Jump to content

qpwillie

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so very much!!!!!!!!!!!!!! Everything seems to be working great.
  2. OK, here is the log from Adwcleaner and the checkup.txt. First, the Adwcleaner log: # AdwCleaner v3.022 - Report created 22/03/2014 at 20:45:01 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Buddy Harris - EMACHINE-98E05C # Running from : C:\Documents and Settings\Buddy Harris\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Free Ride Games Folder Deleted : C:\Documents and Settings\All Users\Application Data\w3i Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder Folder Deleted : C:\Documents and Settings\All Users\Application Data\QueeenCoupon Folder Deleted : C:\Program Files\Free Ride Games Folder Deleted : C:\Program Files\w3i Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\Delta Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\DigitalSites Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\SearchProtect Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\Buddy Harris\Application Data\digitalsite Folder Deleted : C:\Documents and Settings\Buddy Harris\Application Data\DigitalSites Folder Deleted : C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\Extensions\staged Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\Extensions\staged Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof File Deleted : C:\WINDOWS\system32\conduitEngine.tmp File Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\BargainWorkbench.crx File Deleted : C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\invalidprefs.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gebcpofjimbbchggpnfcaiieolloeodp Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKCU\Software\5855ded1b43abd43 Key Deleted : HKLM\SOFTWARE\5855ded1b43abd43 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\Freecorder extension Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\torch Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\torch Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\prefs.js ] [ File : C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\prefs.js ] Line Deleted : user_pref("extensions.2TtEsHCHX7cj.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(w[...] Line Deleted : user_pref("extensions.BfMowvApHZ.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.[...] Line Deleted : user_pref("extensions.XiXJbH0lQTRS.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(w[...] Line Deleted : user_pref("extensions.YDbF9L.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=65017/)[...] Line Deleted : user_pref("extensions.crossrider.bic", "1445f146511279b6929678857f57f907"); Line Deleted : user_pref("extensions.xopoj.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.match(/[...] ************************* AdwCleaner[R0].txt - [11451 octets] - [22/03/2014 19:01:04] AdwCleaner[s0].txt - [11373 octets] - [22/03/2014 20:45:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11434 octets] ########## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- And now checkup.txt: Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Windows Defender Malwarebytes Anti-Malware version 1.75.0.1300 AVS Registry Cleaner 2.3.2.257 AVS Registry Cleaner version 2.2 Java 6 Update 37 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 27.0.1 Firefox out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  3. I did wrong. I was trying to talk with visitors when I ran Adwcleaner and I didn't realize that I needed to open those tabs and clean. I am now doing that and afterwards, I will run SecurityCheck again as you instructed. I apologize for my mistake.
  4. I ran Awdcleaner and it found nothing so I assume there is no log file. Here is the log file from Security Check: Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Windows Defender Malwarebytes Anti-Malware version 1.75.0.1300 AVS Registry Cleaner 2.3.2.257 AVS Registry Cleaner version 2.2 Java 6 Update 37 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 27.0.1 Firefox out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  5. Should I restart to check for problems? Here is combofix.txt ComboFix 14-03-19.01 - Buddy Harris 03/22/2014 18:12:10.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.401 [GMT -4:00] Running from: c:\documents and settings\Buddy Harris\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Buddy Harris\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\documents and settings\Buddy Harris\My Documents\Downloads\ZipOpenerSetup.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\background.html c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\content.js c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\lsdb.js c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\manifest.json c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\sqlite.js c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\V3SdAIrBJS9z.js c:\documents and settings\Buddy Harris\Application Data\BabSolution c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\BabMaint.exe c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\BUSolution.dll c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\GUninstaller.exe c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\SetupParams.ini c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\addons.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\addons.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\blocklist.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-11_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-12_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-13_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-14_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-15_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-16_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-17_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-18_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-19_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-20_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-21_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarks.html c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bProtector_extensions.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bProtector_extensions.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bprotector_prefs.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\cert8.db c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\chrome\userChrome-example.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\chrome\userContent-example.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\compatibility.ini c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\compreg.dat c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\content-prefs.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\cookies.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.ini c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.log c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome\chrome_user.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\content\fastdiscountz.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\content\images\32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome\ytoolbar.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\extconfig.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooInjectoManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooInjectoManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYTBXPCOM.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogFileAppender.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogger.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogger.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\Lightening.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\yahoo.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\manifest.mf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.rsa c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.sf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content\bargainjoy.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content\images\32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components\red.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content\images\32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content\webtosave.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\background.html c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\button.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\config.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\framework.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\framework.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-128.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-16.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-18.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-24.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-256.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-48.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-64.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\jquery-1.6.2.min.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\jquery.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\js\bg.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\js\content.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\options.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\arrow-dn.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\clipper.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\convert.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\help.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\lock.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\logo-24.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\logo.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\mp3_editor.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\music.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\play-flv.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\play.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\radio.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\screen.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\search.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\triangle-1-s.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\tv.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\upgrade.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\upgrade2.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\vid-history.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\video-history.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\video.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\video_encryptor.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\vpl.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\youtube-square.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\youtube.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\jquery-1.7.2.min.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\popup.html c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\popup.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\style.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\settings.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\skin\framework.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\plugins\npFreeCoder.dll c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\components\FFDisp.dll c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\delta.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\delta.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\dpk.htm c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\hlprs.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\arwDwn.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\closeo.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ae.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\bg.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ch.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\cn.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\cz.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\de.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\eg.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\en.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\es.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\fr.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\gr.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\he.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\il.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\it.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ja.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\jp.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\nl.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\no.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\pl.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\pt.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ro.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ru.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\sa.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\se.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\sv.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\tr.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ua.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\us.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\help_16.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\home.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\icon_seperator.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\logo.PNG c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\privecy_16_hot.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\sign.jpg c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\specialoffer.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\tellafriend.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\uninstall.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\loader.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\mtstart.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\serp.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\tmplt.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\uninstall.exe c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\myhomepage_manishjain9@gmail.com.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\plugin@yontoo.com.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\status4evar@caligonstudios.com.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\chrome\wecarereminder.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\httpModifyListener.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.idl c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCVisitedHash.idl c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCVisitedHash.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCVisitedHash.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\defaults\preferences\wecarereminder.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\MerchHash.txt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\META-INF\manifest.mf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\META-INF\zigbert.rsa c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\META-INF\zigbert.sf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\formhistory.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\healthreport.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\healthreport\state.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\key3.db c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\localstore-safe.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\localstore.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\marionette.log c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\mimeTypes.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\48d9e861-eea3-4c4e-8a60-796b5c8d2946.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\48d9e861-eea3-4c4e-8a60-796b5c8d2946.extra c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\69fc6fdf-8fbf-4c74-b73c-eb6a79fdf511.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\69fc6fdf-8fbf-4c74-b73c-eb6a79fdf511.extra c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\6d6c0a96-175b-472a-87ed-69eadf1baa0f.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\9b7df193-5b40-467c-8c5c-e7d8cc9841a5.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\parent.lock c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\permissions.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\persdict.dat c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\places.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\pluginreg.dat c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\prefs.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search-metadata.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search-metadata.json.tmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\searchplugins\babylon.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\searchplugins\conduit-search.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\searchplugins\SweetIM Search.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\secmod.db c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\sessionstore.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\signons.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\storage\persistent\chrome\.metadata c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\storage\persistent\chrome\idb\2588645841ssegtnti.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\storage\persistent\chrome\idb\846562544phus.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\Telemetry.FailedProfileLocks.txt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\times.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\urlclassifierkey3.txt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\user.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\webapps\webapps.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\webappsstore.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\xpti.dat c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\sqlite.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\sqlite.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\install.rdf . . ((((((((((((((((((((((((( Files Created from 2014-02-22 to 2014-03-22 ))))))))))))))))))))))))))))))) . . 2014-03-22 13:35 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7CD5B51-6A01-44F2-982F-8CFE91E753EB}\mpengine.dll 2014-03-21 16:49 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-21 15:48 . 2014-03-21 15:48 -------- d-----w- c:\program files\ESET 2014-03-20 20:26 . 2014-03-20 21:45 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-20 13:51 . 2014-03-20 23:27 -------- d-----w- C:\FRST 2014-03-18 12:59 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-17 23:35 . 2014-03-18 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QueeenCoupon 2014-02-23 16:53 . 2014-02-23 16:53 -------- d-----w- c:\windows\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 13:25 . 2012-04-14 21:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-12 13:25 . 2011-07-07 13:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 11:46 . 2009-03-13 15:16 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2009-03-13 15:15 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2009-03-13 15:15 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45 . 2009-03-13 15:15 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54 . 2009-03-13 15:15 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01 . 2009-03-13 15:16 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55 . 2009-03-13 15:15 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-19 07:32 . 2010-01-03 20:15 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-01-04 03:13 . 2009-03-13 15:16 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-25 08:03 . 2013-12-15 22:44 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-12-25 08:03 . 2013-12-15 22:44 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-12-25 08:03 . 2013-12-15 22:44 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-12-25 08:03 . 2013-12-15 22:44 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-12-25 08:03 . 2013-12-15 22:44 421200 ----a-w- c:\windows\system32\msvcp100.dll 2009-03-13 15:45 . 2014-02-14 12:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-07-25 223128] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2012-06-15 136488] "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2012-06-15 234000] "UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2012-06-26 222504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\Buddy Harris\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-22 16:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GameConsoleService"=2 (0x2) "BrowserDefendert"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Documents and Settings\\Buddy Harris\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [12/24/2009 11:46 AM 53280] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [6/14/2012 11:23 PM 27760] S1 MpKsl4d344a32;MpKsl4d344a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys [?] S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [7/14/2009 5:18 PM 20492] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 6432] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2009 11:45 AM 30192] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/20/2014 4:26 PM 52312] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 14:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:25] . 2014-03-22 c:\windows\Tasks\COMODO System Cleaner Update.job - c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 21:37] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . 2014-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-22 c:\windows\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-22 18:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . Completion time: 2014-03-22 18:24:33 ComboFix-quarantined-files.txt 2014-03-22 22:24 ComboFix2.txt 2014-03-21 13:27 ComboFix3.txt 2014-03-21 12:08 . Pre-Run: 89,072,537,600 bytes free Post-Run: 89,057,517,568 bytes free . - - End Of File - - DF9C96580E67248C99B6CAE9C2E0FD2F EA228D2D5AAD83B7544D12986BDF25A2
  6. Like yesterday, I have to go out for awhile. I'll be back on as soon as possible. Here are the results of the ESET scan: C:\Documents and Settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\V3SdAIrBJS9z.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\Buddy Harris\Application Data\BabSolution\Shared\BabMaint.exe Win32/Toolbar.Babylon.I potentially unwanted application C:\Documents and Settings\Buddy Harris\Application Data\BabSolution\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application C:\Documents and Settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\prefs.js JS/SecurityDisabler.A.Gen potentially unwanted application C:\Documents and Settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application C:\Documents and Settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components\red.js JS/Redirector.NBI trojan C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\Buddy Harris\My Documents\Downloads\ZipOpenerSetup.exe Win32/InstallCore.CD potentially unwanted application C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\content\bg.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\content\bg.js Win32/Adware.MultiPlug.H application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000038.dll a variant of Win32/SProtector.D potentially unwanted application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000047.exe a variant of Win32/AdWare.SpeedingUpMyPC.D application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000051.exe a variant of Win32/AdWare.AD150.A application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000052.exe a variant of Win32/AdWare.AD150.A application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000053.exe a variant of Win32/AdWare.AddLyrics.AF application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000054.exe Win32/AdWare.AddLyrics.AE application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000056.dll a variant of Win32/Adware.Yontoo.B application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000059.exe Win32/InstallCore.AZ potentially unwanted application
  7. Malwarebytes Anti-Malware found one file this time. Here is the log file: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.21.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Buddy Harris :: EMACHINE-98E05C [administrator] 3/21/2014 9:48:23 AM mbam-log-2014-03-21 (09-48-23).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 304355 Time elapsed: 1 hour(s), 3 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\Re_Markable (PUP.Optional.ReMarkable.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. If I understand correctly, I am to go ahead and run Malwarebytes' Anti-Malware now. I will wait a few minutes in case you tell me to wait before I do that. Below, is the ComboFix,txt file: ComboFix 14-03-19.01 - Buddy Harris 03/21/2014 9:10.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.444 [GMT -4:00] Running from: c:\documents and settings\Buddy Harris\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Buddy Harris\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\system32\drivers\awikfypi.sys" "c:\windows\system32\drivers\eygjlels.sys" "c:\windows\system32\drivers\pnjvxpgn.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Deealu44Real c:\program files\MyPC Backup c:\program files\MyPC Backup\DEL_AWSSDK.dll c:\program files\MyPC Backup\DEL_GetText.dll c:\program files\MyPC Backup\DEL_MPCBClient.dll c:\program files\MyPC Backup\DEL_MyPC Backup.exe c:\program files\MyPC Backup\DEL_ObjectListView.dll c:\program files\MyPC Backup\DEL_Shared Stack.dll c:\program files\MyPC Backup\x86\System.Data.SQLite.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_awikfypi -------\Service_eygjlels -------\Service_pnjvxpgn . . ((((((((((((((((((((((((( Files Created from 2014-02-21 to 2014-03-21 ))))))))))))))))))))))))))))))) . . 2014-03-21 12:21 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66273ECC-EE1D-4E21-8BA5-CE12AB576A55}\mpengine.dll 2014-03-20 20:26 . 2014-03-20 21:45 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-20 13:51 . 2014-03-20 23:27 -------- d-----w- C:\FRST 2014-03-19 13:07 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-18 12:59 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-17 23:35 . 2014-03-18 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QueeenCoupon 2014-02-23 16:53 . 2014-02-23 16:53 -------- d-----w- c:\windows\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 13:25 . 2012-04-14 21:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-12 13:25 . 2011-07-07 13:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 11:46 . 2009-03-13 15:16 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2009-03-13 15:15 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2009-03-13 15:15 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45 . 2009-03-13 15:15 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54 . 2009-03-13 15:15 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01 . 2009-03-13 15:16 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55 . 2009-03-13 15:15 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-19 07:32 . 2010-01-03 20:15 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-01-04 03:13 . 2009-03-13 15:16 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-25 08:03 . 2013-12-15 22:44 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-12-25 08:03 . 2013-12-15 22:44 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-12-25 08:03 . 2013-12-15 22:44 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-12-25 08:03 . 2013-12-15 22:44 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-12-25 08:03 . 2013-12-15 22:44 421200 ----a-w- c:\windows\system32\msvcp100.dll 2009-03-13 15:45 . 2014-02-14 12:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-07-25 223128] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2012-06-15 136488] "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2012-06-15 234000] "UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2012-06-26 222504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\Buddy Harris\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-22 16:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GameConsoleService"=2 (0x2) "BrowserDefendert"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Documents and Settings\\Buddy Harris\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [12/24/2009 11:46 AM 53280] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [6/14/2012 11:23 PM 27760] S1 MpKsl4d344a32;MpKsl4d344a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys [?] S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [7/14/2009 5:18 PM 20492] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 6432] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2009 11:45 AM 30192] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/20/2014 4:26 PM 52312] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 14:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:25] . 2014-03-21 c:\windows\Tasks\COMODO System Cleaner Update.job - c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 21:37] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . 2014-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-20 c:\windows\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-21 09:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2360) c:\windows\system32\WININET.dll c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\RTHDCPL.EXE c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\netdde.exe c:\windows\system32\agrsmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\msiexec.exe c:\windows\system32\sessmgr.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2014-03-21 09:27:16 - machine was rebooted ComboFix-quarantined-files.txt 2014-03-21 13:27 ComboFix2.txt 2014-03-21 12:08 . Pre-Run: 89,744,543,744 bytes free Post-Run: 89,723,326,464 bytes free . - - End Of File - - EDD77D327E03D7AB4150EE39869B9D7A EA228D2D5AAD83B7544D12986BDF25A2
  9. I don't know where to find CFScript.txt. I have a "Combofix.txt".
  10. The combofix log file: ComboFix 14-03-19.01 - Buddy Harris 03/21/2014 7:46.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.359 [GMT -4:00] Running from: c:\documents and settings\Buddy Harris\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.ilg c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe c:\documents and settings\Buddy Harris\97 c:\documents and settings\Buddy Harris\97\97.jokosher c:\documents and settings\Buddy Harris\97\audio\A-whistle_2.mp3 c:\documents and settings\Buddy Harris\97\audio\Old97-rhy-lead_15.mp3 c:\documents and settings\Buddy Harris\97\audio\old97-rhythm_8.mp3 c:\documents and settings\Buddy Harris\97\audio\Record001_7.mp3 c:\documents and settings\Buddy Harris\97\levels\A-whistle_2.mp3_2.leveldata c:\documents and settings\Buddy Harris\97\levels\Old97-rhy-lead_15.mp3_15.leveldata c:\documents and settings\Buddy Harris\97\levels\old97-rhythm_8.mp3_8.leveldata c:\documents and settings\Buddy Harris\97\levels\Record001.mp3_6.leveldata c:\documents and settings\Buddy Harris\97\levels\Record001_7.mp3_7.leveldata c:\documents and settings\Buddy Harris\97\levels\try-steam.mp3_6.leveldata c:\documents and settings\Buddy Harris\GoToAssistDownloadHelper.exe c:\documents and settings\Buddy Harris\Local Settings\Application Data\dfl20z32.dll c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\mJE4snBK7a.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\SKOt0.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_openkkkcbebpnegmpipkfpbfpjmdonmf_0.localstorage-journal c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_openkkkcbebpnegmpipkfpbfpjmdonmf_0.localstorage c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\bootstrap.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\chrome.manifest c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\content\bg.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\install.rdf c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\bootstrap.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\chrome.manifest c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\content\bg.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\install.rdf c:\windows\system32\ c:\windows\system32\SET190.tmp c:\windows\system32\SET193.tmp c:\windows\system32\SET197.tmp c:\windows\system32\SET19F.tmp c:\windows\system32\SET1A1.tmp c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . . ((((((((((((((((((((((((( Files Created from 2014-02-21 to 2014-03-21 ))))))))))))))))))))))))))))))) . . 2014-03-20 20:26 . 2014-03-20 21:45 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-20 13:51 . 2014-03-20 23:27 -------- d-----w- C:\FRST 2014-03-20 13:05 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\mpengine.dll 2014-03-19 13:07 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-18 12:59 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-17 23:35 . 2014-03-18 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QueeenCoupon 2014-02-23 16:53 . 2014-02-23 16:53 -------- d-----w- c:\windows\Downloaded Installations 2014-02-23 14:57 . 2014-02-23 14:57 -------- d-----w- c:\program files\Deealu44Real 2014-02-23 14:07 . 2014-03-18 11:57 -------- d-----w- c:\program files\MyPC Backup . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 13:25 . 2012-04-14 21:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-12 13:25 . 2011-07-07 13:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 11:46 . 2009-03-13 15:16 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2009-03-13 15:15 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2009-03-13 15:15 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45 . 2009-03-13 15:15 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54 . 2009-03-13 15:15 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01 . 2009-03-13 15:16 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55 . 2009-03-13 15:15 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-19 07:32 . 2010-01-03 20:15 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-01-04 03:13 . 2009-03-13 15:16 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-25 08:03 . 2013-12-15 22:44 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-12-25 08:03 . 2013-12-15 22:44 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-12-25 08:03 . 2013-12-15 22:44 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-12-25 08:03 . 2013-12-15 22:44 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-12-25 08:03 . 2013-12-15 22:44 421200 ----a-w- c:\windows\system32\msvcp100.dll 2009-03-13 15:45 . 2014-02-14 12:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-07-25 223128] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2012-06-15 136488] "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2012-06-15 234000] "UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2012-06-26 222504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Del1175380656"="del" [X] "Del26093359"="del" [X] . c:\documents and settings\Buddy Harris\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-22 16:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GameConsoleService"=2 (0x2) "BrowserDefendert"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Documents and Settings\\Buddy Harris\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [12/24/2009 11:46 AM 53280] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [6/14/2012 11:23 PM 27760] S1 awikfypi;awikfypi;\??\c:\windows\system32\drivers\awikfypi.sys --> c:\windows\system32\drivers\awikfypi.sys [?] S1 eygjlels;eygjlels;\??\c:\windows\system32\drivers\eygjlels.sys --> c:\windows\system32\drivers\eygjlels.sys [?] S1 MpKsl4d344a32;MpKsl4d344a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys [?] S1 pnjvxpgn;pnjvxpgn;\??\c:\windows\system32\drivers\pnjvxpgn.sys --> c:\windows\system32\drivers\pnjvxpgn.sys [?] S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [7/14/2009 5:18 PM 20492] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 6432] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2009 11:45 AM 30192] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/20/2014 4:26 PM 52312] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 14:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:25] . 2014-03-20 c:\windows\Tasks\COMODO System Cleaner Update.job - c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 21:37] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . 2014-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-20 c:\windows\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) BHO-{BA7B8F3A-20D1-34E9-3785-0CFE3833AFA8} - (no file) Toolbar-Locked - (no file) HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe SafeBoot-42233895.sys MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-21 08:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,4e,83,62,d9,79,95,47,b4,c5,54,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,8c,ce,2e,9f,d6,cc,46,8e,bc,ad,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3612) c:\windows\system32\WININET.dll c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\RTHDCPL.EXE c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\netdde.exe c:\windows\system32\agrsmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\msiexec.exe c:\windows\system32\sessmgr.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2014-03-21 08:08:53 - machine was rebooted ComboFix-quarantined-files.txt 2014-03-21 12:08 . Pre-Run: 88,402,358,272 bytes free Post-Run: 89,402,425,344 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - A3A44E9B907CE65FF26C048C12679EA1 EA228D2D5AAD83B7544D12986BDF25A2
  11. I will leave Farbar Recovery open from that last scan, waiting for you to tell me whether I should click fix or not.
  12. Should I click Fix and send the "Addition" file?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.