Jump to content

qpwillie

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by qpwillie

  1. Thank you so very much!!!!!!!!!!!!!! Everything seems to be working great.
  2. OK, here is the log from Adwcleaner and the checkup.txt. First, the Adwcleaner log: # AdwCleaner v3.022 - Report created 22/03/2014 at 20:45:01 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Buddy Harris - EMACHINE-98E05C # Running from : C:\Documents and Settings\Buddy Harris\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Free Ride Games Folder Deleted : C:\Documents and Settings\All Users\Application Data\w3i Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder Folder Deleted : C:\Documents and Settings\All Users\Application Data\QueeenCoupon Folder Deleted : C:\Program Files\Free Ride Games Folder Deleted : C:\Program Files\w3i Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\Delta Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\DigitalSites Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\SearchProtect Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\torch Folder Deleted : C:\Documents and Settings\Buddy Harris\Application Data\digitalsite Folder Deleted : C:\Documents and Settings\Buddy Harris\Application Data\DigitalSites Folder Deleted : C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\Extensions\staged Folder Deleted : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\Extensions\staged Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp Folder Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof File Deleted : C:\WINDOWS\system32\conduitEngine.tmp File Deleted : C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\BargainWorkbench.crx File Deleted : C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\invalidprefs.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gebcpofjimbbchggpnfcaiieolloeodp Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKCU\Software\5855ded1b43abd43 Key Deleted : HKLM\SOFTWARE\5855ded1b43abd43 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\Freecorder extension Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\torch Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\torch Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\prefs.js ] [ File : C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\prefs.js ] Line Deleted : user_pref("extensions.2TtEsHCHX7cj.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(w[...] Line Deleted : user_pref("extensions.BfMowvApHZ.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.[...] Line Deleted : user_pref("extensions.XiXJbH0lQTRS.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(w[...] Line Deleted : user_pref("extensions.YDbF9L.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=65017/)[...] Line Deleted : user_pref("extensions.crossrider.bic", "1445f146511279b6929678857f57f907"); Line Deleted : user_pref("extensions.xopoj.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"onduit\")>-1||url.match(/[...] ************************* AdwCleaner[R0].txt - [11451 octets] - [22/03/2014 19:01:04] AdwCleaner[s0].txt - [11373 octets] - [22/03/2014 20:45:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11434 octets] ########## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- And now checkup.txt: Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Windows Defender Malwarebytes Anti-Malware version 1.75.0.1300 AVS Registry Cleaner 2.3.2.257 AVS Registry Cleaner version 2.2 Java 6 Update 37 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 27.0.1 Firefox out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  3. I did wrong. I was trying to talk with visitors when I ran Adwcleaner and I didn't realize that I needed to open those tabs and clean. I am now doing that and afterwards, I will run SecurityCheck again as you instructed. I apologize for my mistake.
  4. I ran Awdcleaner and it found nothing so I assume there is no log file. Here is the log file from Security Check: Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Windows Defender Malwarebytes Anti-Malware version 1.75.0.1300 AVS Registry Cleaner 2.3.2.257 AVS Registry Cleaner version 2.2 Java 6 Update 37 Java version out of Date! Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 27.0.1 Firefox out of Date! Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````
  5. Should I restart to check for problems? Here is combofix.txt ComboFix 14-03-19.01 - Buddy Harris 03/22/2014 18:12:10.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.401 [GMT -4:00] Running from: c:\documents and settings\Buddy Harris\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Buddy Harris\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\documents and settings\Buddy Harris\My Documents\Downloads\ZipOpenerSetup.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\background.html c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\content.js c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\lsdb.js c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\manifest.json c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\sqlite.js c:\documents and settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\V3SdAIrBJS9z.js c:\documents and settings\Buddy Harris\Application Data\BabSolution c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\BabMaint.exe c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\BUSolution.dll c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\GUninstaller.exe c:\documents and settings\Buddy Harris\Application Data\BabSolution\Shared\SetupParams.ini c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\addons.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\addons.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\blocklist.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-11_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-12_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-13_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-14_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-15_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-16_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-17_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-18_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-19_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-20_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarkbackups\bookmarks-2013-12-21_277.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bookmarks.html c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bProtector_extensions.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bProtector_extensions.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\bprotector_prefs.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\cert8.db c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\chrome\userChrome-example.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\chrome\userContent-example.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\compatibility.ini c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\compreg.dat c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\content-prefs.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\cookies.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.ini c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.log c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome\chrome_user.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\content\fastdiscountz.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\content\images\32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{2a4808f0-e451-4d0b-982a-bb0f44d3354d}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome\ytoolbar.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\extconfig.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooInjectoManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooInjectoManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYTBXPCOM.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogFileAppender.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogger.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYLogger.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\Lightening.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\yahoo.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\manifest.mf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.rsa c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF\zigbert.sf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content\bargainjoy.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content\images\32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components\red.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content\images\32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content\webtosave.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\defaults\preferences\defaults.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\background.html c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\button.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\config.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\framework.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\framework.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-128.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-16.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-18.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-24.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-256.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-32.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-48.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\img\fc7_toolbar_icon-64.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\jquery-1.6.2.min.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\jquery.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\js\bg.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\js\content.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\options.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\arrow-dn.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\clipper.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\convert.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\help.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\lock.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\logo-24.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\logo.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\mp3_editor.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\music.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\play-flv.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\play.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\radio.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\screen.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\search.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\triangle-1-s.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\tv.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\upgrade.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\upgrade2.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\vid-history.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\video-history.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\video.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\video_encryptor.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\vpl.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\youtube-square.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\images\youtube.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\jquery-1.7.2.min.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\popup.html c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\popup.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\popup\style.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\content\settings.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\chrome\skin\framework.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\addon@freecorder.com\plugins\npFreeCoder.dll c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\components\FFDisp.dll c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\delta.css c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\delta.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\dpk.htm c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\hlprs.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\arwDwn.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\closeo.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ae.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\bg.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ch.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\cn.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\cz.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\de.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\eg.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\en.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\es.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\fr.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\gr.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\he.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\il.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\it.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ja.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\jp.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\nl.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\no.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\pl.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\pt.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ro.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ru.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\sa.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\se.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\sv.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\tr.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ua.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\us.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\help_16.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\home.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\icon_seperator.png c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\logo.PNG c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\privecy_16_hot.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\sign.jpg c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\specialoffer.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\tellafriend.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\imgs\uninstall.gif c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\loader.xul c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\mtstart.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\serp.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\content\tmplt.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\uninstall.exe c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\myhomepage_manishjain9@gmail.com.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\plugin@yontoo.com.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\status4evar@caligonstudios.com.xpi c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\chrome.manifest c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\chrome\wecarereminder.jar c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\httpModifyListener.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.idl c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCVisitedHash.idl c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCVisitedHash.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\components\WCVisitedHash.xpt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\defaults\preferences\wecarereminder.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\install.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\MerchHash.txt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\META-INF\manifest.mf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\META-INF\zigbert.rsa c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\wecarereminder@bryan\META-INF\zigbert.sf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\formhistory.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\healthreport.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\healthreport\state.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\key3.db c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\localstore-safe.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\localstore.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\marionette.log c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\mimeTypes.rdf c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\48d9e861-eea3-4c4e-8a60-796b5c8d2946.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\48d9e861-eea3-4c4e-8a60-796b5c8d2946.extra c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\69fc6fdf-8fbf-4c74-b73c-eb6a79fdf511.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\69fc6fdf-8fbf-4c74-b73c-eb6a79fdf511.extra c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\6d6c0a96-175b-472a-87ed-69eadf1baa0f.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\minidumps\9b7df193-5b40-467c-8c5c-e7d8cc9841a5.dmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\parent.lock c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\permissions.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\persdict.dat c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\places.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\pluginreg.dat c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\prefs.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search-metadata.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search-metadata.json.tmp c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\search.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\searchplugins\babylon.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\searchplugins\conduit-search.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\searchplugins\SweetIM Search.xml c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\secmod.db c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\sessionstore.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\signons.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\storage\persistent\chrome\.metadata c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\storage\persistent\chrome\idb\2588645841ssegtnti.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\storage\persistent\chrome\idb\846562544phus.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\Telemetry.FailedProfileLocks.txt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\times.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\urlclassifierkey3.txt c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\user.js c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\webapps\webapps.json c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\webappsstore.sqlite c:\documents and settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\xpti.dat c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\sqlite.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\sqlite.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\install.rdf . . ((((((((((((((((((((((((( Files Created from 2014-02-22 to 2014-03-22 ))))))))))))))))))))))))))))))) . . 2014-03-22 13:35 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7CD5B51-6A01-44F2-982F-8CFE91E753EB}\mpengine.dll 2014-03-21 16:49 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-21 15:48 . 2014-03-21 15:48 -------- d-----w- c:\program files\ESET 2014-03-20 20:26 . 2014-03-20 21:45 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-20 13:51 . 2014-03-20 23:27 -------- d-----w- C:\FRST 2014-03-18 12:59 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-17 23:35 . 2014-03-18 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QueeenCoupon 2014-02-23 16:53 . 2014-02-23 16:53 -------- d-----w- c:\windows\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 13:25 . 2012-04-14 21:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-12 13:25 . 2011-07-07 13:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 11:46 . 2009-03-13 15:16 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2009-03-13 15:15 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2009-03-13 15:15 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45 . 2009-03-13 15:15 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54 . 2009-03-13 15:15 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01 . 2009-03-13 15:16 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55 . 2009-03-13 15:15 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-19 07:32 . 2010-01-03 20:15 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-01-04 03:13 . 2009-03-13 15:16 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-25 08:03 . 2013-12-15 22:44 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-12-25 08:03 . 2013-12-15 22:44 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-12-25 08:03 . 2013-12-15 22:44 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-12-25 08:03 . 2013-12-15 22:44 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-12-25 08:03 . 2013-12-15 22:44 421200 ----a-w- c:\windows\system32\msvcp100.dll 2009-03-13 15:45 . 2014-02-14 12:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-07-25 223128] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2012-06-15 136488] "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2012-06-15 234000] "UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2012-06-26 222504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\Buddy Harris\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-22 16:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GameConsoleService"=2 (0x2) "BrowserDefendert"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Documents and Settings\\Buddy Harris\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [12/24/2009 11:46 AM 53280] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [6/14/2012 11:23 PM 27760] S1 MpKsl4d344a32;MpKsl4d344a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys [?] S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [7/14/2009 5:18 PM 20492] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 6432] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2009 11:45 AM 30192] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/20/2014 4:26 PM 52312] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 14:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:25] . 2014-03-22 c:\windows\Tasks\COMODO System Cleaner Update.job - c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 21:37] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . 2014-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-22 c:\windows\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-22 18:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . Completion time: 2014-03-22 18:24:33 ComboFix-quarantined-files.txt 2014-03-22 22:24 ComboFix2.txt 2014-03-21 13:27 ComboFix3.txt 2014-03-21 12:08 . Pre-Run: 89,072,537,600 bytes free Post-Run: 89,057,517,568 bytes free . - - End Of File - - DF9C96580E67248C99B6CAE9C2E0FD2F EA228D2D5AAD83B7544D12986BDF25A2
  6. Like yesterday, I have to go out for awhile. I'll be back on as soon as possible. Here are the results of the ESET scan: C:\Documents and Settings\All Users\Application Data\hkclcpgekhbmfnliibkigkofgeglnkip\V3SdAIrBJS9z.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\Buddy Harris\Application Data\BabSolution\Shared\BabMaint.exe Win32/Toolbar.Babylon.I potentially unwanted application C:\Documents and Settings\Buddy Harris\Application Data\BabSolution\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application C:\Documents and Settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\prefs.js JS/SecurityDisabler.A.Gen potentially unwanted application C:\Documents and Settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\ffxtlbr@delta.com\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application C:\Documents and Settings\Buddy Harris\Desktop\Old Firefox Data\n21yugk4.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\components\red.js JS/Redirector.NBI trojan C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Torch\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh\1.2\Z2XoMbPuT_2a.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\Buddy Harris\My Documents\Downloads\ZipOpenerSetup.exe Win32/InstallCore.CD potentially unwanted application C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\ekt0d@cyeoesaoeo.net\content\bg.js Win32/Adware.MultiPlug.H application C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\u_6nc@cvuydioe.co.uk\content\bg.js Win32/Adware.MultiPlug.H application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000038.dll a variant of Win32/SProtector.D potentially unwanted application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000047.exe a variant of Win32/AdWare.SpeedingUpMyPC.D application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000051.exe a variant of Win32/AdWare.AD150.A application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000052.exe a variant of Win32/AdWare.AD150.A application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000053.exe a variant of Win32/AdWare.AddLyrics.AF application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000054.exe Win32/AdWare.AddLyrics.AE application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000056.dll a variant of Win32/Adware.Yontoo.B application C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP3\A0000059.exe Win32/InstallCore.AZ potentially unwanted application
  7. Malwarebytes Anti-Malware found one file this time. Here is the log file: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.21.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Buddy Harris :: EMACHINE-98E05C [administrator] 3/21/2014 9:48:23 AM mbam-log-2014-03-21 (09-48-23).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 304355 Time elapsed: 1 hour(s), 3 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\Re_Markable (PUP.Optional.ReMarkable.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. If I understand correctly, I am to go ahead and run Malwarebytes' Anti-Malware now. I will wait a few minutes in case you tell me to wait before I do that. Below, is the ComboFix,txt file: ComboFix 14-03-19.01 - Buddy Harris 03/21/2014 9:10.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.444 [GMT -4:00] Running from: c:\documents and settings\Buddy Harris\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Buddy Harris\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\windows\system32\drivers\awikfypi.sys" "c:\windows\system32\drivers\eygjlels.sys" "c:\windows\system32\drivers\pnjvxpgn.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Deealu44Real c:\program files\MyPC Backup c:\program files\MyPC Backup\DEL_AWSSDK.dll c:\program files\MyPC Backup\DEL_GetText.dll c:\program files\MyPC Backup\DEL_MPCBClient.dll c:\program files\MyPC Backup\DEL_MyPC Backup.exe c:\program files\MyPC Backup\DEL_ObjectListView.dll c:\program files\MyPC Backup\DEL_Shared Stack.dll c:\program files\MyPC Backup\x86\System.Data.SQLite.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_awikfypi -------\Service_eygjlels -------\Service_pnjvxpgn . . ((((((((((((((((((((((((( Files Created from 2014-02-21 to 2014-03-21 ))))))))))))))))))))))))))))))) . . 2014-03-21 12:21 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66273ECC-EE1D-4E21-8BA5-CE12AB576A55}\mpengine.dll 2014-03-20 20:26 . 2014-03-20 21:45 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-20 13:51 . 2014-03-20 23:27 -------- d-----w- C:\FRST 2014-03-19 13:07 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-18 12:59 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-17 23:35 . 2014-03-18 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QueeenCoupon 2014-02-23 16:53 . 2014-02-23 16:53 -------- d-----w- c:\windows\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 13:25 . 2012-04-14 21:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-12 13:25 . 2011-07-07 13:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 11:46 . 2009-03-13 15:16 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2009-03-13 15:15 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2009-03-13 15:15 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45 . 2009-03-13 15:15 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54 . 2009-03-13 15:15 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01 . 2009-03-13 15:16 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55 . 2009-03-13 15:15 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-19 07:32 . 2010-01-03 20:15 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-01-04 03:13 . 2009-03-13 15:16 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-25 08:03 . 2013-12-15 22:44 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-12-25 08:03 . 2013-12-15 22:44 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-12-25 08:03 . 2013-12-15 22:44 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-12-25 08:03 . 2013-12-15 22:44 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-12-25 08:03 . 2013-12-15 22:44 421200 ----a-w- c:\windows\system32\msvcp100.dll 2009-03-13 15:45 . 2014-02-14 12:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-07-25 223128] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2012-06-15 136488] "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2012-06-15 234000] "UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2012-06-26 222504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\Buddy Harris\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-22 16:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GameConsoleService"=2 (0x2) "BrowserDefendert"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Documents and Settings\\Buddy Harris\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [12/24/2009 11:46 AM 53280] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [6/14/2012 11:23 PM 27760] S1 MpKsl4d344a32;MpKsl4d344a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys [?] S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [7/14/2009 5:18 PM 20492] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 6432] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2009 11:45 AM 30192] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/20/2014 4:26 PM 52312] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 14:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:25] . 2014-03-21 c:\windows\Tasks\COMODO System Cleaner Update.job - c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 21:37] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . 2014-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-20 c:\windows\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-21 09:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2360) c:\windows\system32\WININET.dll c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\RTHDCPL.EXE c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\netdde.exe c:\windows\system32\agrsmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\msiexec.exe c:\windows\system32\sessmgr.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2014-03-21 09:27:16 - machine was rebooted ComboFix-quarantined-files.txt 2014-03-21 13:27 ComboFix2.txt 2014-03-21 12:08 . Pre-Run: 89,744,543,744 bytes free Post-Run: 89,723,326,464 bytes free . - - End Of File - - EDD77D327E03D7AB4150EE39869B9D7A EA228D2D5AAD83B7544D12986BDF25A2
  9. I don't know where to find CFScript.txt. I have a "Combofix.txt".
  10. The combofix log file: ComboFix 14-03-19.01 - Buddy Harris 03/21/2014 7:46.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.359 [GMT -4:00] Running from: c:\documents and settings\Buddy Harris\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.ilg c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe c:\documents and settings\Buddy Harris\97 c:\documents and settings\Buddy Harris\97\97.jokosher c:\documents and settings\Buddy Harris\97\audio\A-whistle_2.mp3 c:\documents and settings\Buddy Harris\97\audio\Old97-rhy-lead_15.mp3 c:\documents and settings\Buddy Harris\97\audio\old97-rhythm_8.mp3 c:\documents and settings\Buddy Harris\97\audio\Record001_7.mp3 c:\documents and settings\Buddy Harris\97\levels\A-whistle_2.mp3_2.leveldata c:\documents and settings\Buddy Harris\97\levels\Old97-rhy-lead_15.mp3_15.leveldata c:\documents and settings\Buddy Harris\97\levels\old97-rhythm_8.mp3_8.leveldata c:\documents and settings\Buddy Harris\97\levels\Record001.mp3_6.leveldata c:\documents and settings\Buddy Harris\97\levels\Record001_7.mp3_7.leveldata c:\documents and settings\Buddy Harris\97\levels\try-steam.mp3_6.leveldata c:\documents and settings\Buddy Harris\GoToAssistDownloadHelper.exe c:\documents and settings\Buddy Harris\Local Settings\Application Data\dfl20z32.dll c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf\2.2\mJE4snBK7a.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\background.html c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\content.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\lsdb.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\manifest.json c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf\1.4\SKOt0.js c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_openkkkcbebpnegmpipkfpbfpjmdonmf_0.localstorage-journal c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_openkkkcbebpnegmpipkfpbfpjmdonmf_0.localstorage c:\documents and settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\bootstrap.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\chrome.manifest c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\content\bg.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\eui-apoi@oaainfi-.net\install.rdf c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\bootstrap.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\chrome.manifest c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\content\bg.js c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fi5lqycr.default\extensions\staged\yikz6@kylag.co.uk\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\4uio@hsp-mlbz.co.uk\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\eui-apoi@oaainfi-.net\install.rdf c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\bootstrap.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\chrome.manifest c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\content\bg.js c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\jigqq0c1.default\extensions\staged\yikz6@kylag.co.uk\install.rdf c:\windows\system32\ c:\windows\system32\SET190.tmp c:\windows\system32\SET193.tmp c:\windows\system32\SET197.tmp c:\windows\system32\SET19F.tmp c:\windows\system32\SET1A1.tmp c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . . ((((((((((((((((((((((((( Files Created from 2014-02-21 to 2014-03-21 ))))))))))))))))))))))))))))))) . . 2014-03-20 20:26 . 2014-03-20 21:45 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-03-20 13:51 . 2014-03-20 23:27 -------- d-----w- C:\FRST 2014-03-20 13:05 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\mpengine.dll 2014-03-19 13:07 . 2014-03-07 04:35 7969936 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-18 12:59 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-17 23:35 . 2014-03-18 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QueeenCoupon 2014-02-23 16:53 . 2014-02-23 16:53 -------- d-----w- c:\windows\Downloaded Installations 2014-02-23 14:57 . 2014-02-23 14:57 -------- d-----w- c:\program files\Deealu44Real 2014-02-23 14:07 . 2014-03-18 11:57 -------- d-----w- c:\program files\MyPC Backup . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 13:25 . 2012-04-14 21:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-03-12 13:25 . 2011-07-07 13:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-24 11:46 . 2009-03-13 15:16 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2009-03-13 15:15 43520 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2009-03-13 15:15 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45 . 2009-03-13 15:15 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54 . 2009-03-13 15:15 385024 ----a-w- c:\windows\system32\html.iec 2014-02-07 02:01 . 2009-03-13 15:16 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:55 . 2009-03-13 15:15 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-19 07:32 . 2010-01-03 20:15 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-01-04 03:13 . 2009-03-13 15:16 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-25 08:03 . 2013-12-15 22:44 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-12-25 08:03 . 2013-12-15 22:44 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-12-25 08:03 . 2013-12-15 22:44 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-12-25 08:03 . 2013-12-15 22:44 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-12-25 08:03 . 2013-12-15 22:44 421200 ----a-w- c:\windows\system32\msvcp100.dll 2009-03-13 15:45 . 2014-02-14 12:18 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-07-25 223128] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2012-06-15 136488] "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2012-06-15 234000] "UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2012-06-26 222504] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Del1175380656"="del" [X] "Del26093359"="del" [X] . c:\documents and settings\Buddy Harris\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-22 16:25 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GameConsoleService"=2 (0x2) "BrowserDefendert"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Free FTP\\FreeFTP.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Documents and Settings\\Buddy Harris\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600] R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [12/24/2009 11:46 AM 53280] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [6/14/2012 11:23 PM 27760] S1 awikfypi;awikfypi;\??\c:\windows\system32\drivers\awikfypi.sys --> c:\windows\system32\drivers\awikfypi.sys [?] S1 eygjlels;eygjlels;\??\c:\windows\system32\drivers\eygjlels.sys --> c:\windows\system32\drivers\eygjlels.sys [?] S1 MpKsl4d344a32;MpKsl4d344a32;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys [?] S1 pnjvxpgn;pnjvxpgn;\??\c:\windows\system32\drivers\pnjvxpgn.sys --> c:\windows\system32\drivers\pnjvxpgn.sys [?] S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [7/14/2009 5:18 PM 20492] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 6432] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2009 11:45 AM 30192] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/20/2014 4:26 PM 52312] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 14:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:25] . 2014-03-20 c:\windows\Tasks\COMODO System Cleaner Update.job - c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 21:37] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 14:59] . 2014-03-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01] . 2014-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09] . 2014-03-20 c:\windows\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) BHO-{BA7B8F3A-20D1-34E9-3785-0CFE3833AFA8} - (no file) Toolbar-Locked - (no file) HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe SafeBoot-42233895.sys MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-21 08:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,4e,83,62,d9,79,95,47,b4,c5,54,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,8c,ce,2e,9f,d6,cc,46,8e,bc,ad,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3612) c:\windows\system32\WININET.dll c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\DropboxExt.22.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\RTHDCPL.EXE c:\documents and settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\netdde.exe c:\windows\system32\agrsmsvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\msiexec.exe c:\windows\system32\sessmgr.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2014-03-21 08:08:53 - machine was rebooted ComboFix-quarantined-files.txt 2014-03-21 12:08 . Pre-Run: 88,402,358,272 bytes free Post-Run: 89,402,425,344 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - A3A44E9B907CE65FF26C048C12679EA1 EA228D2D5AAD83B7544D12986BDF25A2
  11. I will leave Farbar Recovery open from that last scan, waiting for you to tell me whether I should click fix or not.
  12. Should I click Fix and send the "Addition" file?
  13. Here is the log file from the rescan. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Buddy Harris (administrator) on EMACHINE-98E05C on 20-03-2014 19:25:40 Running from C:\Documents and Settings\Buddy Harris\Desktop Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\Program Files\Re-Markable\Re-Markable_wd.exe (Microsoft Corporation) C:\WINDOWS\system32\netdde.exe (Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation) C:\WINDOWS\system32\clipsrv.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe () C:\Program Files\Re-Markable\Re-Markable154.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corp., Veritas Software) C:\WINDOWS\System32\dmadmin.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe (Dropbox, Inc.) C:\Documents and Settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\WINDOWS\System32\mshta.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-15] (Cyberlink Corp.) HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-09] () HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256 2010-03-22] (RealNetworks, Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink) HKLM\...\Run: [updateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [223128 2012-07-25] (CyberLink Corp.) HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [YouCam Mirage] - C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink) HKLM\...\Run: [YouCam Tray] - C:\Program Files\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.) HKLM\...\Run: [updatePSTShortCut] - C:\Program Files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe [222504 2012-06-25] (CyberLink Corp.) HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex HKU\.DEFAULT\...\RunOnce: [Del1175380656] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" HKU\.DEFAULT\...\RunOnce: [Del26093359] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" HKU\S-1-5-21-608057341-2165517387-3308722516-1005\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] () Lsa: [Notification Packages] :\WINDOW Startup: C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Buddy Harris\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x02A8FBF3371ACC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3310031&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDC1460A6-8C8C-42BA-A33D-8C553CCAC6BF&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3310031&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDC1460A6-8C8C-42BA-A33D-8C553CCAC6BF&q={searchTerms}&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3C08001D72BB6390&affID=119351&tt=160211_ask&tsp=4958 SearchScopes: HKCU - {5424D314-A768-475D-A25D-96E21FCFEB38} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111146,6901,0,8,0 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - {8562D569-A136-4028-B9CF-4E01D372E2F4} URL = https://www.google.com/search?q={searchTerms} BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: deAl4me - {BA7B8F3A-20D1-34E9-3785-0CFE3833AFA8} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015 FF Homepage: https://www.google.com/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.732 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.732 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Extension: Status-4-Evar - C:\Documents and Settings\Buddy Harris\Application Data\Mozilla\Firefox\Profiles\rx2a4r2n.default-1387638332015\Extensions\status4evar@caligonstudios.com.xpi [2013-12-21] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-14] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-14] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-09-27] FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com Chrome: ======= CHR DefaultSearchKeyword: conduit.search CHR DefaultSearchProvider: Conduit Search CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3310031&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPDC1460A6-8C8C-42BA-A33D-8C553CCAC6BF&q={searchTerms}&SSPV= CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (Microsoft\xC3\x82\xC2\xAE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft\xC3\x82\xC2\xAE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Exent\xC3\x82\xC2\xAE AOD Gecko Plugin) - C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\xC3\x82\xC2\xAE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (deAl4me) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhdkbbbdgijnmanhokhaongilcekhmjh [2014-01-24] CHR Extension: (Ratchet & Clank Future 2) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn [2012-10-08] CHR Extension: (SaleusiCHeckeer) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flcmoidkcnpijacjjkldfjfjpgeobggf [2014-03-17] CHR Extension: (Bargain Workbench) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp [2014-02-22] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-09-28] CHR Extension: (Remove \) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2013-08-01] CHR Extension: (BargainJoy) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khongjfjjmklggionajlpjcpmnppdace [2014-02-22] CHR Extension: (Torch Share) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-02-22] CHR Extension: (We-Care Reminder Lite) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon [2012-09-28] CHR Extension: (Deealu44Real) - C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\openkkkcbebpnegmpipkfpbfpjmdonmf [2014-02-13] CHR HKLM\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\APPLIC~1\BargainWorkbench.crx [2013-09-04] CHR HKLM\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files\Freecorder extension\Freecorder.crx [2013-09-04] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-03-22] CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\APPLIC~1\newhb.crx [2013-08-01] CHR HKLM\...\Chrome\Extension: [khongjfjjmklggionajlpjcpmnppdace] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\APPLIC~1\BargainJoy.crx [2013-09-14] CHR HKLM\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\Documents and Settings\All Users\Application Data\WeCareReminder\\wecarereminderro.crx [2011-07-08] CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\DOCUME~1\BUDDYH~1\LOCALS~1\Temp\YontooLayers.crx [2011-07-08] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [190616 2013-12-15] () S2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [20492 2008-07-16] () S4 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [157144 2008-05-05] (WildTangent, Inc.) S3 GoogleDesktopManager-092308-165331; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-03-13] (Google) R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-09-24] (Sun Microsystems, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) R2 Re-Markable; C:\Program Files\Re-Markable\Re-Markable154.exe [181248 2014-02-23] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [264424 2007-05-13] () S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [6432 2006-11-03] (Microsoft Corporation) S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [52312 2014-03-20] (Malwarebytes Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) R1 MpKsl4d344a32; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys [39464 2014-03-20] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation) R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) R2 X4HS32Ex; C:\Program Files\Free Ride Games\X4HS32Ex.Sys [53280 2009-04-06] (Exent Technologies Ltd.) S1 awikfypi; \??\C:\WINDOWS\system32\drivers\awikfypi.sys [X] S1 eygjlels; \??\C:\WINDOWS\system32\drivers\eygjlels.sys [X] S3 int15.sys; \??\c:\acernb\int15.sys [X] U4 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] S1 pnjvxpgn; \??\C:\WINDOWS\system32\drivers\pnjvxpgn.sys [X] U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== Error(0) reading file: "C:\WINDOWS\system32\ " 2014-03-20 16:29 - 2014-03-20 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-03-20 16:26 - 2014-03-20 17:45 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-03-20 16:25 - 2014-03-20 17:37 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Desktop\mbar 2014-03-20 16:24 - 2014-03-20 16:24 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Buddy Harris\Desktop\mbar-1.07.0.1009.exe 2014-03-20 10:40 - 2014-03-20 10:40 - 00002080 _____ () C:\Documents and Settings\Buddy Harris\Desktop\aswMBR.txt 2014-03-20 10:40 - 2014-03-20 10:40 - 00000512 _____ () C:\Documents and Settings\Buddy Harris\Desktop\MBR.dat 2014-03-20 10:36 - 2014-03-20 10:37 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Buddy Harris\Desktop\aswmbr.exe 2014-03-20 10:06 - 2014-03-20 10:06 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Desktop\tdsskiller 2014-03-20 10:05 - 2014-03-20 10:04 - 04110135 _____ () C:\Documents and Settings\Buddy Harris\Desktop\tdsskiller.zip 2014-03-20 09:54 - 2014-03-20 09:55 - 00040912 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Addition.txt 2014-03-20 09:51 - 2014-03-20 19:26 - 00024057 _____ () C:\Documents and Settings\Buddy Harris\Desktop\FRST.txt 2014-03-20 09:51 - 2014-03-20 19:25 - 00000000 ____D () C:\FRST 2014-03-20 08:36 - 2014-03-20 08:36 - 01145856 _____ (Farbar) C:\Documents and Settings\Buddy Harris\Desktop\FRST.exe 2014-03-18 18:31 - 2014-03-19 20:32 - 00002418 _____ () C:\WINDOWS\wmsetup.log 2014-03-18 15:27 - 2014-03-18 15:27 - 00000000 ____D () C:\Avenger 2014-03-18 08:59 - 2014-03-18 08:59 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-18 08:59 - 2014-03-18 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-18 08:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-17 19:35 - 2014-03-18 15:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\QueeenCoupon 2014-03-17 09:37 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\~ Realtek HD Sound Effect Manager.lnk 2014-03-17 09:36 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Shortcut to Realtek HD Sound Effect Manager.lnk 2014-03-17 09:08 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Shortcut to Realtek HD Sound Effect Manager.lnk 2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-02-23 13:06 - 2014-02-23 13:06 - 00064240 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-02-23 12:58 - 2014-02-23 12:58 - 00001740 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Audition 1.5.lnk 2014-02-23 12:58 - 2014-02-23 12:58 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Audition 1.5.lnk 2014-02-23 12:53 - 2014-02-23 12:53 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2014-02-23 10:57 - 2014-02-23 10:57 - 00000000 ____D () C:\Program Files\Deealu44Real 2014-02-23 10:09 - 2014-02-23 10:10 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\WinRAR 2014-02-23 10:07 - 2014-03-18 07:57 - 00000000 ____D () C:\Program Files\MyPC Backup 2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Weather Alerts 2014-02-23 10:05 - 2014-03-20 17:42 - 00000372 _____ () C:\WINDOWS\Tasks\Re-Markable_wd.job 2014-02-23 10:05 - 2014-02-23 10:06 - 00000000 ____D () C:\Program Files\Re-Markable ==================== One Month Modified Files and Folders ======= 2014-03-20 19:26 - 2014-03-20 09:51 - 00024057 _____ () C:\Documents and Settings\Buddy Harris\Desktop\FRST.txt 2014-03-20 19:25 - 2014-03-20 09:51 - 00000000 ____D () C:\FRST 2014-03-20 19:23 - 2012-04-14 17:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-20 19:03 - 2010-06-02 11:05 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-20 18:29 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At19.job 2014-03-20 18:28 - 2014-02-17 01:28 - 00000420 _____ () C:\WINDOWS\Tasks\At27.job 2014-03-20 18:28 - 2014-02-12 01:28 - 00000420 _____ () C:\WINDOWS\Tasks\At26.job 2014-03-20 18:28 - 2013-07-29 08:28 - 00000420 _____ () C:\WINDOWS\Tasks\At25.job 2014-03-20 17:52 - 2013-11-24 17:13 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-03-20 17:50 - 2014-03-20 16:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-03-20 17:46 - 2011-05-24 11:27 - 01797047 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-20 17:45 - 2014-03-20 16:26 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-03-20 17:45 - 2012-11-30 17:44 - 00000000 ___RD () C:\Documents and Settings\Buddy Harris\My Documents\Dropbox 2014-03-20 17:45 - 2012-11-30 17:35 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\Dropbox 2014-03-20 17:43 - 2011-05-24 11:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-20 17:43 - 2011-05-24 11:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-20 17:43 - 2009-07-14 17:16 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\CyberLink DVD Suite 2014-03-20 17:43 - 2009-07-14 17:16 - 00000000 ____D () C:\Documents and Settings\Buddy Harris 2014-03-20 17:43 - 2009-03-13 11:25 - 00000000 ____D () C:\WINDOWS\Registration 2014-03-20 17:42 - 2014-02-23 10:05 - 00000372 _____ () C:\WINDOWS\Tasks\Re-Markable_wd.job 2014-03-20 17:42 - 2013-08-01 06:33 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At9.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At8.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At7.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At6.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At5.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At4.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At3.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At24.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At23.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At22.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At21.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At20.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At2.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At18.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At17.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At16.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At15.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At14.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At13.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At12.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At11.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At10.job 2014-03-20 17:42 - 2010-10-07 17:36 - 00000406 _____ () C:\WINDOWS\Tasks\At1.job 2014-03-20 17:42 - 2010-06-02 11:05 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-20 17:42 - 2009-03-13 11:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-20 17:41 - 2011-05-24 11:29 - 00032598 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-20 17:41 - 2009-07-14 17:16 - 00000178 ___SH () C:\Documents and Settings\Buddy Harris\ntuser.ini 2014-03-20 17:37 - 2014-03-20 16:25 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Desktop\mbar 2014-03-20 17:36 - 2010-06-02 18:44 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB956844$ 2014-03-20 17:36 - 2009-03-13 03:18 - 00000000 _SHDC () C:\WINDOWS\$NtUninstallKB877$ 2014-03-20 16:24 - 2014-03-20 16:24 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Buddy Harris\Desktop\mbar-1.07.0.1009.exe 2014-03-20 15:28 - 2011-05-24 13:28 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{042C18C8-CDF0-49EE-A260-F2CEEBFEDE6A}.job 2014-03-20 10:40 - 2014-03-20 10:40 - 00002080 _____ () C:\Documents and Settings\Buddy Harris\Desktop\aswMBR.txt 2014-03-20 10:40 - 2014-03-20 10:40 - 00000512 _____ () C:\Documents and Settings\Buddy Harris\Desktop\MBR.dat 2014-03-20 10:37 - 2014-03-20 10:36 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Buddy Harris\Desktop\aswmbr.exe 2014-03-20 10:06 - 2014-03-20 10:06 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Desktop\tdsskiller 2014-03-20 10:04 - 2014-03-20 10:05 - 04110135 _____ () C:\Documents and Settings\Buddy Harris\Desktop\tdsskiller.zip 2014-03-20 09:55 - 2014-03-20 09:54 - 00040912 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Addition.txt 2014-03-20 08:42 - 2010-01-09 09:41 - 00000458 _____ () C:\WINDOWS\Tasks\COMODO System Cleaner Update.job 2014-03-20 08:36 - 2014-03-20 08:36 - 01145856 _____ (Farbar) C:\Documents and Settings\Buddy Harris\Desktop\FRST.exe 2014-03-19 20:32 - 2014-03-18 18:31 - 00002418 _____ () C:\WINDOWS\wmsetup.log 2014-03-19 18:49 - 2009-08-02 10:37 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\Audacity 2014-03-19 18:00 - 2009-12-24 11:42 - 00000488 _____ () C:\WINDOWS\Tasks\Norton Security Scan for Buddy Harris.job 2014-03-19 16:52 - 2009-07-14 18:33 - 00000000 ____D () C:\~~~~ 2014-03-19 15:37 - 2010-03-22 12:27 - 00000300 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-608057341-2165517387-3308722516-1005.job 2014-03-19 10:48 - 2009-03-13 11:26 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-03-18 15:33 - 2009-03-13 03:22 - 00691510 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-18 15:27 - 2014-03-18 15:27 - 00000000 ____D () C:\Avenger 2014-03-18 15:24 - 2014-03-17 19:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\QueeenCoupon 2014-03-18 15:24 - 2014-02-17 01:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\DigitalSites 2014-03-18 15:24 - 2014-02-12 01:28 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\DigitalSites 2014-03-18 15:24 - 2014-01-30 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PnngToPPTCeounVerrt 2014-03-18 15:24 - 2013-12-15 18:49 - 00000000 ____D () C:\Program Files\Optimizer Pro 2014-03-18 15:24 - 2013-07-29 08:28 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\DigitalSite 2014-03-18 15:24 - 2011-11-09 16:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WeCareReminder 2014-03-18 11:39 - 2011-11-11 13:56 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$ 2014-03-18 11:35 - 2011-09-04 10:41 - 00000000 ____D () C:\Program Files\Yontoo Layers Runtime 2014-03-18 08:59 - 2014-03-18 08:59 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-18 08:59 - 2014-03-18 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-18 08:59 - 2011-11-10 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-18 07:57 - 2014-02-23 10:07 - 00000000 ____D () C:\Program Files\MyPC Backup 2014-03-18 00:28 - 2013-07-30 08:28 - 00000055 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG 2014-03-17 19:36 - 2014-01-24 14:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\1936fdbe5dd46c0d 2014-03-17 10:36 - 2012-08-22 14:58 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\vlc 2014-03-17 09:08 - 2014-03-17 09:37 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\~ Realtek HD Sound Effect Manager.lnk 2014-03-17 09:08 - 2014-03-17 09:36 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Start Menu\Shortcut to Realtek HD Sound Effect Manager.lnk 2014-03-17 09:08 - 2014-03-17 09:08 - 00000232 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Shortcut to Realtek HD Sound Effect Manager.lnk 2014-03-17 08:26 - 2013-03-24 18:54 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\Torch 2014-03-17 08:21 - 2009-07-25 16:45 - 00000000 ____D () C:\Program Files\CamStudio 2014-03-16 16:23 - 2009-03-13 03:22 - 00258248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-16 16:22 - 2011-11-11 14:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-16 16:06 - 2011-11-11 13:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-16 16:06 - 2009-09-30 09:39 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-16 16:05 - 2014-03-16 16:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-16 16:03 - 2011-11-11 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-03-16 00:28 - 2013-07-31 00:28 - 00000036 _____ () C:\Documents and Settings\Buddy Harris\Application Data\WB.CFG 2014-03-15 16:47 - 2009-07-14 19:07 - 00100352 _____ () C:\Documents and Settings\Buddy Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-14 06:47 - 2013-08-01 06:33 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job 2014-03-13 16:01 - 2013-03-27 07:06 - 00000724 _____ () C:\Documents and Settings\Buddy Harris\Desktop\Time Warner phone.txt 2014-03-12 09:25 - 2012-04-14 17:28 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-12 09:25 - 2011-07-07 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-04 10:19 - 2012-08-22 14:58 - 00000721 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2014-02-24 16:24 - 2009-03-13 11:15 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 16:24 - 2009-03-13 11:15 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 07:46 - 2009-09-30 09:30 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 07:46 - 2009-03-13 11:26 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 07:46 - 2009-03-13 11:16 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 07:46 - 2009-03-13 11:16 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 07:46 - 2009-03-13 11:16 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 07:46 - 2009-03-13 11:16 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 07:46 - 2009-03-13 11:16 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 07:46 - 2009-03-13 11:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 07:46 - 2009-03-13 11:15 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 07:45 - 2012-06-12 17:24 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 07:45 - 2010-12-24 10:53 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 07:45 - 2009-09-30 09:30 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 07:45 - 2009-04-29 00:55 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 07:45 - 2009-04-29 00:55 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 07:45 - 2009-04-29 00:55 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 07:45 - 2009-04-29 00:55 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 07:45 - 2009-03-13 11:15 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 07:45 - 2009-03-13 11:15 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 07:45 - 2009-03-13 11:15 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 07:45 - 2007-08-13 22:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 07:45 - 2007-08-13 22:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 07:45 - 2007-08-13 22:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 07:45 - 2007-08-13 22:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 06:54 - 2009-03-13 11:15 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-23 13:06 - 2014-02-23 13:06 - 00064240 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-02-23 13:04 - 2014-02-13 16:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Deealu44Real 2014-02-23 12:58 - 2014-02-23 12:58 - 00001740 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Audition 1.5.lnk 2014-02-23 12:58 - 2014-02-23 12:58 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Audition 1.5.lnk 2014-02-23 12:56 - 2009-07-14 17:16 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\Adobe 2014-02-23 12:56 - 2009-03-13 11:57 - 00000000 ____D () C:\Program Files\Adobe 2014-02-23 12:53 - 2014-02-23 12:53 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2014-02-23 10:57 - 2014-02-23 10:57 - 00000000 ____D () C:\Program Files\Deealu44Real 2014-02-23 10:18 - 2009-03-13 11:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-02-23 10:10 - 2014-02-23 10:09 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Application Data\WinRAR 2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Documents and Settings\Buddy Harris\Start Menu\Programs\Weather Alerts 2014-02-23 10:06 - 2014-02-23 10:05 - 00000000 ____D () C:\Program Files\Re-Markable Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At10.job C:\Windows\Tasks\At11.job C:\Windows\Tasks\At12.job C:\Windows\Tasks\At13.job C:\Windows\Tasks\At14.job C:\Windows\Tasks\At15.job C:\Windows\Tasks\At16.job C:\Windows\Tasks\At17.job C:\Windows\Tasks\At18.job C:\Windows\Tasks\At19.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At20.job C:\Windows\Tasks\At21.job C:\Windows\Tasks\At22.job C:\Windows\Tasks\At23.job C:\Windows\Tasks\At24.job C:\Windows\Tasks\At25.job C:\Windows\Tasks\At26.job C:\Windows\Tasks\At27.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job C:\Windows\Tasks\At5.job C:\Windows\Tasks\At6.job C:\Windows\Tasks\At7.job C:\Windows\Tasks\At8.job C:\Windows\Tasks\At9.job ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  14. I downloaded FRST this morning. Don I need to download it again or just run the one I have?
  15. No malware found. I plan to post the log now and restart the system to see how everything is working. Is that the correct thing to do? --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937865216, free: 159211520 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937865216, free: 177180672 Downloaded database version: v2014.03.20.05 Downloaded database version: v2014.03.18.01 ======================================= Initializing... ------------ Kernel report ------------ 03/20/2014 16:29:51 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys MpFilter.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\AmdPPM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvnetbus.sys \SystemRoot\system32\DRIVERS\NVNRM.SYS \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\drivers\pfc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\NVENETFD.sys \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\WINDOWS\system32\drivers\int15.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\sr.sys \??\C:\DOCUME~1\BUDDYH~1\LOCALS~1\Temp\aswMBR.sys \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl986fd788.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk2\DR5 Upper Device Object: 0xffffffff85124120 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xffffffff85250030 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xffffffff84e9e2d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xffffffff84ed9d08 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff851eeab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\ Lower Device Object: 0xffffffff85236940 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85237900, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff852ba318, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff85236940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C9C06833 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition 2 type is HIDDEN (0x17) Partition is ACTIVE. Partition starts at LBA: 312560640 Numsec = 21152 Partition is not bootable Infected: VBR on Hidden active partition --> [unknown.Rootkit.VBR] Physical drive 0 is not bootable Bootable physical drive, other than a system drive has been found Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85030718, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84ed9d08, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85250b78, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85250030, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected: C:\WINDOWS\system32\c_68825.nls --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\@" is compressed (flags = 1) Read File: File "c:\windows\$ntuninstallkb877$\395111198\loader.tlb" is compressed (flags = 1) Read File: File "c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@00000001" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@00000001 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000c0" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000c0 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cb" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cb --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cf" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cf --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@80000000" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@80000000 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000c0" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000c0 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cb" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cb --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cf" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cf --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\2860961191 --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198 --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\@ --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\loader.tlb --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\l --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\u --> [backdoor.0Access] Scan finished Creating System Restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937865216, free: 344899584 Initializing... ======================================= ------------ Kernel report ------------ 03/20/2014 17:48:32 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll imofugc.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys sr.sys MpFilter.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\AmdPPM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvnetbus.sys \SystemRoot\system32\DRIVERS\NVNRM.SYS \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\drivers\pfc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\NVENETFD.sys \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\WINDOWS\system32\drivers\int15.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl4d344a32.sys \SystemRoot\System32\Drivers\HTTP.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff83c0e030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xffffffff84f39128 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff84f71030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006f\ Lower Device Object: 0xffffffff84dec030 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8528bab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\ Lower Device Object: 0xffffffff8528c940 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8528bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85280900, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8528bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff852f4658, DeviceName: \Device\00000063\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8528c940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C9C06833 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff84f71030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff84d74020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84f71030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84dec030, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff83c0e030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85163020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff83c0e030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84f39128, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished
  16. I found it: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937865216, free: 159211520 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_37 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.607000 GHz Memory total: 937865216, free: 177180672 Downloaded database version: v2014.03.20.05 Downloaded database version: v2014.03.18.01 ======================================= Initializing... ------------ Kernel report ------------ 03/20/2014 16:29:51 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys MpFilter.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\AmdPPM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nvnetbus.sys \SystemRoot\system32\DRIVERS\NVNRM.SYS \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\drivers\pfc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\NVENETFD.sys \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\WINDOWS\system32\drivers\int15.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\npf.sys \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\sr.sys \??\C:\DOCUME~1\BUDDYH~1\LOCALS~1\Temp\aswMBR.sys \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl986fd788.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk2\DR5 Upper Device Object: 0xffffffff85124120 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xffffffff85250030 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xffffffff84e9e2d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xffffffff84ed9d08 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff851eeab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-12\ Lower Device Object: 0xffffffff85236940 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85237900, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff851eeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff852ba318, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff85236940, DeviceName: \Device\Ide\IdeDeviceP4T0L0-12\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C9C06833 Partition information: Partition 0 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 20971520 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 20973568 Numsec = 291587072 Partition 2 type is HIDDEN (0x17) Partition is ACTIVE. Partition starts at LBA: 312560640 Numsec = 21152 Partition is not bootable Infected: VBR on Hidden active partition --> [unknown.Rootkit.VBR] Physical drive 0 is not bootable Bootable physical drive, other than a system drive has been found Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 MBR infection found on drive 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85030718, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff84e9e2d0, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff84ed9d08, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85250b78, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff85124120, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85250030, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected: C:\WINDOWS\system32\c_68825.nls --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\@" is compressed (flags = 1) Read File: File "c:\windows\$ntuninstallkb877$\395111198\loader.tlb" is compressed (flags = 1) Read File: File "c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\l\aatagjfo --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@00000001" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@00000001 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000c0" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000c0 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cb" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cb --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@000000cf" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@000000cf --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@80000000" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@80000000 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000c0" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000c0 --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cb" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cb --> [backdoor.0Access] Read File: File "c:\windows\$ntuninstallkb877$\395111198\u\@800000cf" is compressed (flags = 1) Infected: c:\windows\$ntuninstallkb877$\395111198\u\@800000cf --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\2860961191 --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198 --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\@ --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\loader.tlb --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\l --> [backdoor.0Access] Infected: c:\windows\$ntuninstallkb877$\395111198\u --> [backdoor.0Access] Scan finished
  17. It found 18 pieces of malware. Where do I find the log file?
  18. I'm a bit confused about when I should restart my computer. Malwarebytes is not likely to find anything until I restart my computer. After I run Malwarebytes Anti-Rootkit, should I run it and clean what it finds? Thanks!
  19. I have to be away for a few hours. I'll be back later this afternoon. Thank oyu so very much for helping!!
  20. aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-03-20 10:38:39 ----------------------------- 10:38:39.828 OS Version: Windows 5.1.2600 Service Pack 3 10:38:39.828 Number of processors: 1 586 0x7F02 10:38:39.828 ComputerName: EMACHINE-98E05C UserName: Buddy Harris 10:38:40.703 Initialize success 10:39:06.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 10:39:06.609 Disk 0 Vendor: Hitachi_HDT721016SLA380 ST1OA31B Size: 152627MB BusType: 3 10:39:06.812 Disk 0 MBR read successfully 10:39:06.812 Disk 0 MBR scan 10:39:06.812 Disk 0 unknown MBR code 10:39:06.828 Disk 0 Partition 1 00 12 Compaq diag NTFS 10240 MB offset 2048 10:39:06.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 142376 MB offset 20973568 10:39:06.875 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 312560640 10:39:06.875 Disk 0 Partition 3 **SUSPICIOUS** 10:39:06.875 Disk 0 scanning sectors +312581792 10:39:07.078 Disk 0 scanning C:\WINDOWS\system32\drivers 10:39:13.531 Service scanning 10:39:24.671 Service MpKsl986fd788 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5EEF60F5-22C5-471C-900A-286C4260DD8F}\MpKsl986fd788.sys **LOCKED** 32 10:39:35.312 Modules scanning 10:39:45.250 Disk 0 trace - called modules: 10:39:45.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 10:39:45.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851eeab8] 10:39:45.296 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000064[0x852ba318] 10:39:45.296 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-12[0x85236940] 10:39:45.296 Scan finished successfully 10:40:41.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Buddy Harris\Desktop\MBR.dat" 10:40:41.718 The log file has been saved successfully to "C:\Documents and Settings\Buddy Harris\Desktop\aswMBR.txt"
  21. I don't find anything on C: but that folder which only contains TDSSKiller.exe I could send you a screenshot of the entire drive with no folders open.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.