging File | 84.02% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 221.19 Gb Total Space | 152.25 Gb Free Space | 68.83% Space Free | Partition Type: NTFS</p><p>Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.31% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: LATANYA | User Name: OfficeMax | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Extra Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== File Associations ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</p><p>.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*</p><p>.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)</p><p> </p><p>[HKEY_USERS\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Classes\<extension>]</p><p>.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)</p><p> </p><p><span style="color: #E56717">========== Shell Spawning ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</p><p>batfile [open] -- "%1" %*</p><p>cmdfile [open] -- "%1" %*</p><p>comfile [open] -- "%1" %*</p><p>cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*</p><p>exefile [open] -- "%1" %*</p><p>helpfile [open] -- Reg Error: Key error.</p><p>hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)</p><p>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</p><p>piffile [open] -- "%1" %*</p><p>regfile [merge] -- Reg Error: Key error.</p><p>scrfile [config] -- "%1"</p><p>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</p><p>scrfile [open] -- "%1" /S</p><p>txtfile [edit] -- Reg Error: Key error.</p><p>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</p><p>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</p><p>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p>Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)</p><p>Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)</p><p>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p> </p><p><span style="color: #E56717">========== Security Center Settings ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</p><p>"cval" = 1</p><p>"AntiVirusDisableNotify" = 0</p><p>"AntiVirusOverride" = 1</p><p>"FirewallDisableNotify" = 0</p><p>"FirewallOverride" = 1</p><p>"UpdatesDisableNotify" = 0</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]</p><p>"DisableMonitoring" = 1</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]</p><p>"DisableMonitoring" = 1</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]</p><p>"DisableMonitoring" = 1</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</p><p>"AntiVirusOverride" = 1</p><p>"AntiSpywareOverride" = 1</p><p>"FirewallOverride" = 0</p><p>"VistaSp1" = Reg Error: Unknown registry data type -- File not found</p><p>"VistaSp2" = Reg Error: Unknown registry data type -- File not found</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]</p><p> </p><p><span style="color: #E56717">========== System Restore Settings ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]</p><p>"DisableSR" = 0</p><p> </p><p><span style="color: #E56717">========== Firewall Settings ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]</p><p>"EnableFirewall" = 1</p><p>"DisableNotifications" = 0</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]</p><p>"EnableFirewall" = 1</p><p>"DisableNotifications" = 0</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]</p><p>"EnableFirewall" = 1</p><p>"DisableNotifications" = 0</p><p> </p><p><span style="color: #E56717">========== Authorized Applications List ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]</p><p>"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Vista Active Open Ports Exception List ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</p><p>"{1181E337-7E59-4D08-8E08-0ECA709964A0}" = lport=445 | protocol=6 | dir=in | app=system | </p><p>"{1BAD86B2-26DC-46FE-8C72-FE38E429B363}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | </p><p>"{2F207C39-9FB9-4C4F-897D-7FA2B25DCD33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | </p><p>"{38319A49-449D-440E-BB4C-7D85942EBE6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | </p><p>"{3ED54936-0FB1-47E3-9D5D-EB65190F2DEE}" = rport=138 | protocol=17 | dir=out | app=system | </p><p>"{4CBE5B32-79D0-4950-A083-D167FCFDE003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | </p><p>"{531FB710-6B05-47CE-8A63-5585013586B2}" = rport=137 | protocol=17 | dir=out | app=system | </p><p>"{58406D3C-2E44-415F-B983-BEFA9BCA8A61}" = lport=137 | protocol=17 | dir=in | app=system | </p><p>"{676DD5F8-F2F9-4BDF-AF90-D39CD9636818}" = rport=139 | protocol=6 | dir=out | app=system | </p><p>"{73472542-B843-4705-9A7A-A8B00061F6B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | </p><p>"{7F8CA566-65EF-4BAE-A617-497D97B7A65A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | </p><p>"{80CD9F8E-CD35-49D7-A9AA-223CBFBD4455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | </p><p>"{8F125284-834E-4382-A2E1-7216E77BA6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | </p><p>"{AAF40E08-F3D4-44AC-9791-357F83662390}" = rport=445 | protocol=6 | dir=out | app=system | </p><p>"{BCCF9D0E-55B3-407C-974A-157801028145}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | </p><p>"{C62E848D-407E-4ECA-9DAF-46F36E1CC164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | </p><p>"{C853D7B8-161C-456B-A232-4DF405A3AD93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | </p><p>"{CAB028B3-19AD-462C-B987-2EE2CBCB2267}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | </p><p>"{D362D0AF-7E07-40A0-8F2A-5236690982C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | </p><p>"{D7B89B91-C4D7-4C7B-BEB7-D5AF93CEF1BE}" = lport=138 | protocol=17 | dir=in | app=system | </p><p>"{F31B0248-F87C-4168-8B14-0EF920580FB4}" = lport=139 | protocol=6 | dir=in | app=system | </p><p> </p><p><span style="color: #E56717">========== Vista Active Application Exception List ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</p><p>"{0788F9F7-0E81-4887-BC3E-3048A8656259}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | </p><p>"{0B991D50-D561-48F4-92EF-4D9C6B8BC93D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | </p><p>"{12CACB3B-2109-4879-A82C-982F687C887C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | </p><p>"{1E366874-B5ED-4432-8F99-F5E476AD3390}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | </p><p>"{265C16D2-8A94-44E2-ADAC-36918A61DF83}" = dir=in | app=c:\program files\skype\phone\skype.exe | </p><p>"{44168324-1F9B-4D8E-A77F-35F27DFED392}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </p><p>"{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </p><p>"{5A596E28-6614-4F90-8797-60691A24DFAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | </p><p>"{5B9C4872-E7D4-43F1-9426-D8BF4964DA11}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | </p><p>"{750F4831-CFD0-48EB-966A-31F4D4A6793B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | </p><p>"{7BD09183-0731-4DBB-8FB2-9675F22DFDDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | </p><p>"{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </p><p>"{846EE797-C717-4137-81A8-25994C470209}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | </p><p>"{84F72002-3380-4D5B-8919-B7FEC98074F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | </p><p>"{8B21D88A-0353-4977-8BCB-6A93100BDBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | </p><p>"{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </p><p>"{A91C4F27-BD6C-4674-8847-A68274199BD1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </p><p>"{BC7268E3-FC25-4ED3-84AA-2A780758C21E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | </p><p>"{BE633EB7-A30E-4995-9363-7D4D4E18BC94}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </p><p>"{BF17B15C-3660-4BCE-B56A-1D1EE78697AC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | </p><p>"{C4149861-BEE5-47ED-A45C-2498E1BC7C80}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | </p><p>"{C43B89FB-672D-414B-AA5E-5A4CAB9028B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | </p><p>"{C70C81B6-741E-4062-853B-163C7421C703}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | </p><p>"{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | </p><p>"{D29210D3-840F-407B-BD2E-54CB26C13E32}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | </p><p>"{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | </p><p>"{EA4F7060-DEE2-47DA-9596-44EE1317458E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | </p><p>"TCP Query User{22BCF455-3CF3-48F2-9346-819D6A436021}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | </p><p>"TCP Query User{809A7C10-F37E-4AEC-8BBA-551A6DC6A754}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | </p><p>"TCP Query User{B48CE55C-F129-4849-A8DE-77062A1E0585}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | </p><p>"TCP Query User{D27DCD70-952F-4BAD-9B54-00FD7D1</p></blockquote><p></p>
[QUOTE="bravebird, post: 125038, member: 9121"] OTL logfile created on: 6/17/2013 7:26:29 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OfficeMax\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.91% Memory free 6.18 Gb Paging File | 5.19 Gb Available in Paging File | 84.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.19 Gb Total Space | 152.25 Gb Free Space | 68.83% Space Free | Partition Type: NTFS Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.31% Space Free | Partition Type: NTFS Computer Name: LATANYA | User Name: OfficeMax | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\OfficeMax\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe () MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll () MOD - C:\Windows\System32\igfxTMM.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (UEBZ) -- C:\Users\OFFICE~1\AppData\Local\Temp\UEBZ.exe File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS File not found DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS File not found DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS File not found DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (SymIM) -- system32\DRIVERS\SymIMv.sys File not found DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS File not found DRV - (SymEvent) -- C:\Windows\system32\Drivers\SYMEVENT.SYS File not found DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS File not found DRV - (SRTSPX) -- System32\Drivers\SRTSPX.SYS File not found DRV - (SRTSPL) -- System32\Drivers\SRTSPL.SYS File not found DRV - (SRTSP) -- System32\Drivers\SRTSP.SYS File not found DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (NAVEX15) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVEX15.SYS File not found DRV - (NAVENG) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090223.048\NAVENG.SYS File not found DRV - (MpNWMon) -- system32\DRIVERS\MpNWMon.sys File not found DRV - (MpKsldcfe8f12) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC112CF5-CDBF-44A3-BF92-6D576069C4ED}\MpKsldcfe8f12.sys File not found DRV - (MpKsld0dcd759) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7328A9AA-F1E4-4103-BDCB-3C82A17A8BAA}\MpKsld0dcd759.sys File not found DRV - (MpKsla944542e) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56FF3638-EEF9-4A79-A64E-2825324F5A73}\MpKsla944542e.sys File not found DRV - (MpKsl8adbd91b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43900AF4-7886-4B5D-83D4-14E77764DA65}\MpKsl8adbd91b.sys File not found DRV - (MpKsl7ee4e834) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl7ee4e834.sys File not found DRV - (MpKsl6430cb37) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2A6845F-A566-4C54-8DF8-7B75FFCCE511}\MpKsl6430cb37.sys File not found DRV - (MpKsl546e8a23) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F17E6CC9-177C-42B6-922C-E607BD01FE85}\MpKsl546e8a23.sys File not found DRV - (MpKsl3539e50a) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E65AD0FB-B77D-47EA-B867-4BB6ED644CD5}\MpKsl3539e50a.sys File not found DRV - (mfeapfk) -- C:\Windows\\SystemRoot\\SystemRoot\system32\drivers\mfeapfk.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (IDSvix86) -- C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090217.004\IDSvix86.sys File not found DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys File not found DRV - (COH_Mon) -- C:\Windows\system32\Drivers\COH_Mon.sys File not found DRV - (CO_Mon) -- C:\Windows\system32\drivers\CO_Mon.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (A2DDA) -- F:\EmsisoftEmergencyKit\Run\a2ddax86.sys File not found DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys () DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{98C5ECE9-8E95-48C4-B2AA-8202E3547581}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://i-houseclean.com/key.php?a=0 IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes\{7C9B2C5A-9AE0-4DD1-BF28-38E27DA72F33}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..\SearchScopes\{98C5ECE9-8E95-48C4-B2AA-8202E3547581}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\OfficeMax\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\OfficeMax\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\OfficeMax\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\OfficeMax\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OfficeMax\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OfficeMax\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/23 16:08:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/16 21:46:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/16 21:46:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\OfficeMax\AppData\Roaming\Move Networks [2009/09/05 17:45:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/16 21:46:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/16 21:46:03 | 000,000,000 | ---D | M] [2010/10/26 13:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Extensions [2010/10/26 13:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2012/12/07 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Firefox\Profiles\86awjfba.default\extensions [2012/08/22 20:46:38 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\Firefox\Profiles\86awjfba.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012/02/29 16:42:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\OfficeMax\AppData\Roaming\mozilla\firefox\profiles\86awjfba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013/06/16 21:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/06/16 21:46:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/05 17:45:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OFFICEMAX\APPDATA\ROAMING\MOVE NETWORKS [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2012/04/22 20:29:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/07/11 15:33:12 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011/07/11 15:34:39 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011/07/11 15:32:58 | 000,105,472 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OfficeMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ O1 HOSTS File: ([2013/06/16 17:38:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) O4 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000..\Run: [F.lux] C:\Users\OfficeMax\Local Settings\Apps\F.lux\flux.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..Trusted Domains: //@install.mar@/ ([]msni in Computer) O15 - HKU\S-1-5-21-894241628-2637172068-3778301761-1000\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CA14594-3DD1-4783-9A06-03A53BE47B0F}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\OfficeMax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\OfficeMax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/02/17 23:28:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/06/17 04:17:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/17 04:17:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/17 04:17:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/06/17 04:17:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/06/17 04:17:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/06/17 04:17:39 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/06/17 04:17:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/06/17 04:17:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/06/17 04:13:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/06/17 03:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/06/17 03:05:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013/06/17 03:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/06/17 03:02:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013/06/17 03:02:47 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013/06/17 03:02:47 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013/06/17 03:02:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2013/06/17 03:02:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013/06/17 03:02:45 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013/06/16 21:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/06/16 19:21:36 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/06/16 19:12:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2013/06/16 19:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013/06/16 19:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/06/16 19:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/06/16 19:02:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013/06/16 18:56:54 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/06/16 18:56:54 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/06/16 18:56:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013/06/16 18:49:58 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2013/06/16 18:49:58 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2013/06/16 18:49:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013/06/16 18:48:39 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/06/16 18:44:23 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013/06/16 18:44:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013/06/16 18:44:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/06/16 18:41:42 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013/06/16 18:41:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013/06/16 18:34:18 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/06/16 18:26:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013/06/16 17:53:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013/06/16 17:53:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013/06/16 17:44:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/16 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Local\temp [2013/06/16 17:38:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/16 15:43:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/16 15:43:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/16 15:43:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/16 15:43:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/16 15:43:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/16 15:30:09 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\Desktop\RK_Quarantine [2013/06/16 13:41:41 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\Desktop\mbar-1.06.0.1003(1) [2013/06/13 20:22:54 | 000,000,000 | ---D | C] -- C:\found.011 [2013/06/13 16:27:16 | 000,000,000 | ---D | C] -- C:\found.010 [2013/06/13 10:55:15 | 000,000,000 | ---D | C] -- C:\366eab9c421c2d96fcef6e403a01ad [2013/06/13 10:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up [2013/06/13 10:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE [2013/06/12 20:06:49 | 000,000,000 | ---D | C] -- C:\c84656d8fdf2402e9d [2013/06/12 19:29:59 | 011,091,432 | ---- | C] (Microsoft Corporation) -- C:\Users\OfficeMax\Desktop\mseinstall.exe [2013/06/12 19:04:16 | 001,814,144 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\OfficeMax\Desktop\rkill.exe [2013/06/12 18:37:41 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Local\ElevatedDiagnostics [2013/06/12 14:50:33 | 000,000,000 | ---D | C] -- C:\found.009 [2013/06/12 14:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/12 14:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/06/12 13:13:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/12 13:13:19 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Roaming\Malwarebytes [2013/06/12 13:06:27 | 000,000,000 | ---D | C] -- C:\Quarantine [2013/06/11 14:32:45 | 000,101,112 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2013/06/11 14:32:45 | 000,042,864 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013/06/08 22:06:26 | 000,000,000 | ---D | C] -- C:\63f496ee69557e4f173fcefa [2013/06/08 21:49:53 | 000,000,000 | ---D | C] -- C:\f2ea61c736c459e4aad923 [2013/06/08 18:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/06/08 18:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/08 18:49:31 | 000,000,000 | ---D | C] -- C:\mbar-1.06.0.1003 [2013/06/08 06:11:56 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013/06/07 22:15:25 | 000,000,000 | ---D | C] -- C:\Users\OfficeMax\AppData\Local\{3DC96C1F-2044-4286-89AB-5CA5183F11DD} [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/06/17 07:17:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/17 07:17:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/17 07:15:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000UA.job [2013/06/17 06:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/17 04:48:42 | 000,398,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/06/17 03:05:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/06/16 21:20:08 | 000,000,512 | ---- | M] () -- C:\Users\OfficeMax\Desktop\MBR.dat [2013/06/16 19:10:45 | 000,001,692 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/06/16 17:46:23 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys [2013/06/16 17:38:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/06/16 16:15:11 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-894241628-2637172068-3778301761-1000Core.job [2013/06/16 15:39:36 | 000,048,966 | ---- | M] () -- C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm [2013/06/16 13:32:50 | 000,001,356 | ---- | M] () -- C:\Users\OfficeMax\AppData\Local\d3d9caps.dat [2013/06/16 10:01:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/06/16 10:01:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2013/06/16 09:06:34 | 001,553,028 | ---- | M] () -- C:\Users\OfficeMax\Documents\cc_20130616_090607.reg [2013/06/13 11:16:54 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/06/12 19:32:30 | 011,091,432 | ---- | M] (Microsoft Corporation) -- C:\Users\OfficeMax\Desktop\mseinstall.exe [2013/06/12 19:05:52 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\OfficeMax\Desktop\rkill.exe [2013/06/12 14:13:04 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/12 07:19:09 | 000,163,840 | ---- | M] () -- C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/11 14:32:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat [2013/06/09 20:03:43 | 000,605,838 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/09 20:03:43 | 000,004,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/08 18:47:42 | 013,169,742 | ---- | M] () -- C:\mbar-1.06.0.1003.zip [2013/06/07 22:32:57 | 000,000,344 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/06/17 03:02:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/06/17 03:02:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/06/16 21:20:07 | 000,000,512 | ---- | C] () -- C:\Users\OfficeMax\Desktop\MBR.dat [2013/06/16 19:10:45 | 000,001,692 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/06/16 17:46:23 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys [2013/06/16 15:43:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/16 15:43:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/16 15:43:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/16 15:43:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/16 15:43:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/16 15:39:35 | 000,048,966 | ---- | C] () -- C:\Users\OfficeMax\Desktop\Remove Trojan ZeroAccess virus (Removal Guide).htm [2013/06/16 10:01:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2013/06/16 10:01:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2013/06/16 09:06:10 | 001,553,028 | ---- | C] () -- C:\Users\OfficeMax\Documents\cc_20130616_090607.reg [2013/06/13 10:37:09 | 000,002,377 | ---- | C] () -- C:\Users\OfficeMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk [2013/06/12 14:13:04 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/11 14:32:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat [2013/06/08 18:38:24 | 013,169,742 | ---- | C] () -- C:\mbar-1.06.0.1003.zip [2012/08/22 20:30:53 | 000,241,469 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\census.cache [2012/08/22 20:30:46 | 000,224,812 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\ars.cache [2012/08/22 19:45:40 | 000,000,036 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\housecall.guid.cache [2012/03/23 18:55:09 | 000,000,414 | ---- | C] () -- C:\Windows\videoimp.ini [2012/03/23 18:54:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011/12/27 15:21:28 | 000,006,680 | -HS- | C] () -- C:\Users\OfficeMax\AppData\Local\8b34281714uia161 [2010/01/09 17:54:06 | 000,001,356 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\d3d9caps.dat [2009/04/01 22:03:46 | 000,024,206 | ---- | C] () -- C:\Users\OfficeMax\AppData\Roaming\UserTile.png [2009/01/21 20:13:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008/07/07 11:14:52 | 000,163,840 | ---- | C] () -- C:\Users\OfficeMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011/11/08 08:58:27 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\com.skinkers.aa [2013/01/26 17:59:18 | 000,000,000 | -HSD | M] -- C:\Users\OfficeMax\AppData\Roaming\F273EF [2009/05/29 19:30:23 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\MSNInstaller [2011/08/16 09:05:01 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\ooVoo Details [2009/04/01 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\PeerNetworking [2012/08/22 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\OfficeMax\AppData\Roaming\QuickScan [color=#E56717]========== Purity Check ==========[/color] < End of report > OTL Extras logfile created on: 6/17/2013 7:26:29 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OfficeMax\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.91% Memory free 6.18 Gb Paging File | 5.19 Gb Available in Paging File | 84.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.19 Gb Total Space | 152.25 Gb Free Space | 68.83% Space Free | Partition Type: NTFS Drive D: | 11.69 Gb Total Space | 2.02 Gb Free Space | 17.31% Space Free | Partition Type: NTFS Computer Name: LATANYA | User Name: OfficeMax | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-894241628-2637172068-3778301761-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 1 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1181E337-7E59-4D08-8E08-0ECA709964A0}" = lport=445 | protocol=6 | dir=in | app=system | "{1BAD86B2-26DC-46FE-8C72-FE38E429B363}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2F207C39-9FB9-4C4F-897D-7FA2B25DCD33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{38319A49-449D-440E-BB4C-7D85942EBE6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{3ED54936-0FB1-47E3-9D5D-EB65190F2DEE}" = rport=138 | protocol=17 | dir=out | app=system | "{4CBE5B32-79D0-4950-A083-D167FCFDE003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{531FB710-6B05-47CE-8A63-5585013586B2}" = rport=137 | protocol=17 | dir=out | app=system | "{58406D3C-2E44-415F-B983-BEFA9BCA8A61}" = lport=137 | protocol=17 | dir=in | app=system | "{676DD5F8-F2F9-4BDF-AF90-D39CD9636818}" = rport=139 | protocol=6 | dir=out | app=system | "{73472542-B843-4705-9A7A-A8B00061F6B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7F8CA566-65EF-4BAE-A617-497D97B7A65A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{80CD9F8E-CD35-49D7-A9AA-223CBFBD4455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8F125284-834E-4382-A2E1-7216E77BA6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AAF40E08-F3D4-44AC-9791-357F83662390}" = rport=445 | protocol=6 | dir=out | app=system | "{BCCF9D0E-55B3-407C-974A-157801028145}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C62E848D-407E-4ECA-9DAF-46F36E1CC164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C853D7B8-161C-456B-A232-4DF405A3AD93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CAB028B3-19AD-462C-B987-2EE2CBCB2267}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D362D0AF-7E07-40A0-8F2A-5236690982C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D7B89B91-C4D7-4C7B-BEB7-D5AF93CEF1BE}" = lport=138 | protocol=17 | dir=in | app=system | "{F31B0248-F87C-4168-8B14-0EF920580FB4}" = lport=139 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0788F9F7-0E81-4887-BC3E-3048A8656259}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{0B991D50-D561-48F4-92EF-4D9C6B8BC93D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{12CACB3B-2109-4879-A82C-982F687C887C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1E366874-B5ED-4432-8F99-F5E476AD3390}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{265C16D2-8A94-44E2-ADAC-36918A61DF83}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{44168324-1F9B-4D8E-A77F-35F27DFED392}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4D9BA8BA-CCA5-404E-AEA3-E31A8ECB2323}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{5A596E28-6614-4F90-8797-60691A24DFAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5B9C4872-E7D4-43F1-9426-D8BF4964DA11}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{750F4831-CFD0-48EB-966A-31F4D4A6793B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7BD09183-0731-4DBB-8FB2-9675F22DFDDD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{81D8D5B2-4F1A-43D0-8D06-27A98C00A3F5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{846EE797-C717-4137-81A8-25994C470209}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{84F72002-3380-4D5B-8919-B7FEC98074F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8B21D88A-0353-4977-8BCB-6A93100BDBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{979E409E-BDBF-4968-BBB6-C0E0E2C86B9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{A91C4F27-BD6C-4674-8847-A68274199BD1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{BC7268E3-FC25-4ED3-84AA-2A780758C21E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{BE633EB7-A30E-4995-9363-7D4D4E18BC94}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{BF17B15C-3660-4BCE-B56A-1D1EE78697AC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{C4149861-BEE5-47ED-A45C-2498E1BC7C80}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C43B89FB-672D-414B-AA5E-5A4CAB9028B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C70C81B6-741E-4062-853B-163C7421C703}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CD52968A-5E2C-477F-9D1A-B0F2E2DF3423}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{D29210D3-840F-407B-BD2E-54CB26C13E32}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{D5FBDF57-0801-4DB4-A9A7-89D36E454DC9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{EA4F7060-DEE2-47DA-9596-44EE1317458E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{22BCF455-3CF3-48F2-9346-819D6A436021}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{809A7C10-F37E-4AEC-8BBA-551A6DC6A754}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{B48CE55C-F129-4849-A8DE-77062A1E0585}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D27DCD70-952F-4BAD-9B54-00FD7D1 [/QUOTE]
Insert quotes…
Verification
Post reply
Top