Solved ATAPI.sysfile corupted

DPI Graphics · 2013/03/11

Should the CFScript.txt file include "Code: "

broni · 2013/03/11

No....

DPI Graphics · 2013/03/11

OK here is the 2nd Combofix.txt

ComboFix 13-03-11.01 - Ed Day 03/11/2013 20:45:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.546 [GMT -7:00]
Running from: c:\documents and settings\Ed Day.DPI01\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ed Day.DPI01\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\ebkojubw.sys "
"c:\windows\system32\drivers\iggyuoae.sys "
"c:\windows\system32\drivers\ljbtsivs.sys "
"c:\windows\system32\drivers\tbrahajt.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ebkojubw
-------\Service_iggyuoae
-------\Service_ljbtsivs
-------\Service_tbrahajt
.
.
((((((((((((((((((((((((( Files Created from 2013-02-12 to 2013-03-12 )))))))))))))))))))))))))))))))
.
.
2013-03-12 01:41 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7935C5AC-1A3B-4CA0-8127-301E52811CE4}\mpengine.dll
2013-03-10 23:46 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-09 01:47 . 2013-03-09 01:47 -------- d-----w- c:\documents and settings\Ed Day.DPI01\Application Data\WindowsDatabase
2013-02-28 01:05 . 2013-02-28 01:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\RealNetworks
2013-02-28 01:04 . 2013-02-28 01:04 -------- d-----w- c:\program files\Real
2013-02-28 01:03 . 2013-02-28 01:03 153296 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-02-28 01:02 . 2013-02-28 01:02 124056 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 02:45 . 2012-04-09 22:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:45 . 2011-05-15 17:04 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-03-22 18:01 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2006-02-28 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16 . 2006-02-28 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2006-02-28 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2006-02-28 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 00:49 . 2012-08-21 07:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 04:10 . 2012-06-28 04:10 455 ----a-w- c:\program files\0627201221105734.bat
2004-03-11 20:27 . 2009-03-12 19:55 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2013-01-16 20:11 . 2013-02-03 01:03 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services "= "c:\documents and settings\Ed Day.DPI01\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"Akamai NetSession Interface "= "c:\documents and settings\Ed Day.DPI01\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adm_tray.exe "= "c:\program files\Acronis\DriveMonitor\adm_tray.exe" [2012-08-22 531664]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-22 365560]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent "= "c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"TkBellExe "= "e:\my documents\update\realsched.exe" [2013-02-28 295072]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Ed Day\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Ed Day.DPI01\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Walgreens PictureMover.lnk - c:\program files\Walgreens PictureMover\Bin\PictureMover.exe [2012-7-19 1031072]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ed Day.DPI01^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Ed Day.DPI01\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2012-08-22 04:59 365560 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-06-28 00:08 904776 ----a-w- c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe]
2012-08-22 04:57 531664 ----a-w- c:\program files\Acronis\DriveMonitor\adm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-04-27 23:39 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxBlastMonitor.exe]
2008-06-28 00:01 1325800 ----a-w- c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maxtor Scheduler2 Service]
2008-06-28 00:03 136472 ----a-w- c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-11-12 00:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 21:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 21:16 49152 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 21:16 741376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\Ed Day.DPI01\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc "=3 (0x3)
"wlidsvc "=2 (0x2)
"Symantec RemoteAssist "=3 (0x3)
"SeaPort "=2 (0x2)
"NVSvc "=2 (0x2)
"N360 "=2 (0x2)
"MaxSch2Svc "=2 (0x2)
"JavaQuickStarterService "=2 (0x2)
"Imapi Helper "=3 (0x3)
"idsvc "=3 (0x3)
"gusvc "=3 (0x3)
"gupdate "=2 (0x2)
"AcrSch2Svc "=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"e:\\FTP\\ftpcomm.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\iWin Games\\iWinGames.exe "=
"c:\\Program Files\\iWin Games\\WebUpdater.exe "=
"c:\\Program Files\\EMCO\\Malware Destroyer\\MalwareDestroyer.exe "=
"c:\\Documents and Settings\\Ed Day.DPI01\\Local Settings\\Application Data\\Akamai\\netsession_win.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe "=
"c:\\Program Files\\File Type Assistant\\tsassist.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP "= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP "= 3540:UDPeer Name Resolution Protocol (PNRP)
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"1074:TCP "= 1074:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 5:00 AM 14336]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 8:17 AM 176848]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [4/6/2010 3:58 PM 32840]
S3 ATICDSDr;ATICDSDr;c:\dell\drivers\R60303\TVTGAA01\BIN\atiicdxx.sys [4/7/2010 3:32 PM 5376]
S4 MaxSch2Svc;Maxtor Scheduler2 Service;c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe [6/27/2008 5:03 PM 431384]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - SASKUTIL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:45]
.
2013-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2010-08-16 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-13 18:43]
.
2011-10-31 c:\windows\Tasks\disketchShakeIcon.job
- c:\program files\NCH Software\Disketch\disketch.exe [2011-10-21 03:22]
.
2013-03-06 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-09-05 20:25]
.
2011-08-07 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2009-09-02 05:19]
.
2011-07-07 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-06-27 05:19]
.
2013-03-12 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-10-13 19:16]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 05:44]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 05:44]
.
2011-07-07 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-06-27 05:19]
.
2013-03-12 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2013-01-25 c:\windows\Tasks\photopadShakeIcon.job
- c:\program files\NCH Software\PhotoPad\photopad.exe [2009-07-23 03:21]
.
2012-07-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-01-27 03:00]
.
2013-02-07 c:\windows\Tasks\PixillionReminder.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2009-01-09 19:48]
.
2013-03-11 c:\windows\Tasks\ProgramRefresh-ATFST.job
- c:\program files\File Type Assistant\TSASetup.exe [2012-12-04 18:15]
.
2013-03-12 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2011-02-15 21:51]
.
2013-03-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1500820517-725345543-1002.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-03-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1500820517-725345543-1002.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2011-06-28 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2007-08-07 14:38]
.
2011-07-04 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2007-08-07 14:38]
.
2012-07-27 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-01-27 02:57]
.
2013-02-03 c:\windows\Tasks\WavePadDowngrade.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-07-14 19:42]
.
2013-02-15 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-07-14 19:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hei.net/
mStart Page = hxxp://my.yahoo.com/linksys
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Free YouTube Download - c:\documents and settings\Ed Day.DPI01\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Ed Day.DPI01\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN21275996939463174
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN21275996939463174
FF - prefs.js: browser.search.selectedEngine - MixiDJ Customized Web Search
FF - ExtSQL: 2013-02-02 13:37; freehdsport@freehdsport.tv; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2013-02-02 13:39; plugin@yontoo.com; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-02-02 18:07; ffxtlbr@delta.com; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2012-08-21 22:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-11-21 19:12; 39ffxtbr@MapsGalaxy_39.com; c:\program files\MapsGalaxy_39\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-11-21 19:12; 4jffxtbr@RadioRage_4j.com; c:\program files\RadioRage_4j\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-02 18:09; statuswinks@StatusWinks; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Extensions\statuswinks@StatusWinks
FF - ExtSQL: !HIDDEN! 2013-02-15 10:34; {8fd9fd58-dafd-4930-9eca-13c240a96da9}; c:\documents and settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{8fd9fd58-dafd-4930-9eca-13c240a96da9}.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 70f2e03500000000000000a0ccd5827a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15739
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:07
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-11 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll "= "c:\program files\common files\akamai/netsession_win_ce5ba24.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(652)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2013-03-11 21:08:19 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-12 04:08
ComboFix2.txt 2013-03-12 01:35
.
Pre-Run: 141,832,527,872 bytes free
Post-Run: 141,759,279,104 bytes free
.
- - End Of File - - 4769149AFACDC0119F79372FC9E03123

broni · 2013/03/11

Looks good.

How is computer doing?

================================

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:
/md5start
atapi.sys
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

DPI Graphics · 2013/03/12

no blue screens yet today. I have a meeting to go to so I wont be able to run these steps until after 8:00PM PDT tonight. Thanks so much for your help so far. DPI.

broni · 2013/03/12

DPI Graphics · 2013/03/13

Here ids the AdwCleaner.text report.

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 22:25:17
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ed Day - DPI01
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ed Day.DPI01\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\~0
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Playbryte

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2642697
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\Software\Playbryte

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[S1].txt - [5567 octets] - [12/03/2013 22:25:17]

########## EOF - C:\AdwCleaner[S1].txt - [5627 octets] ##########

DPI Graphics · 2013/03/13

Here is JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Microsoft Windows XP x86
Ran by Ed Day on Tue 03/12/2013 at 22:45:21.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Application Data\babylon "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Application Data\dvdvideosoftiehelpers "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Application Data\iwin "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Application Data\opencandy "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Application Data\searchquband "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Application Data\systweak "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\appdata\locallow\datamngr "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\conduit "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\ilivid "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\ilivid player "
Successfully deleted: [Folder] "C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\visi_coupon "
Successfully deleted: [Folder] "C:\Program Files\driver-soft "
Successfully deleted: [Folder] "C:\Program Files\mapsgalaxy_39 "
Successfully deleted: [Folder] "C:\Program Files\registry mechanic "
Successfully deleted: [Folder] "C:\Program Files\speeditup free "
Successfully deleted: [Folder] "C:\Program Files\w3i "
Successfully deleted: [Folder] "C:\WINDOWS\buzzsocialpointschecker "

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\zkcudnwxxo@zkcudnwxxo.org.xpi [Tracur]
Successfully deleted: [File] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\searchplugins\delta.xml
Successfully deleted: [Folder] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\39ffxtbr@MapsGalaxy_39.com
Successfully deleted: [Folder] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\crossriderapp12749@crossrider.com
Successfully deleted: [Folder] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\crossriderapp5060@crossrider.com
Successfully deleted: [Folder] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\playbryte@playbryte.com
Successfully deleted: [Folder] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\staged
Successfully deleted: [Folder] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Folder] C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\39ffxtbr@mapsgalaxy_39.com
Successfully deleted the following from C:\Documents and Settings\Ed Day.DPI01\Application Data\mozilla\firefox\profiles\z8mwqjrs.default\prefs.js

user_pref( "CT2269050.AboutPrivacyUrl ", "hxxp://www.conduit.com/privacy/Default.aspx ");
user_pref( "CT2269050.CTID ", "CT2269050 ");
user_pref( "CT2269050.CurrentServerDate ", "14-1-2012 ");
user_pref( "CT2269050.DialogsAlignMode ", "LTR ");
user_pref( "CT2269050.DownloadReferralCookieData ", " ");
user_pref( "CT2269050.EMailNotifierPollDate ", "Fri Jan 13 2012 22:15:01 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.FirstServerDate ", "10-10-2010 ");
user_pref( "CT2269050.FirstTime ", true);
user_pref( "CT2269050.FirstTimeFF3 ", true);
user_pref( "CT2269050.FirstTimeSettingsDone ", true);
user_pref( "CT2269050.FixPageNotFoundErrors ", true);
user_pref( "CT2269050.GroupingServerCheckInterval ", 1440);
user_pref( "CT2269050.GroupingServiceUrl ", "hxxp://grouping.services.conduit.com/ ");
user_pref( "CT2269050.Initialize ", true);
user_pref( "CT2269050.InitializeCommonPrefs ", true);
user_pref( "CT2269050.InstallationAndCookieDataSentCount ", 3);
user_pref( "CT2269050.InstalledDate ", "Sat Oct 09 2010 23:32:05 GMT-0700 (Pacific Daylight Time) ");
user_pref( "CT2269050.InvalidateCache ", false);
user_pref( "CT2269050.IsGrouping ", false);
user_pref( "CT2269050.IsMulticommunity ", false);
user_pref( "CT2269050.IsOpenThankYouPage ", false);
user_pref( "CT2269050.IsOpenUninstallPage ", false);
user_pref( "CT2269050.LanguagePackLastCheckTime ", "Fri Jan 13 2012 22:10:01 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.LanguagePackReloadIntervalMM ", 1440);
user_pref( "CT2269050.LanguagePackServiceUrl ", "hxxp://translation.users.conduit.com/Translation.ashx ");
user_pref( "CT2269050.LastLogin_2.5.8.6 ", "Sat Dec 18 2010 19:11:05 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.LastLogin_2.7.2.0 ", "Fri Jan 13 2012 22:09:59 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.LatestVersion ", "3.9.0.3 ");
user_pref( "CT2269050.Locale ", "en ");
user_pref( "CT2269050.LoginCache ", 4);
user_pref( "CT2269050.MCDetectTooltipHeight ", "83 ");
user_pref( "CT2269050.MCDetectTooltipUrl ", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 ");
user_pref( "CT2269050.MCDetectTooltipWidth ", "295 ");
user_pref( "CT2269050.RadioIsPodcast ", false);
user_pref( "CT2269050.RadioLastCheckTime ", "Fri Jan 13 2012 22:10:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.RadioLastUpdateIPServer ", "3 ");
user_pref( "CT2269050.RadioLastUpdateServer ", "129132338014870000 ");
user_pref( "CT2269050.RadioMediaID ", "12473383 ");
user_pref( "CT2269050.RadioMediaType ", "Media Player ");
user_pref( "CT2269050.RadioMenuSelectedID ", "EBRadioMenu_CT226905012473383 ");
user_pref( "CT2269050.RadioStationName ", "Hotmix%20108 ");
user_pref( "CT2269050.RadioStationURL ", "hxxp://67.202.67.18:8082 ");
user_pref( "CT2269050.SHRINK_TOOLBAR ", 1);
user_pref( "CT2269050.SavedHomepage ", "resource:/browserconfig.properties ");
user_pref( "CT2269050.SearchEngine ", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1 ");
user_pref( "CT2269050.SearchFromAddressBarIsInit ", true);
user_pref( "CT2269050.SearchFromAddressBarUrl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q= ");
user_pref( "CT2269050.SearchInNewTabEnabled ", true);
user_pref( "CT2269050.SearchInNewTabIntervalMM ", 1440);
user_pref( "CT2269050.SearchInNewTabLastCheckTime ", "Fri Jan 13 2012 22:09:58 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.SearchInNewTabServiceUrl ", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID ");
user_pref( "CT2269050.SearchInNewTabUsageUrl ", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID ");
user_pref( "CT2269050.SettingsCheckIntervalMin ", 120);
user_pref( "CT2269050.SettingsLastCheckTime ", "Fri Jan 13 2012 22:09:58 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.SettingsLastUpdate ", "1326027942 ");
user_pref( "CT2269050.ThirdPartyComponentsInterval ", 504);
user_pref( "CT2269050.ThirdPartyComponentsLastCheck ", "Fri Jan 13 2012 22:09:58 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.ThirdPartyComponentsLastUpdate ", "1312887586 ");
user_pref( "CT2269050.TrusteLinkUrl ", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID ");
user_pref( "CT2269050.UserID ", "UN96318987626271769 ");
user_pref( "CT2269050.ValidationData_Search ", 0);
user_pref( "CT2269050.ValidationData_Toolbar ", 2);
user_pref( "CT2269050.WeatherNetwork ", " ");
user_pref( "CT2269050.WeatherPollDate ", "Fri Jan 13 2012 22:10:01 GMT-0800 (Pacific Standard Time) ");
user_pref( "CT2269050.WeatherUnit ", "C ");
user_pref( "CT2269050.alertChannelId ", "666138 ");
user_pref( "CT2269050.backendstorage./9b+7e+x305 ", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B
user_pref( "CT2269050.backendstorage./9b+7e,x305 ", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref( "CT2269050.backendstorage./9b+7e-x305 ", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref( "CT2269050.backendstorage./9b+7e.:2z527 ", "247E716B7374443A384336423C3C204A4A2F77317B232225362D382A5A4C4B59564D345E5E432C45303638354A414C3B5B6F665E6E62626E68684C7676
user_pref( "CT2269050.backendstorage./9b+7e.x305 ", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref( "CT2269050.backendstorage./9b+7e/x305 ", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref( "CT2269050.backendstorage./9b+7e06cg5el8: ", "6E6D706A6D6E6C757170 ");
user_pref( "CT2269050.backendstorage./9b+7e06cg5el;8i:k ", "247E2D2F226A747376707374727B7776242F4B49474F42357D5D5C3D ");
user_pref( "CT2269050.backendstorage./9b+7e0x305 ", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref( "CT2269050.backendstorage./9b+7e1x305 ", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref( "CT2269050.backendstorage./9b+7e2x305 ", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref( "CT2269050.backendstorage./9b+7e31;cjhb>f!lad ", "247E61393F236B2573737929202B6D404E434C317933534D49512C574C4F3C333E214D49535F442D4631483F4A2D595A634F385140534A556266
user_pref( "CT2269050.backendstorage./9b+7e3x305 ", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref( "CT2269050.backendstorage./9b+7e4x305 ", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref( "CT2269050.backendstorage./9b+7e5x305 ", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref( "CT2269050.backendstorage./9b+7e6x305 ", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref( "CT2269050.backendstorage./9b+7e7x305 ", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745544646494D50315C5154412A4333323131483F4A5E5E5C5B68706E726762676264756B6C6A
user_pref( "CT2269050.backendstorage./9b+7e8x305 ", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref( "CT2269050.backendstorage./9b+7e9x305 ", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref( "CT2269050.backendstorage./9b+7e:x305 ", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref( "CT2269050.backendstorage./9b+7e;x305 ", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref( "CT2269050.backendstorage./9b+7e<x305 ", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref( "CT2269050.backendstorage./9b+7e=x305 ", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref( "CT2269050.backendstorage./9b+7e>x305 ", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref( "CT2269050.backendstorage./9b+7e?x305 ", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref( "CT2269050.backendstorage./9b+7e@x305 ", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref( "CT2269050.backendstorage./9b+7eax305 ", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref( "CT2269050.backendstorage./9b+7ebe3g=;d9n9=d ", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57 ");
user_pref( "CT2269050.backendstorage./9b+7ebx305 ", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref( "CT2269050.backendstorage./9b+7ecx305 ", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref( "CT2269050.backendstorage./9b+7edx305 ", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref( "CT2269050.backendstorage./9b+7etx305 ", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F
user_pref( "CT2269050.backendstorage./9b-0?3g>d ", "666F6C6B3D7174427A44487A4A204A79207C25797A7C532A7E28245926595C2A2C5B5E32 ");
user_pref( "CT2269050.backendstorage./9b-0?3g@6:5; ", " ");
user_pref( "CT2269050.backendstorage./9b-0?3gfa7ef ", "2B2E2C3D ");
user_pref( "CT2269050.backendstorage./9b-3=3eccja=f> ", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059 ");
user_pref( "CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm ", "6E6A68707374757677 ");
user_pref( "CT2269050.backendstorage./9b3=>@44i48? ", "372C2D326975763342363341484778213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750 ");
user_pref( "CT2269050.backendstorage./9b5ba==9cjag ", "6E68686A6B6E426D7A6F747745757A4B4E77505151 ");
user_pref( "CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p ", "6E6D706A6D6E6C756E75757676 ");
user_pref( "CT2269050.backendstorage./9b9643g3/9e ", "6A ");
user_pref( "CT2269050.backendstorage./9b<:222h64< ", "393F352F3E ");
user_pref( "CT2269050.backendstorage./9b=+03eh8h8j?: ", "4443 ");
user_pref( "CT2269050.backendstorage./9b?+e2a52d8 ", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52 ");
user_pref( "CT2269050.backendstorage./9b?b0d:8aj62<h ", "6D ");
user_pref( "CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l? ", "6E6B ");
user_pref( "CT2269050.backendstorage.autocompletepro_enable ", "31 ");
user_pref( "CT2269050.backendstorage.autocompletepro_enable_auto ", "31 ");
user_pref( "CT2269050.backendstorage.cbfirsttime ", "467269204A616E20313320323031322032323A31303A303620474D542D30383030202850616369666963205374616E646172642054696D6529 ");
user_pref( "CT2269050.backendstorage.shoppingapp.gk.exipres ", "576564204A616E20313820323031322032323A31303A303320474D542D30383030202850616369666963205374616E646172642054696D652
user_pref( "CT2269050.backendstorage.shoppingapp.gk.geolocation ", "756E6974656420737461746573 ");
user_pref( "CT2269050.backendstorage.url_history ", "687474703A2F2F7777772E77696E646F77736262732E636F6D2F77696E646F77732D78702F ");
user_pref( "CT2269050.backendstorage.url_history_time ", "31333236353231363735373331 ");
user_pref( "CT2269050.clientLogIsEnabled ", true);
user_pref( "CT2269050.clientLogServiceUrl ", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent ");
user_pref( "CT2269050.myStuffEnabled ", true);
user_pref( "CT2269050.myStuffPublihserMinWidth ", 400);
user_pref( "CT2269050.myStuffSearchUrl ", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID ");
user_pref( "CT2269050.myStuffServiceIntervalMM ", 1440);
user_pref( "CT2269050.myStuffServiceUrl ", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT ");
user_pref( "CT2269050.uninstallLogServiceUrl ", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation ");
user_pref( "CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_c558d0c5 ", "356x332 ");
user_pref( "CommunityToolbar.SearchFromAddressBarSavedUrl ", "chrome://browser-region/locale/region.properties ");
user_pref( "CommunityToolbar.ToolbarsList ", "CT2269050 ");
user_pref( "CommunityToolbar.ToolbarsList2 ", "CT2269050 ");
user_pref( "CommunityToolbar.alert.clientsServerUrl ", "hxxp://alert.client.conduit.com ");
user_pref( "CommunityToolbar.alert.locale ", "en ");
user_pref( "CommunityToolbar.alert.loginIntervalMin ", 1440);
user_pref( "CommunityToolbar.alert.loginLastCheckTime ", "Fri Jan 13 2012 22:09:58 GMT-0800 (Pacific Standard Time) ");
user_pref( "CommunityToolbar.alert.loginLastUpdateTime ", "1313487611 ");
user_pref( "CommunityToolbar.alert.messageShowTimeSec ", 20);
user_pref( "CommunityToolbar.alert.servicesServerUrl ", "hxxp://alert.services.conduit.com ");
user_pref( "CommunityToolbar.alert.showTrayIcon ", false);
user_pref( "CommunityToolbar.alert.userCloseIntervalMin ", 300);
user_pref( "CommunityToolbar.alert.userId ", "{36e8fc9f-e83c-495e-b35a-84bb36c6b2c8} ");
user_pref( "CommunityToolbar.facebook.settingsLastCheckTime ", "Sat Aug 27 2011 00:21:07 GMT-0700 (Pacific Daylight Time) ");
user_pref( "CommunityToolbar.keywordURLSelectedCTID ", "CT2269050 ");
user_pref( "browser.search.defaultengine ", "Ask.com ");
user_pref( "extensions.BabylonToolbar_i.newTab ", true);
user_pref( "extensions.BabylonToolbar_i.newTabUrl ", "hxxp://www.delta-search.com/?affID=119658&babsrc=NT_ss&mntrId=70f2e03500000000000000a0ccd5827a ");
user_pref( "extensions.asktb.ff-original-keyword-url ", " ");
user_pref( "extensions.crossrider.bic ", "13c9d96deb866123a61a8d925761cf7e ");
user_pref( "extensions.crossriderapp12749.12749.InstallationTime ", 1359853576);
user_pref( "extensions.crossriderapp12749.12749.active ", true);
user_pref( "extensions.crossriderapp12749.12749.addressbar ", " ");
user_pref( "extensions.crossriderapp12749.12749.addressbarenhanced ", " ");
user_pref( "extensions.crossriderapp12749.12749.backgroundjs ", "\n\n//\n ");
user_pref( "extensions.crossriderapp12749.12749.backgroundver ", 29);
user_pref( "extensions.crossriderapp12749.12749.can_run_bg_code ", true);
user_pref( "extensions.crossriderapp12749.12749.certdomaininstaller ", " ");
user_pref( "extensions.crossriderapp12749.12749.changeprevious ", false);
user_pref( "extensions.crossriderapp12749.12749.cookie.InstallationTime.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie.InstallationTime.value ", "1359853576 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_aoi.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_aoi.value ", "1359853576 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_arbitrary_code.expiration ", "Sun Feb 03 2013 23:04:43 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_arbitrary_code.value ", "%22%28function%28%29%7B_GPL_PLUGIN.countryCode%26%26-1%3D%3D%5C%22DZ%20EG%20HR%20ID%20IR%20J
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_blocklist.expiration ", "Sun Feb 03 2013 23:04:43 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_blocklist.value ", "%22nonexistantdomain.com%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_cf_bu1.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_cf_bu1.value ", "1359961194 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_country_code.expiration ", "Sat Feb 09 2013 17:07:59 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_country_code.value ", "%22US%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_crr.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_crr.value ", "1359960565 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_currenttime.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_currenttime.value ", "%221359648410%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_hotfix20111102645.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_hotfix20111102645.value ", "%221%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_installer_params.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_installer_params.value ", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_installtime.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_installtime.value ", "%221359648410%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_parent_zoneid.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_parent_zoneid.value ", "%2214019%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_pc_20120828.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_pc_20120828.value ", "1359853726788 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_product_id.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_product_id.value ", "%221281%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_zoneid.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie._GPL_zoneid.value ", "%22138709%22 ");
user_pref( "extensions.crossriderapp12749.12749.cookie.dbtest.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.cookie.dbtest.value ", "1359853678256 ");
user_pref( "extensions.crossriderapp12749.12749.description ", "Coupon Caddy ");
user_pref( "extensions.crossriderapp12749.12749.domain ", " ");
user_pref( "extensions.crossriderapp12749.12749.enablesearch ", false);
user_pref( "extensions.crossriderapp12749.12749.fbremoteurl ", " ");
user_pref( "extensions.crossriderapp12749.12749.group ", 0);
user_pref( "extensions.crossriderapp12749.12749.homepage ", " ");
user_pref( "extensions.crossriderapp12749.12749.iframe ", false);
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_appVer.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_appVer.value ", "54 ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_lastVersion.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_lastVersion.value ", "0 ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_meta.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_meta.value ", "%7B%7D ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_nextCheck.expiration ", "Mon Feb 04 2013 04:42:24 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_nextCheck.value ", "true ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_queue.expiration ", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time) ");
user_pref( "extensions.crossriderapp12749.12749.internaldb.Resources_queue.value ", "%7B%7D ");
user_pref( "extensions.crossriderapp12749.12749.js ", "\n\nif(\ "undefined\ "!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1281,baseCDN:
user_pref( "extensions.crossriderapp12749.12749.manifesturl ", " ");
user_pref( "extensions.crossriderapp12749.12749.name ", "Coupon Caddy ");
user_pref( "extensions.crossriderapp12749.12749.newtab ", " ");
user_pref( "extensions.crossriderapp12749.12749.opensearch ", " ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1.code ", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1.name ", "base ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1.ver ", 3);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1000014.code ", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1000014.name ", "GPL Plugin (Loader) ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1000014.ver ", 15);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1000015.code ", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1000015.name ", "GPL Background (BG) ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_1000015.ver ", 27);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_13.code ", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_13.name ", "CrossriderAppUtils ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_13.ver ", 2);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_14.code ", "if(typeof(appAPI)===\ "undefined\ "){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\ "undefined
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_14.name ", "CrossriderUtils ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_14.ver ", 2);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_16.code ", "if((typeof isBackground===\ "undefined\ "||isBackground!=true)&&(typeof _firefoxVersion!==\ "undefined\ "&
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_16.name ", "FFAppAPIWrapper ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_16.ver ", 4);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_17.code ", "if(typeof window!==\ "undefined\ "){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_17.name ", "jQuery ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_17.ver ", 3);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_21.code ", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_21.name ", "debug ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_21.ver ", 3);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_22.code ", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_22.name ", "resources ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_22.ver ", 2);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_28.code ", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_28.name ", "initializer ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_28.ver ", 2);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_4.code ", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \ "unde
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_4.name ", "jquery_1_7_1 ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_4.ver ", 3);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_47.code ", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_47.name ", "resources_background ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_47.ver ", 1);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_64.code ", "(function(){var h=\ "__CR_EMPTY_CHANNEL__\ ";var d=function(j){return(typeof j===\ "object\ "&&j!==null);}
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_64.name ", "appApiMessage ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_64.ver ", 1);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_72.code ", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_72.name ", "appApiValidation ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_72.ver ", 1);
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_78.code ", "if(typeof jQuery!==\ "undefined\ "&&(jQuery)&&typeof navigator!==\ "undefined\ "&&typeof navigator.userAge
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_78.name ", "CrossriderInfo ");
user_pref( "extensions.crossriderapp12749.12749.plugins.plugin_78.ver ", 2);
user_pref( "extensions.crossriderapp12749.12749.plugins_lists.plugins_0 ", "4,14,78,16,64,47,72,1000015 ");
user_pref( "extensions.crossriderapp12749.12749.plugins_lists.plugins_1 ", "17,14,78,13,16,64,4,1,21,22,72,1000014,28 ");
user_pref( "extensions.crossriderapp12749.12749.pluginsurl ", "hxxp://app-static.crossrider.com/plugin/apps/12749/plugins/086/ff/plugins.json ");
user_pref( "extensions.crossriderapp12749.12749.pluginsversion ", 48);
user_pref( "extensions.crossriderapp12749.12749.publisher ", "215 Apps ");
user_pref( "extensions.crossriderapp12749.12749.searchstatus ", 0);
user_pref( "extensions.crossriderapp12749.12749.setnewtab ", false);
user_pref( "extensions.crossriderapp12749.12749.settingsurl ", " ");
user_pref( "extensions.crossriderapp12749.12749.thankyou ", " ");
user_pref( "extensions.crossriderapp12749.12749.updateinterval ", 360);
user_pref( "extensions.crossriderapp12749.12749.ver ", 54);
user_pref( "extensions.crossriderapp12749.apps ", "12749 ");
user_pref( "extensions.crossriderapp12749.bic ", "13c9d96deb866123a61a8d925761cf7e ");
user_pref( "extensions.crossriderapp12749.cid ", 12749);
user_pref( "extensions.crossriderapp12749.firstrun ", false);
user_pref( "extensions.crossriderapp12749.hadappinstalled ", true);
user_pref( "extensions.crossriderapp12749.installationdate ", 1359853576);
user_pref( "extensions.crossriderapp12749.lastcheck ", 22666002);
user_pref( "extensions.crossriderapp12749.lastcheckitem ", 22666020);
user_pref( "extensions.crossriderapp12749.modetype ", "production ");
user_pref( "extensions.crossriderapp12749.reportInstall ", true);
user_pref( "extensions.crossriderapp5060.adsOldValue ", -1);
user_pref( "extensions.delta.admin ", false);
user_pref( "extensions.delta.aflt ", "babsst ");
user_pref( "extensions.delta.appId ", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} ");
user_pref( "extensions.delta.autoRvrt ", "false ");
user_pref( "extensions.delta.bbDpng ", "3 ");
user_pref( "extensions.delta.cntry ", "US ");
user_pref( "extensions.delta.dfltLng ", "en ");
user_pref( "extensions.delta.excTlbr ", false);
user_pref( "extensions.delta.hdrMd5 ", "F0F19625DE71CC7710BCA0E358747FE8 ");
user_pref( "extensions.delta.id ", "70f2e03500000000000000a0ccd5827a ");
user_pref( "extensions.delta.instlDay ", "15739 ");
user_pref( "extensions.delta.instlRef ", "sst ");
user_pref( "extensions.delta.lastVrsnTs ", "1.8.10.018:07:58 ");
user_pref( "extensions.delta.newTab ", false);
user_pref( "extensions.delta.prdct ", "delta ");
user_pref( "extensions.delta.prtnrId ", "delta ");
user_pref( "extensions.delta.rvrt ", "false ");
user_pref( "extensions.delta.sg ", "none ");
user_pref( "extensions.delta.smplGrp ", "none ");
user_pref( "extensions.delta.tlbrId ", "base ");
user_pref( "extensions.delta.tlbrSrchUrl ", " ");
user_pref( "extensions.delta.vrsn ", "1.8.10.0 ");
user_pref( "extensions.delta.vrsnTs ", "1.8.10.018:07:58 ");
user_pref( "extensions.delta.vrsni ", "1.8.10.0 ");
user_pref( "extensions.enabledItems ", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1,{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6,jq
user_pref( "CT3272718.autoDisableScopes ", 14);
user_pref( "CT3272718.UserID ", "UN21275996939463174 ");
user_pref( "ct3272718.UserID ", "UN21275996939463174 ");
user_pref( "CT3272718.installDate ", "5/2/2013 15:27:25 ");
user_pref( "smartbar.originalHomepage ", "hxxp://hei.net/ ");
user_pref( "CT3272718.smartbar.homepage ", "true ");
user_pref( "browser.startup.homepage ", "hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN21275996939463174 ");
user_pref( "CT3272718.startPageXPETakeover ", "true ");
user_pref( "smartbar.conduitHomepageList ", "hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN21275996939463174 ");
user_pref( "browser.search.defaulturl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN21275996939463174 ");
user_pref( "browser.search.defaultthis.engineName ", "MixiDJ Customized Web Search ");
user_pref( "browser.search.selectedEngine ", "MixiDJ Customized Web Search ");
user_pref( "CT3272718.browser.search.defaultthis.engineName ", "true ");
user_pref( "CT3272718.defaultSearchXPETakeover ", "true ");
user_pref( "smartbar.originalSearchEngine ", "Delta Search ");
user_pref( "smartbar.originalSearchAddressUrl ", " ");
user_pref( "Smartbar.SearchFromAddressBarSavedUrl ", " ");
user_pref( "CT3272718.keyword ", "true ");
user_pref( "CT3272718.addressUrlXPETakeover ", "true ");
user_pref( "smartbar.conduitSearchAddressUrlList ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN21275996939463174&q= ");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/12/2013 at 22:54:55.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DPI Graphics · 2013/03/13

here is the OTL.txt report. It did not create an "Extras.txt" report. Is this a problem?

OTL logfile created on: 3/12/2013 11:02:45 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ed Day.DPI01\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 536.41 Mb Available Physical Memory | 52.43% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.17% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 132.08 Gb Free Space | 70.89% Space Free | Partition Type: NTFS
Drive E: | 76.33 Gb Total Space | 67.24 Gb Free Space | 88.10% Space Free | Partition Type: NTFS
Drive F: | 72.72 Gb Total Space | 30.27 Gb Free Space | 41.63% Space Free | Partition Type: NTFS

Computer Name: DPI01 | User Name: Ed Day | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/12 23:00:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\OTL.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/08/21 21:59:25 | 000,660,504 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2012/08/21 21:59:24 | 000,365,560 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/21 21:57:19 | 000,531,664 | ---- | M] (Acronis) -- C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
PRC - [2012/07/19 15:51:40 | 001,031,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Walgreens PictureMover\Bin\PictureMover.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/11/02 16:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/07/19 16:01:22 | 001,756,576 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\PictureMover\WG-EN-US\Presentation.dll
MOD - [2012/07/19 15:52:28 | 012,410,272 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\PictureMover\Bin\Core.dll
MOD - [2011/09/05 14:13:09 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/08/26 09:46:18 | 000,012,128 | ---- | M] () -- C:\Program Files\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
MOD - [2007/04/02 05:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/26 19:45:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/16 13:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/12 11:46:14 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/08/21 21:59:25 | 000,660,504 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/08 08:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/27 17:03:28 | 000,431,384 | ---- | M] (Maxtor) [Disabled | Stopped] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (MaxSch2Svc)
SRV - [2008/04/13 17:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [Disabled | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/03/12 14:40:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B531E7EF-E083-4D38-A3B8-C75461D88A32}\MpKsl30f615dc.sys -- (MpKsl30f615dc)
DRV - [2010/06/30 12:41:49 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/06/30 12:41:49 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/06/30 12:41:40 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010/06/30 12:41:27 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2002/03/11 10:34:32 | 000,005,376 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\DELL\drivers\R60303\TVTGAA01\BIN\atiicdxx.sys -- (ATICDSDr)
DRV - [2001/08/17 05:12:20 | 000,032,840 | ---- | M] (NETGEAR Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Ngrpci.sys -- (ngrpci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/linksys
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3D87859F-F4F4-4372-A6F4-13A6DE13B282&ind=2012102620&n=77ee3fdc&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hei.net/
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\SearchScopes,DefaultScope = {05727330-12A2-6573-6C66-81489A35331A}
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\SearchScopes\{05727330-12A2-6573-6C66-81489A35331A}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: e:\my documents\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: e:\my documents\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Ed Day.DPI01\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012/08/21 22:13:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/08/21 22:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/02 19:09:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/27 18:05:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/27 18:05:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/05 00:32:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/27 18:03:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/02 19:09:07 | 000,000,000 | ---D | M]

[2013/02/02 19:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Extensions
[2013/02/02 19:09:07 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Extensions\statuswinks@StatusWinks
[2013/03/12 22:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions
[2013/02/05 16:22:06 | 000,000,000 | ---D | M] (MixiDJ) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
[2012/08/21 20:38:48 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2012/10/26 17:40:25 | 000,000,000 | ---D | M] (RadioRage) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\4jffxtbr@RadioRage_4j.com
[2013/02/02 14:37:19 | 000,216,743 | ---- | M] () (No name found) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\freehdsport@freehdsport.tv.xpi
[2013/02/02 18:06:01 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/15 11:35:43 | 000,002,367 | ---- | M] () (No name found) -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\Firefox\Profiles\z8mwqjrs.default\extensions\{8fd9fd58-dafd-4930-9eca-13c240a96da9}.xpi
[2013/02/02 18:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/20 14:58:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ED DAY.DPI01\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z8MWQJRS.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ED DAY.DPI01\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z8MWQJRS.DEFAULT\EXTENSIONS\CROSSRIDERAPP12749@CROSSRIDER.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ED DAY.DPI01\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z8MWQJRS.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ED DAY.DPI01\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z8MWQJRS.DEFAULT\EXTENSIONS\PLAYBRYTE@PLAYBRYTE.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ED DAY.DPI01\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z8MWQJRS.DEFAULT\EXTENSIONS\ZKCUDNWXXO@ZKCUDNWXXO.ORG.XPI
[2013/01/16 13:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/27 18:02:57 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/01/16 13:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/16 13:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Ed Day.DPI01\Application Data\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Documents and Settings\Ed Day.DPI01\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = e:\my documents\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = e:\my documents\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = e:\my documents\Netscape6\nprjplug.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/03/11 21:01:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] E:\my documents\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-854245398-1500820517-725345543-1002..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-854245398-1500820517-725345543-1002..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Ed Day.DPI01\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-854245398-1500820517-725345543-1002..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Walgreens PictureMover.lnk = C:\Program Files\Walgreens PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
O4 - Startup: C:\Documents and Settings\Ed Day\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Ed Day.DPI01\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

DPI Graphics · 2013/03/13

2nd half of OTL report.

O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Ed Day.DPI01\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Ed Day.DPI01\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1349161699093 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C64E08-B624-4B75-9F49-E9792D0CA215}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 17:13:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/11 17:13:16 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/12 22:45:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/03/12 22:44:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/12 22:43:21 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\JRT.exe
[2013/03/12 22:13:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/11 20:34:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/03/11 18:09:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/11 18:06:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/11 18:06:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/11 18:06:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/11 18:06:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/11 18:06:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/11 18:05:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/11 16:32:51 | 005,037,889 | R--- | C] (Swearware) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\ComboFix.exe
[2013/03/10 17:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Day.DPI01\Desktop\RK_Quarantine
[2013/03/09 13:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Day.DPI01\Desktop\atapi.sys file
[2013/03/09 13:38:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\aswMBR.exe
[2013/03/08 18:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase
[2013/02/27 18:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/02/27 18:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks
[2013/02/27 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2013/02/27 18:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\RealNetworks
[2013/02/27 18:02:30 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/12 23:00:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\OTL.exe
[2013/03/12 22:45:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/12 22:43:45 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\JRT.exe
[2013/03/12 22:43:07 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/03/12 22:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/12 22:36:55 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/03/12 22:33:50 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1500820517-725345543-1002.job
[2013/03/12 22:33:33 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/03/12 22:33:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/12 22:33:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/12 22:32:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/12 22:32:49 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/12 22:24:28 | 000,597,667 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Desktop\adwcleaner.exe
[2013/03/12 12:32:30 | 000,002,585 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2013/03/12 10:14:08 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/03/11 23:31:31 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/11 22:12:03 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2013/03/11 21:01:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/11 18:09:48 | 000,000,217 | RHS- | M] () -- C:\boot.ini
[2013/03/11 16:33:05 | 005,037,889 | R--- | M] (Swearware) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\ComboFix.exe
[2013/03/10 22:48:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1500820517-725345543-1002.job
[2013/03/10 16:43:44 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Desktop\RogueKiller.exe
[2013/03/10 11:24:31 | 000,558,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/10 11:24:31 | 000,106,204 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/09 13:38:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ed Day.DPI01\Desktop\aswMBR.exe
[2013/03/06 20:56:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/05 22:58:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2013/03/02 12:23:34 | 000,014,595 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\My Documents\mrscartwright.odt
[2013/02/27 18:05:45 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2013/02/27 18:02:30 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/02/26 16:45:38 | 001,137,808 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\My Documents\(9) Covered Bridge Cluster Boston Terrier Entries.htm
[2013/02/15 11:48:09 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2013/02/15 01:44:23 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Microsoft\Internet Explorer\Quick Launch\FTP Commander.lnk
[2013/02/14 22:41:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/02/14 10:46:19 | 001,193,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 00:56:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 13:50:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/13 13:17:33 | 000,000,547 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Microsoft\Internet Explorer\Quick Launch\GifSplitter.lnk
[2013/02/13 13:16:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/12 22:24:02 | 000,597,667 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Desktop\adwcleaner.exe
[2013/03/12 08:26:14 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/03/11 22:12:03 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2013/03/11 18:09:48 | 000,000,101 | ---- | C] () -- C:\Boot.bak
[2013/03/11 18:09:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/11 18:06:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/11 18:06:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/11 18:06:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/11 18:06:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/11 18:06:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/10 16:43:12 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Desktop\RogueKiller.exe
[2013/03/01 01:52:32 | 000,014,595 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\My Documents\mrscartwright.odt
[2013/02/27 18:05:45 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk
[2013/02/26 16:45:37 | 001,137,808 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\My Documents\(9) Covered Bridge Cluster Boston Terrier Entries.htm
[2013/02/18 22:58:52 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2013/02/15 11:48:09 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2013/02/15 01:44:23 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Microsoft\Internet Explorer\Quick Launch\FTP Commander.lnk
[2013/02/14 22:41:10 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2012/10/30 19:10:52 | 000,099,049 | ---- | C] () -- C:\WINDOWS\hpiins04.dat
[2012/10/30 19:10:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl04.dat
[2012/10/30 14:40:51 | 000,129,044 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2012/10/30 14:40:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2012/10/02 05:57:21 | 000,205,269 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2012/10/02 05:57:21 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2012/09/03 13:36:57 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\atscie.msi
[2012/08/08 19:36:08 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-tkkVCXjaEvrFRjr
[2012/08/08 19:36:08 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\-tkkVCXjaEvrFRj
[2012/08/08 19:36:04 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\tkkVCXjaEvrFRj
[2012/06/27 21:10:57 | 000,000,455 | ---- | C] () -- C:\Program Files\0627201221105734.bat
[2012/02/15 23:04:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/10/26 22:09:03 | 000,000,286 | ---- | C] () -- C:\WINDOWS\System32\EvGr_Data{AC4A66EB-41CD-11DF-9AAA-806D6172696F}.dat
[2011/10/26 22:09:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{AC4A66EB-41CD-11DF-9AAA-806D6172696F}.dat
[2011/10/26 22:09:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{AC4A66EA-41CD-11DF-9AAA-806D6172696F}.dat
[2011/10/26 22:09:03 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\RW_{12B5D0EC-8550-11DF-A67F-00A0CCD5827A}.dat
[2011/10/26 22:09:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\RW_FileType.dat
[2011/10/26 22:09:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\RW_AppData.dat
[2011/10/26 22:09:03 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2011/10/26 22:09:02 | 000,053,814 | ---- | C] () -- C:\WINDOWS\System32\EvGr_Data{AC4A66EA-41CD-11DF-9AAA-806D6172696F}.dat
[2011/06/07 11:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2011/05/18 14:29:11 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/19 23:24:03 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/21 13:05:01 | 000,528,384 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\fontdb.mdb
[2010/08/30 21:11:22 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Application Data\WavCodec.wff
[2010/07/19 21:48:13 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ed Day.DPI01\Local Settings\Application Data\fusioncache.dat
[2010/03/24 14:05:27 | 000,000,980 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4
[2009/03/12 12:55:51 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

========== ZeroAccess Check ==========

[2010/06/05 13:51:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/21 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012/08/21 20:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/08/21 20:25:49 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Application Data\Application Data
[2012/08/21 20:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2012/08/21 20:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/08/21 20:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2012/08/21 20:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Itiva
[2012/08/21 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/21 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/08/21 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2012/08/21 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roland DG Corporation
[2012/08/21 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2012/08/21 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2012/08/21 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/21 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2012/08/21 20:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2012/12/11 16:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2012/08/21 20:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Mender
[2012/08/21 20:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games
[2012/08/21 20:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maxtor
[2012/08/21 20:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2012/08/21 20:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2013/01/05 22:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PictureMover
[2012/08/21 20:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
[2012/08/29 01:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2012/12/11 16:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2012/08/21 20:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2012/10/30 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Visan
[2012/08/21 20:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Walgreens
[2012/08/21 20:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinMaximizer
[2012/12/11 16:55:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/08/21 20:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\NCH Swift Sound
[2012/08/21 20:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\old_Identities
[2012/08/21 20:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\OpenOffice.org
[2012/08/21 20:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\PCHealth
[2012/08/21 20:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Printer Info Cache
[2012/08/21 20:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\RecordPad
[2012/08/21 20:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Registry Cleaner
[2012/08/21 20:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Snapfish
[2012/08/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Tibo Software
[2012/08/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Viewpoint
[2012/08/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\W Photo Studio
[2012/08/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\W Photo Studio Viewer
[2012/08/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Wal-Mart Digital Photo Manager
[2012/08/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Wal-Mart Digital Photo Viewer
[2012/08/21 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Walgreens
[2012/08/21 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\WeatherBug
[2012/08/21 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Webshots
[2012/08/21 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\WinZip
[2012/08/21 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\WMTools Downloaded Files
[2012/08/21 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\Xara
[2012/08/21 20:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day\Application Data\ZangoToolbar
[2012/08/21 20:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Audacity
[2012/08/21 20:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\AVG
[2012/08/21 20:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\BorWare
[2012/08/21 20:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\CARIS
[2012/12/11 16:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\DVDVideoSoft
[2012/08/21 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\FreeAudioPack
[2012/08/21 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\FreeBurner
[2012/12/05 10:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\FreeFileViewer
[2012/08/21 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\GlarySoft
[2012/08/21 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\ieSpell
[2012/09/30 19:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Image Zone Express
[2012/08/21 20:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\iWinv1002
[2012/08/21 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\NCH Swift Sound
[2012/08/21 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Oberon Media
[2012/08/21 20:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Octoshape
[2012/08/21 20:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\OpenOffice.org
[2013/01/05 22:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\PictureMover
[2013/02/05 16:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\player
[2012/08/21 20:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Playrix Entertainment
[2012/08/21 20:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Printer Info Cache
[2013/02/02 19:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\StatusWinks
[2012/08/21 20:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\SumatraPDF
[2012/08/21 20:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Tific
[2012/08/21 20:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Titanium Gears
[2012/12/11 16:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\TuneUp Software
[2012/10/30 17:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Visan
[2012/08/21 20:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\W Photo Studio
[2012/08/21 20:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\W Photo Studio Viewer
[2012/08/21 20:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\Walgreens
[2012/08/21 20:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\WeatherBug
[2013/03/08 18:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ed Day.DPI01\Application Data\WindowsDatabase
[2012/12/11 16:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software
[2012/08/21 21:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2012/08/21 21:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2012/08/21 21:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
[2012/08/21 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DataCast
[2012/08/21 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2012/08/21 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2012/08/21 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2012/08/21 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2012/08/21 21:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2012/08/21 21:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2012/08/21 21:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2012/08/21 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2012/08/21 21:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spyware Terminator
[2012/08/21 21:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2012/08/21 21:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio
[2012/08/21 21:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2012/08/21 21:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2012/08/21 21:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xilisoft

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/05/31 17:36:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/05/31 17:36:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< End of report >

broni · 2013/03/13

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}:  "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptnrS=ZXxdm039YYus&si=radiopi&ptb=3D87859F-F4F4-4372-A6F4-13A6DE13B282&ind=2012102620&n=77ee3fdc&psa=&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\S-1-5-21-854245398-1500820517-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = 127.0.0.1:9421;<local>
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
O3 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1500820517-725345543-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2010/03/24 14:05:27 | 000,000,980 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4


:Services

:Reg

:Files
C:\Program Files\Common Files\Symantec Shared

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

DPI Graphics · 2013/03/13

just to verify, I should copy everything in the code box from :OTL thru [Reboot] and paste it into the Custom Scans/Fixes box.

broni · 2013/03/13

Yes..

DPI Graphics · 2013/03/13

Here is the OTL Fix Log.

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Service Symantec RemoteAssist stopped successfully!
Service Symantec RemoteAssist deleted successfully!
C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service USBAAPL stopped successfully!
Service USBAAPL deleted successfully!
File System32\Drivers\usbaapl.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service MCSTRM stopped successfully!
Service MCSTRM deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-854245398-1500820517-725345543-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@RadioRage_4j.com/Plugin\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-854245398-1500820517-725345543-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-854245398-1500820517-725345543-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {6F15128C-E66A-490C-B848-5000B5ABEEAC}
C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6F15128C-E66A-490C-B848-5000B5ABEEAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F15128C-E66A-490C-B848-5000B5ABEEAC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6F15128C-E66A-490C-B848-5000B5ABEEAC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F15128C-E66A-490C-B848-5000B5ABEEAC}\ not found.
Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
C:\WINDOWS\Downloaded Program Files\setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Starting removal of ActiveX control {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}
C:\WINDOWS\Downloaded Program Files\setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\20xYJkS83BHk4 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\Symantec Shared\Support Controls folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DPI01
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Desktop

User: Documents

User: Ed Day
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Ed Day.DPI01
->Temp folder emptied: 1183265 bytes
->Temporary Internet Files folder emptied: 48882866 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52259184 bytes
->Google Chrome cache emptied: 6417561 bytes
->Flash cache emptied: 1079953 bytes

User: EDDAY~1~DPI

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327974 bytes

User: Marci

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 24516 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 269584 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1488337 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1206878 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4083 bytes

Total Files Cleaned = 108.00 mb

[EMPTYJAVA]

User: Administrator

User: Administrator.DPI01

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: Desktop

User: Documents

User: Ed Day
->Java cache emptied: 0 bytes

User: Ed Day.DPI01
->Java cache emptied: 0 bytes

User: EDDAY~1~DPI

User: LocalService

User: LocalService.NT AUTHORITY

User: Marci

User: NetworkService
->Java cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.DPI01

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: Desktop

User: Documents

User: Ed Day

User: Ed Day.DPI01
->Flash cache emptied: 0 bytes

User: EDDAY~1~DPI

User: LocalService
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: Marci

User: NetworkService
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03132013_172034

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7cc.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

DPI Graphics · 2013/03/13

SecurityCheck.txt,

Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 20
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 18.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

DPI Graphics · 2013/03/13

FSS.txt.

Farbar Service Scanner Version: 03-03-2013
Ran by Ed Day (administrator) on 13-03-2013 at 17:40:57
Running from "C:\Documents and Settings\Ed Day.DPI01\Desktop "
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2010-04-06 23:07] - [2008-04-13 17:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2006-02-28 05:00] - [2009-02-06 04:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(9)
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

DPI Graphics · 2013/03/14

while running the online scan, I got infected by another virus the FBI reasonware virus that has blocked my computer asking for $300.00. So I'm stuck again and this time I'm really stuck because when I try to boot in safe mode, I still get the blue screen. I have no idea what to do now.

DPI Graphics · 2013/03/14

I have time to get 1 pgm running before it blocks me so I ran Malwarebytes but it didn't find any viruses.

broni · 2013/03/14

Turn the computer off, physically disconnect from the internet (pull ethernet cable).
Restart to normal or safe mode (whichever is not blocked by the virus) and run RogueKiller and MBAR (not MBAM).

DPI Graphics · 2013/03/14

OK. You got it.

Log in or Sign up

Solved ATAPI.sysfile corupted

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved ATAPI.sysfile corupted

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

DPI Graphics Well-Known Member Thread Starter

broni Moderator Malware Analyst

DPI Graphics Well-Known Member Thread Starter

Share This Page

Useful Searches