Hijacked Permissions

**diver79** · 2012-07-02, 21:43

Hi rayben,

The fix looks to have ran successfully. You still need to run the OTL scan though, see instructions below.

OTL Scan

Right click on OTL.exe and select Run as Administrator to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt, please post the contents of this in your next reply.

**rayben** · 2012-07-04, 15:04

I certainly appreciate the help you guys are giving me.

**rayben** · 2012-07-04, 15:31

The text was too long so I attached the .txt file. Hope this works

**diver79** · 2012-07-04, 16:09

Hi rayben,

I cannot see any file attached. You can split it in two posts if you prefer.

thanks,

diver79.

**rayben** · 2012-07-04, 16:42

first half:
OTL logfile created on: 7/4/2012 8:10:50 AM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\rayh\Desktop\12Fix
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.57 Gb Available Physical Memory | 76.37% Memory free
11.98 Gb Paging File | 9.61 Gb Available in Paging File | 80.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 292.19 Gb Free Space | 64.78% Space Free | Partition Type: NTFS

Computer Name: ROVER | User Name: rayh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\rayh\Desktop\12Fix\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
PRC - C:\Users\rayh\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
PRC - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
MOD - C:\Windows\SysWOW64\FAib.dll ()
MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Updater Service for StartNow Toolbar) -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (FAService) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbser2_000.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbser_000.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBCDFIL64) -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys (Novatel Wireless Inc.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV - (NPF) -- C:\Windows\SysWOW64\drivers\npf.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E72CE22E-CBC4-4E94-9CDF-1E324C8022EA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{B21BE76F-A23C-400A-8B6B-C60BA6E653E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=sE2QTTauRlWmGBbfmVE1eP4bc60?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {f29557fd-78aa-40e6-aba8-9fa219764018}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/24 11:15:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/27 11:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 09:25:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 18:10:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/20 08:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 09:25:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 18:10:52 | 000,000,000 | ---D | M]

[2012/06/30 17:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rayh\AppData\Roaming\mozilla\Extensions
[2009/12/17 17:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rayh\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/17 11:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rayh\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/01/05 08:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rayh\AppData\Roaming\mozilla\Extensions\express@postbox-inc.com
[2012/07/01 15:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions
[2012/05/30 16:12:03 | 000,000,000 | ---D | M] (Radio TV 1 Community Toolbar) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions\{f29557fd-78aa-40e6-aba8-9fa219764018}
[2012/04/16 01:00:03 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions\DeviceDetection@logitech.com
[2011/03/25 21:37:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions\engine@conduit.com
[2012/06/30 17:20:43 | 000,002,519 | ---- | M] () -- C:\Users\rayh\AppData\Roaming\Mozilla\Firefox\Profiles\g28w0g6h.default\searchplugins\Search_Results.xml
[2012/06/30 17:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/21 09:25:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/27 11:17:40 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/06/21 09:25:59 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/21 07:03:17 | 000,119,808 | ---- | M] (Google) -- C:\Program Files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2012/03/08 08:19:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/26 10:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2012/02/24 11:15:47 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll
[2010/10/22 14:52:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2010/10/22 14:52:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2010/10/22 14:52:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2010/10/22 14:52:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2010/10/22 14:52:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2010/10/22 14:52:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2010/10/22 14:52:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2012/02/24 11:16:14 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll
[2012/02/24 11:15:42 | 000,108,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/21 09:25:56 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2010/09/10 13:30:35 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2012/06/21 09:25:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/09/10 13:30:35 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2012/06/21 09:25:56 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/06/21 09:25:56 | 000,003,413 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/06/21 07:03:18 | 000,002,020 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
[2012/06/30 17:20:43 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/21 09:25:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/21 09:25:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/06/21 09:25:56 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

**rayben** · 2012-07-04, 16:43

second half:

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627105239.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627105239.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EPSON Artisan 800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE /FU "C:\Windows\TEMP\E_S5DF9.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\rayh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\rayh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Users\rayh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\rayh\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DD2B760-E19D-433A-93D3-68522227ED5C}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435AF2F4-71DB-4D6F-A61D-6E0FDAC7F2E4}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1f279339-99e3-11e0-9c2b-c594540598f9}\Shell - "" = AutoRun
O33 - MountPoints2\{1f279339-99e3-11e0-9c2b-c594540598f9}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{9e44fdd2-ea8c-11de-80d1-0026b913bc1d}\Shell - "" = AutoRun
O33 - MountPoints2\{9e44fdd2-ea8c-11de-80d1-0026b913bc1d}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{9e44fddc-ea8c-11de-80d1-0026b913bc1d}\Shell - "" = AutoRun
O33 - MountPoints2\{9e44fddc-ea8c-11de-80d1-0026b913bc1d}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 05:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/01 09:20:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/01 08:51:02 | 000,000,000 | ---D | C] -- C:\Users\rayh\Desktop\12Fix
[2012/06/30 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\rayh\AppData\Local\jZip
[2012/06/30 17:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/06/30 17:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2012/06/30 17:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2012/06/30 14:45:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/30 14:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/30 14:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/26 15:23:36 | 000,000,000 | ---D | C] -- C:\Users\rayh\Tracing
[2012/06/23 15:09:53 | 000,000,000 | ---D | C] -- C:\Users\rayh\AppData\Local\Macromedia
[2012/06/20 15:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/20 15:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/20 15:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/19 06:24:08 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/19 06:24:08 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/19 06:24:08 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/19 06:23:51 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/19 06:23:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/19 06:23:51 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/19 06:23:41 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/19 06:23:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/13 10:52:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/13 10:52:33 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 10:52:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 10:52:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 10:52:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 10:52:21 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 10:52:19 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 10:52:12 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 10:52:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 10:52:02 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 10:52:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 10:51:05 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 10:51:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 10:51:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 10:50:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 10:50:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 10:50:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 10:50:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 10:50:47 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

========== Files - Modified Within 30 Days ==========

[2012/07/04 07:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/04 07:55:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 05:41:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 05:17:00 | 000,000,366 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/07/04 05:13:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 05:13:03 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 05:05:34 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 05:05:20 | 527,831,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 15:30:55 | 000,792,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/01 15:30:55 | 000,671,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/01 15:30:55 | 000,124,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/30 17:21:17 | 000,000,126 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2012/06/30 17:21:16 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/06/30 15:00:02 | 000,007,648 | ---- | M] () -- C:\Users\rayh\AppData\Local\Resmon.ResmonCfg
[2012/06/30 14:44:09 | 000,000,926 | ---- | M] () -- C:\Users\rayh\Desktop\NTREGOPT.lnk
[2012/06/30 14:44:09 | 000,000,907 | ---- | M] () -- C:\Users\rayh\Desktop\ERUNT.lnk
[2012/06/26 11:04:30 | 000,001,968 | ---- | M] () -- C:\Users\rayh\Application Data\Microsoft\Internet Explorer\Quick Launch\Postbox.lnk
[2012/06/26 09:06:19 | 000,012,318 | ---- | M] () -- C:\Users\rayh\Desktop\10415 Schaper Rd Satellite Television Dish and deck.eml
[2012/06/23 15:25:22 | 000,001,314 | ---- | M] () -- C:\Users\rayh\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/23 15:25:22 | 000,001,290 | ---- | M] () -- C:\Users\rayh\Desktop\Spybot - Search & Destroy.lnk
[2012/06/23 14:59:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 14:59:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/13 11:24:32 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/30 17:21:17 | 000,000,126 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2012/06/30 17:21:16 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2012/06/30 14:44:09 | 000,000,926 | ---- | C] () -- C:\Users\rayh\Desktop\NTREGOPT.lnk
[2012/06/30 14:44:09 | 000,000,907 | ---- | C] () -- C:\Users\rayh\Desktop\ERUNT.lnk
[2012/06/26 09:06:18 | 000,012,318 | ---- | C] () -- C:\Users\rayh\Desktop\10415 Schaper Rd Satellite Television Dish and deck.eml
[2012/06/20 15:31:02 | 000,001,314 | ---- | C] () -- C:\Users\rayh\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/20 15:31:02 | 000,001,290 | ---- | C] () -- C:\Users\rayh\Desktop\Spybot - Search & Destroy.lnk
[2012/02/16 17:29:03 | 000,007,648 | ---- | C] () -- C:\Users\rayh\AppData\Local\Resmon.ResmonCfg
[2011/09/08 20:02:00 | 000,072,080 | ---- | C] () -- C:\Users\rayh\g2mdlhlpx.exe
[2011/08/30 19:54:19 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/07/25 12:23:48 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/07/25 12:23:48 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/07/25 12:23:48 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/07/25 12:23:48 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/07/25 12:23:48 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/07/25 12:23:48 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/07/25 12:23:48 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/07/25 12:23:48 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/07/25 12:23:48 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/07/25 12:23:48 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/07/25 12:23:48 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/07/25 12:23:48 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/07/25 12:23:48 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/07/25 12:23:48 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/07/25 12:23:48 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/07/25 12:23:48 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/07/25 11:55:09 | 000,000,044 | ---- | C] () -- C:\Windows\EPART800.ini
[2011/06/27 15:11:44 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/22 07:10:09 | 000,267,688 | ---- | C] () -- C:\Users\rayh\Galveston County 2010 Census Info.pdf
[2010/12/03 16:45:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/01 01:51:28 | 000,000,000 | ---- | C] () -- C:\Users\rayh\AppData\Local\rx_image32.Cache
[2010/01/16 11:04:25 | 000,061,224 | ---- | C] () -- C:\Users\rayh\GoToAssistDownloadHelper.exe
[2009/12/16 21:32:22 | 000,009,312 | ---- | C] () -- C:\Users\rayh\AppData\Roaming\Comma Separated Values (Windows).EML
[2009/12/16 21:25:19 | 000,024,986 | ---- | C] () -- C:\Users\rayh\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/12/16 17:03:15 | 000,002,164 | ---- | C] () -- C:\Users\rayh\AppData\Roaming\install.dat
[2009/10/19 11:59:03 | 001,110,015 | ---- | C] () -- C:\Users\rayh\Kinkos Scan.pdf

========== LOP Check ==========

[2009/12/21 07:47:57 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Absolute
[2011/04/10 12:30:37 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Barnes & Noble
[2011/09/07 12:36:59 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\calibre
[2011/09/05 08:07:51 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Dropbox
[2011/09/26 13:47:42 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Epson
[2010/10/22 14:56:18 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\iShell
[2011/07/25 14:09:32 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Leadertech
[2012/01/05 08:25:58 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Opera
[2012/01/05 08:43:44 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Postbox
[2010/09/22 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Smith Micro
[2009/12/17 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Thunderbird
[2009/12/16 17:38:29 | 000,000,000 | ---D | M] -- C:\Users\rayh\AppData\Roaming\Windows Live Writer
[2012/05/07 06:22:54 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 980 bytes -> C:\Users\rayh\Desktop\Fwd FW The microflora of the gut plays a role in obesity.eml:OECustomProperty
@Alternate Data Stream - 809 bytes -> C:\Users\rayh\Desktop\Nook Color VS Kindle.eml:OECustomProperty
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:C0789917
@Alternate Data Stream - 143 bytes -> C:\Users\rayh\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 1034 bytes -> C:\Users\rayh\Desktop\10415 Schaper Rd Satellite Television Dish and deck.eml:OECustomProperty

< End of report >

**diver79** · 2012-07-05, 00:28

Hi rayben,

Looks like you have teatimer running, it may interfere with our fixes. Please disable it using the instructions in this post.

Create a System Restore Point

Right-click on the Computer icon and select Properties.
In the left pane under Tasks ... click on System protection.
If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
Select the System Protection tab ...then choose Create.
In the System Restore dialog box, type a description for the restore point ... click Create, again.
A window will pop up with "The Restore Point was created successfully" confirmation message.
Click OK ...then close the System Restore dialog.

Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Run OTL Script
We need to run an OTL Fix

Right click OTL.exe and select Run as Administrator to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code:

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E72CE22E-CBC4-4E94-9CDF-1E324C8022EA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{B21BE76F-A23C-400A-8B6B-C60BA6E653E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=sE2QTTauRlWmGBbfmVE1eP4bc60?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {f29557fd-78aa-40e6-aba8-9fa219764018}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q="
[2012/05/30 16:12:03 | 000,000,000 | ---D | M] (Radio TV 1 Community Toolbar) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions\{f29557fd-78aa-40e6-aba8-9fa219764018}
[2011/03/25 21:37:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions\engine@conduit.com
[2012/06/30 17:20:43 | 000,002,519 | ---- | M] () -- C:\Users\rayh\AppData\Roaming\Mozilla\Firefox\Profiles\g28w0g6h.default\searchplugins\Search_Results.xml
[2012/06/30 17:20:43 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O33 - MountPoints2\{1f279339-99e3-11e0-9c2b-c594540598f9}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{9e44fdd2-ea8c-11de-80d1-0026b913bc1d}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{9e44fddc-ea8c-11de-80d1-0026b913bc1d}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
[2012/06/26 09:06:19 | 000,012,318 | ---- | M] () -- C:\Users\rayh\Desktop\10415 Schaper Rd Satellite Television Dish and deck.eml
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:C0789917
:services
Updater Service for StartNow Toolbar
:reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72518D9D-37A1-4AAC-AFCC-D9CFD226491F}]
"AppPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
:files
C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg
C:\Program Files (x86)\StartNow Toolbar
C:\Users\Alex\AppData\LocalLow\Bandoo
C:\Users\Alex\AppData\Roaming\Bandoo
C:\Users\Alex\AppData\LocalLow\DataMngr
:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
The log can also be found here:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

**rayben** · 2012-07-05, 15:46

Hello
It looks like I can't disable teatimer because I lack administrator rights according to the little dialog box I get when I try according to instructions in post.

**diver79** · 2012-07-05, 15:57

Try running spybot as adminiatrator. Right click on the spybot icon and then select Run as Administrator. You should be able to disable teatimer now.

**rayben** · 2012-07-05, 18:18

Originally Posted by diver79

Hi rayben,

Looks like you have teatimer running, it may interfere with our fixes. Please disable it using the instructions in this post.

Create a System Restore Point

Right-click on the Computer icon and select Properties.
In the left pane under Tasks ... click on System protection.
If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
Select the System Protection tab ...then choose Create.
In the System Restore dialog box, type a description for the restore point ... click Create, again.
A window will pop up with "The Restore Point was created successfully" confirmation message.
Click OK ...then close the System Restore dialog.

Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Run OTL Script
We need to run an OTL Fix

Right click OTL.exe and select Run as Administrator to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code:

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E72CE22E-CBC4-4E94-9CDF-1E324C8022EA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{B21BE76F-A23C-400A-8B6B-C60BA6E653E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=sE2QTTauRlWmGBbfmVE1eP4bc60?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {f29557fd-78aa-40e6-aba8-9fa219764018}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q="
[2012/05/30 16:12:03 | 000,000,000 | ---D | M] (Radio TV 1 Community Toolbar) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions\{f29557fd-78aa-40e6-aba8-9fa219764018}
[2011/03/25 21:37:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\rayh\AppData\Roaming\mozilla\Firefox\Profiles\g28w0g6h.default\extensions\engine@conduit.com
[2012/06/30 17:20:43 | 000,002,519 | ---- | M] () -- C:\Users\rayh\AppData\Roaming\Mozilla\Firefox\Profiles\g28w0g6h.default\searchplugins\Search_Results.xml
[2012/06/30 17:20:43 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O33 - MountPoints2\{1f279339-99e3-11e0-9c2b-c594540598f9}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{9e44fdd2-ea8c-11de-80d1-0026b913bc1d}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{9e44fddc-ea8c-11de-80d1-0026b913bc1d}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
[2012/06/26 09:06:19 | 000,012,318 | ---- | M] () -- C:\Users\rayh\Desktop\10415 Schaper Rd Satellite Television Dish and deck.eml
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:C0789917
:services
Updater Service for StartNow Toolbar
:reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72518D9D-37A1-4AAC-AFCC-D9CFD226491F}]
"AppPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"=-
:files
C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg
C:\Program Files (x86)\StartNow Toolbar
C:\Users\Alex\AppData\LocalLow\Bandoo
C:\Users\Alex\AppData\Roaming\Bandoo
C:\Users\Alex\AppData\LocalLow\DataMngr
:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
The log can also be found here:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

2012/07/05 11:05:13 -0500 ROVER rayh MESSAGE Starting protection
2012/07/05 11:05:15 -0500 ROVER rayh MESSAGE Protection started successfully
2012/07/05 11:05:18 -0500 ROVER rayh MESSAGE Starting IP protection
2012/07/05 11:05:20 -0500 ROVER rayh MESSAGE IP Protection started successfully

Thread: Hijacked Permissions

Thread Tools

Display

OTL text attached

Posting Permissions