Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Internet/Computer and Adblock Is Constantly blocking ads


  • This topic is locked This topic is locked
20 replies to this topic

#1 icecold240

icecold240

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 20 January 2014 - 10:30 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Big H at 19:27:46 on 2014-01-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1516 [GMT -8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\DOCUME~1\BIGH~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Documents and Settings\Big H\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [AtiPTA] atiptaxx.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{6689B8DC-36F6-4D61-8A96-6916AC313ED4} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 79.142.75.66 thebestspinner.com
Hosts: 79.142.75.66 www.thebestspinner.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\big h\application data\mozilla\firefox\profiles\fxcip6ed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\big h\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\big h\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 10
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-12-22 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-12-22 35712]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2012-11-3 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2012-11-3 927904]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2010-12-22 17952]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140115.011\BHDrvx86.sys [2014-1-14 1098968]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2012-11-3 134304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2012-11-3 175264]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2012-11-3 143928]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140117.013\IDSXpx86.sys [2014-1-15 383120]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140120.001\NAVENG.SYS [2014-1-20 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140120.001\NAVEX15.SYS [2014-1-20 1612376]
S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2012-11-3 28136]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2013-12-26 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-21 02:56:03 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 05:14:26 -------- d-----w- C:\SUPERDelete
2013-12-26 08:03:39 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2013-12-26 08:03:34 -------- d-----w- c:\program files\Western Digital
2013-12-23 08:42:12 -------- d-----w- c:\documents and settings\big h\local settings\application data\Wondershare
2013-12-23 08:42:08 -------- d-----w- c:\program files\common files\Wondershare
.
==================== Find3M  ====================
.
2013-12-25 08:11:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-25 08:11:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-19 04:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-10 03:20:52 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-12-10 03:17:56 419792 ----a-w- c:\windows\system32\SymVPN.dll
2013-12-10 03:17:56 359888 ----a-w- c:\windows\system32\sysfer.dll
2013-12-10 03:17:56 32816 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-12-10 03:17:56 136144 ----a-w- c:\windows\system32\FwsVpn.dll
2013-12-10 03:17:56 111584 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-12-10 03:17:56 10704 ----a-w- c:\windows\system32\sysferThunk.dll
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
.
============= FINISH: 19:29:41.51 ===============
 


BC AdBot (Login to Remove)

 


#2 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 25 January 2014 - 06:29 PM

attached

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 25 January 2014 - 10:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521524 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 27 January 2014 - 06:02 PM

Yes, I still need help.  Lots of popups on every page when surfing the net, internet is very slow.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Big H at 23:37:57 on 2014-01-27
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1749 [GMT -8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DOCUME~1\BIGH~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Documents and Settings\Big H\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [AtiPTA] atiptaxx.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{6689B8DC-36F6-4D61-8A96-6916AC313ED4} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 79.142.75.66 thebestspinner.com
Hosts: 79.142.75.66 www.thebestspinner.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\big h\application data\mozilla\firefox\profiles\fxcip6ed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\big h\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\big h\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 10
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-12-22 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-12-22 35712]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymDS.sys [2012-11-3 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\SymEFA.sys [2012-11-3 927904]
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2010-12-22 17952]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\bashdefs\20140115.011\BHDrvx86.sys [2014-1-14 1098968]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\ccSetx86.sys [2012-11-3 134304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0107df\07df.105\x86\Ironx86.sys [2012-11-3 175264]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\ccSvcHst.exe [2012-11-3 143928]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 EraserUtilDrv11312;EraserUtilDrv11312;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11312.sys [2014-1-21 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs\20140127.011\IDSXpx86.sys [2014-1-27 383120]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140127.002\NAVENG.SYS [2014-1-27 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\virusdefs\20140127.002\NAVEX15.SYS [2014-1-27 1612376]
S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.2015.2015.105\bin\SyDvCtrl32.sys [2012-11-3 28136]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2013-12-26 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-21 02:56:03 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 05:14:26 -------- d-----w- C:\SUPERDelete
.
==================== Find3M  ====================
.
2013-12-25 08:11:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-25 08:11:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-19 04:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-10 03:20:52 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-12-10 03:17:56 419792 ----a-w- c:\windows\system32\SymVPN.dll
2013-12-10 03:17:56 359888 ----a-w- c:\windows\system32\sysfer.dll
2013-12-10 03:17:56 32816 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-12-10 03:17:56 136144 ----a-w- c:\windows\system32\FwsVpn.dll
2013-12-10 03:17:56 111584 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-12-10 03:17:56 10704 ----a-w- c:\windows\system32\sysferThunk.dll
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 23:39:52.25 ===============
 

Attached Files


Edited by icecold240, 28 January 2014 - 02:43 AM.


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 29 January 2014 - 04:59 PM

Hi and sorry for the delay.

Which browsers are affected? All of them or just one?
Please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#6 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 30 January 2014 - 06:50 AM

Yes, in all browsers. chrome, firefox, IE

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Big H (administrator) on HYDRO on 30-01-2014 03:46:30
Running from C:\Documents and Settings\Big H\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Big H\Local Settings\Temp\RtkBtMnt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Spotify Ltd) C:\Documents and Settings\Big H\Application Data\Spotify\Data\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(O2Micro International) C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2010-12-22] (Synaptics, Inc.)
HKLM\...\Run: [PLFSet] - C:\WINDOWS\PLFSet.dll [45056 2007-04-25] ( )
HKLM\...\Run: [AtiPTA] - C:\WINDOWS\system32\atiptaxx.exe [344064 2006-02-21] (ATI Technologies, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1226608 2010-12-09] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll [X]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Documents and Settings\Big H\Application Data\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-27] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default
FF user.js: detected! => C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\user.js
FF Homepage: hxxp://www.yahoo.com/
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Big H\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Big H\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF SearchPlugin: C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\searchplugins\askcom.xml
FF Extension: WebRank SEO Toolbar - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\webrank-toolbar@probcomp.com [2013-12-25]
FF Extension: Forecastfox - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-12-19]
FF Extension: EPUBReader - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-25]
FF Extension: iMacros for Firefox - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(2) [2013-10-17]
FF Extension: Cookies Manager+ - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-08-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-10-15]
FF Extension: Firebug - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\firebug@software.joehewitt.com.xpi [2012-07-26]
FF Extension: Platinum Hide IP - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\support@platinumhideip.com.xpi [2012-03-12]
FF Extension: Cookie Manager Button - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}.xpi [2011-10-14]
FF Extension: FireFTP - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-15]
FF Extension: DownThemAll! - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-10-09]
FF Extension: Greasemonkey - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-10-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-10-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-26]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF [2013-12-09]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Big H\Application Data\IDM\idmmzcc5
 
Chrome: 
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (TVU Web Player for FireFox) - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-28]
CHR Extension: (Docs Offline Background Page) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-07]
CHR Extension: (Webpage Screenshot Capture) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-06-16]
CHR Extension: (Google Search) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-28]
CHR Extension: (Netflix) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-04-29]
CHR Extension: (YouTube mp3) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena [2013-08-09]
CHR Extension: (uTorrentControl_v2) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-04-28]
CHR Extension: (Pandora) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-04-29]
CHR Extension: (Click&Clean) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2013-11-07]
CHR Extension: (LastPass) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-11-07]
CHR Extension: (Forecastfox) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-04-28]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Click&Clean App) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-11-07]
CHR Extension: (Gmail) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\DOCUME~1\BIGH~1\LOCALS~1\Temp\crx314.tmp [2013-04-28]
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Documents and Settings\Big H\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Documents and Settings\Big H\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-08-26]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2013-02-11] (SUPERAntiSpyware.com)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] ()
S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2009-02-19] (Symantec Corporation)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2009-02-19] (Symantec Corporation)
R2 o2flash; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe [1785792 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\snac.exe [288208 2012-11-03] (Symantec Corporation)
S2 Micro Niche Finder Background Download Service; No ImagePath
S3 WPFFontCache_v0400; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R1 atitray; C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17952 2007-11-04] ()
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281504 2011-09-10] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx86.sys [1098968 2014-01-14] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A}; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [134304 2012-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-09] (Symantec Corporation)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140127.011\IDSxpx86.sys [383120 2014-01-15] (Symantec Corporation)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2011-09-10] ()
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140127.002\NAVENG.SYS [93272 2013-12-09] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140127.002\NAVEX15.SYS [1612376 2013-12-09] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSP.SYS [585888 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSPX.SYS [32888 2012-11-03] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [28136 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMDS.SYS [368288 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMEFA.SYS [927904 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-12-09] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.SYS [175264 2012-11-03] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMTDI.SYS [394656 2012-11-03] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [111584 2013-12-09] (Symantec Corporation)
R3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer.sys [150488 2012-11-03] (Symantec Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [255232 2007-04-17] (Marvell)
S3 catchme; \??\C:\DOCUME~1\BIGH~1\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U4 WinDefend; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-30 03:46 - 2014-01-30 03:47 - 00030394 _____ C:\Documents and Settings\Big H\Desktop\FRST.txt
2014-01-30 03:46 - 2014-01-30 03:46 - 00000000 ____D C:\FRST
2014-01-30 03:44 - 2014-01-30 03:44 - 01137152 _____ (Farbar) C:\Documents and Settings\Big H\Desktop\FRST.exe
2014-01-20 19:29 - 2014-01-27 23:40 - 00022272 _____ C:\Documents and Settings\Big H\Desktop\attach.txt
2014-01-20 19:29 - 2014-01-27 23:39 - 00015350 _____ C:\Documents and Settings\Big H\Desktop\dds.txt
2014-01-20 18:56 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-20 18:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-20 18:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-20 18:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-20 18:54 - 2014-01-20 18:56 - 00005134 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-16 22:03 - 2014-01-16 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 21:59 - 2014-01-16 22:03 - 00004478 _____ C:\WINDOWS\KB2914368.log
2014-01-15 21:14 - 2014-01-15 21:14 - 00000000 ____D C:\SUPERDelete
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
2014-01-30 03:47 - 2014-01-30 03:46 - 00030394 _____ C:\Documents and Settings\Big H\Desktop\FRST.txt
2014-01-30 03:46 - 2014-01-30 03:46 - 00000000 ____D C:\FRST
2014-01-30 03:44 - 2014-01-30 03:44 - 01137152 _____ (Farbar) C:\Documents and Settings\Big H\Desktop\FRST.exe
2014-01-30 03:44 - 2010-12-22 01:00 - 02081267 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-30 03:40 - 2010-12-21 16:50 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-30 03:40 - 2010-12-21 16:50 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-30 03:39 - 2012-04-25 12:06 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 03:39 - 2010-12-22 01:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-30 03:39 - 2004-08-04 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-30 03:38 - 2013-12-09 19:21 - 00393216 _____ C:\WINDOWS\system32\config\Symantec.evt
2014-01-30 03:38 - 2011-11-04 15:46 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-30 03:38 - 2010-12-22 01:07 - 00000178 ___SH C:\Documents and Settings\Big H\ntuser.ini
2014-01-30 03:38 - 2010-12-22 01:05 - 00032382 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-30 03:37 - 2013-02-27 12:13 - 00094662 _____ C:\WINDOWS\setupapi.log
2014-01-28 00:14 - 2012-04-25 12:06 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 23:40 - 2014-01-20 19:29 - 00022272 _____ C:\Documents and Settings\Big H\Desktop\attach.txt
2014-01-27 23:39 - 2014-01-20 19:29 - 00015350 _____ C:\Documents and Settings\Big H\Desktop\dds.txt
2014-01-23 21:03 - 2012-02-12 17:18 - 00000000 ____D C:\Documents and Settings\Big H\Application Data\Skype
2014-01-21 14:15 - 2010-12-22 01:07 - 00000000 ____D C:\Documents and Settings\Big H
2014-01-20 18:56 - 2014-01-20 18:54 - 00005134 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-20 18:56 - 2012-08-31 23:55 - 00000000 ____D C:\Program Files\Java
2014-01-17 19:24 - 2011-06-04 06:39 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-16 22:08 - 2011-11-18 16:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-16 22:07 - 2013-08-09 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 22:03 - 2014-01-16 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 22:03 - 2014-01-16 21:59 - 00004478 _____ C:\WINDOWS\KB2914368.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00306704 _____ C:\WINDOWS\iis6.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00284404 _____ C:\WINDOWS\FaxSetup.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00144716 _____ C:\WINDOWS\ocgen.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00129772 _____ C:\WINDOWS\tsoc.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00094536 _____ C:\WINDOWS\comsetup.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00086580 _____ C:\WINDOWS\msmqinst.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00057259 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00049818 _____ C:\WINDOWS\netfxocm.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00019550 _____ C:\WINDOWS\MedCtrOC.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00015732 _____ C:\WINDOWS\ocmsn.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00014306 _____ C:\WINDOWS\tabletoc.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00014214 _____ C:\WINDOWS\msgsocm.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-16 22:03 - 2010-12-22 03:14 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-16 01:23 - 2013-02-25 14:21 - 00000000 ____D C:\Program Files\Video Thumbnails Maker
2014-01-15 21:14 - 2014-01-15 21:14 - 00000000 ____D C:\SUPERDelete
2014-01-15 21:10 - 2011-12-27 17:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-01-14 00:20 - 2012-02-12 17:18 - 00000000 ___RD C:\Program Files\Skype
2014-01-14 00:20 - 2012-02-12 17:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2014-01-06 20:48 - 2012-09-28 14:13 - 00000000 ____D C:\Documents and Settings\Big H\Application Data\iFunbox_UserCache
2014-01-04 21:06 - 2013-03-18 23:15 - 00000000 ____D C:\Documents and Settings\Big H\Application Data\Spotify
2014-01-04 20:11 - 2013-03-18 23:17 - 00000000 ____D C:\Documents and Settings\Big H\Local Settings\Application Data\Spotify
 
Some content of TEMP:
====================
C:\Documents and Settings\Big H\Local Settings\Temp\HitmanPro.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\ot_ahlhj.dll
C:\Documents and Settings\Big H\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Big H\Local Settings\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014 01
Ran by Big H at 2014-01-30 03:48:23
Running from C:\Documents and Settings\Big H\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
 
==================== Installed Programs ======================
 
1Click DVD Copy Pro 4.2.8.0 (Version:  - LG Software Innovations)
7-Zip 9.20 (Version:  - )
Acer Crystal Eye webcam (Version: 5.7.29.500-1.0 - Sonix)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.2 - Adobe Systems)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Dreamweaver CS5.5 (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (Version: 12.1 - Adobe Systems Incorporated)
Adobe Widget Browser (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Agere Systems HDA Modem (Version:  - Agere Systems)
Any Video Converter 5 5.0.3 (Version:  - Any-Video-Converter.com)
Apple Application Support (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (Version: 6.14.10.1022 - )
ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.)
ATI Catalyst Control Center (Version: 2.010.0210.2338 - )
ATI Display Driver (Version: 8.591-090225a-076825C-ATI - )
Audacity 2.0.3 (Version: 2.0.3 - Audacity Team)
Audio Recorder Deluxe (Version:  - Audio-Recorder.net)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Driver v4.170.25.12_Foxconn Installation Program (Version: 4.170.25.12 - Broadcom)
CamStudio version 2.7 (Version: 2.7 - CamStudio Open Source)
Canon iP3600 series Printer Driver (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-preinstall (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
CCleaner (Version: 3.10 - Piriform)
Cisco Connect (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreAVC Professional Edition (remove only) (Version:  - )
DivX Setup (Version: 2.2.1.2 - DivX, LLC)
Dragon NaturallySpeaking 11 (Version: 11.50.100 - Nuance Communications Inc.)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (Version:  - )
ESET Online Scanner v3 (Version:  - )
File Splitter and Joiner (FFSJ v3.3) (Version:  - Le Minh Hoang)
FileZilla Client 3.5.2 (Version: 3.5.2 - FileZilla Project)
Free MP3 Cutter and Editor 2.6 (Version:  - musetips.com)
Free PS Convert driver 8.15 (Version:  - )
FreeMind (Version: 0.9.0 - )
Google AdWords Editor (Version: 9.9.0 - Google)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Talk Plugin (Version: 1.7.1.0 - Google)
Google Talk Plugin (Version: 2.5.8.4958 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
hott notes 4 (Version: 4.1 - Joel Riley)
iFunbox (v1.99.958.697), iFunbox DevTeam (Version: v1.99.958.697 - )
iTunes (Version: 11.0.0.163 - Apple Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (Version: 6.0.370 - Oracle)
K-Lite Codec Pack 9.6.0 (Full) (Version: 9.6.0 - )
LiveUpdate (Symantec Corporation) (Version: 3.5.0.64 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.5.0.64 - Symantec Corporation) Hidden
Magic ISO Maker v5.5 (build 0281) (Version:  - )
MagicDisc 2.7.106 (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell Miniport Driver (Version: 10.12.9.3 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (Version: 1.0.0 - Microsoft)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mp3 Audio Editor (Version:  - Mp3AudioEditor Inc.)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiRes (remove only) (Version:  - )
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1 - NVIDIA Corporation)
O2Micro Flash Memory Card Reader Driver Installer(x86) (Version: 3.09 - O2Micro)
OpenAL (Version:  - )
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (Version: 7.70.80.34 - Apple Inc.)
Realtek High Definition Audio Driver (Version: 5.10.0.5423 - Realtek Semiconductor Corp.)
Replay Music (Version: 3.95 - Applian Technologies Inc.)
SES Driver (Version: 1.0.0 - Western Digital)
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU Version: 0.9.6.72.ge389c074 - Spotify AB)
SUPERAntiSpyware (Version: 5.0.1142 - SUPERAntiSpyware.com)
Symantec Endpoint Protection (Version: 12.1.2015.2015 - Symantec Corporation)
Synaptics Pointing Device Driver (Version: 10.0.15.0 - Synaptics)
Turbo Lister 2 (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
USB Video Driver (Version: 1.00 - EETI)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (Version: 0.9.18 - Veetle, Inc)
Video Thumbnails Maker by Scorp (remove only) (Version:  - )
VirtualDJ PRO Full (Version: 7.0.4 - Atomix Productions)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0 - Nuance Communications Inc.)
Visual C++ Runtime for Dragon NaturallySpeaking (Version: 10.00.000.038 - Nuance Communications Inc.)
VLC media player 2.0.0 (Version: 2.0.0 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Wicked Article Creator 2.8.1.0 (Version: 2.8.1.0 - WAC Systems)
Winamp (Version: 5.621  - Nullsoft, Inc)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media  (08/31/2007 5.7.0831.0) (Version: 08/31/2007 5.7.0831.0 - Advanced Micro Devices, Inc.)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinSCP 4.3.4 (Version: 4.3.4 - Martin Prikryl)
ZoneAlarm LTD Toolbar (Version:  - Check Point Software Technologies)
 
==================== Restore Points  =========================
 
23-12-2013 12:54:59 System Checkpoint
24-12-2013 22:30:34 System Checkpoint
26-12-2013 00:22:00 System Checkpoint
26-12-2013 08:03:24 Installed SES Driver
27-12-2013 10:23:21 System Checkpoint
29-12-2013 04:51:10 System Checkpoint
30-12-2013 12:08:53 System Checkpoint
31-12-2013 12:51:31 System Checkpoint
01-01-2014 13:30:40 System Checkpoint
02-01-2014 13:34:28 System Checkpoint
03-01-2014 14:34:28 System Checkpoint
04-01-2014 20:49:05 System Checkpoint
06-01-2014 02:50:47 System Checkpoint
07-01-2014 03:30:37 System Checkpoint
09-01-2014 06:44:26 System Checkpoint
10-01-2014 07:21:28 System Checkpoint
11-01-2014 08:21:26 System Checkpoint
12-01-2014 09:21:26 System Checkpoint
13-01-2014 10:35:53 System Checkpoint
15-01-2014 04:28:26 Software Distribution Service 3.0
16-01-2014 07:29:24 System Checkpoint
17-01-2014 05:59:10 Software Distribution Service 3.0
18-01-2014 04:55:41 Restore Operation
18-01-2014 04:59:12 Restore Operation
19-01-2014 06:52:57 System Checkpoint
20-01-2014 07:04:06 System Checkpoint
21-01-2014 02:54:24 Installed Java 7 Update 51
21-01-2014 03:18:05 Removed HiJackThis
24-01-2014 05:31:57 System Checkpoint
25-01-2014 15:06:45 System Checkpoint
28-01-2014 06:14:29 System Checkpoint
 
==================== Hosts content: ==========================
 
2013-02-27 14:27 - 2013-02-27 14:27 - 00001243 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 axandra.com
127.0.0.1 www.axandra.com
127.0.0.1 keywordindex.com
127.0.0.1 www.keywordindex.com
79.142.75.66 thebestspinner.com
79.142.75.66 www.thebestspinner.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-11-08 12:46 - 2011-11-08 12:46 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-12-25 08:23 - 2008-07-20 21:11 - 00247808 _____ () C:\WINDOWS\system32\FFSJ\FFSJSHL.dll
2011-11-17 19:58 - 2001-10-29 01:42 - 00116224 _____ () C:\WINDOWS\system32\pdfmonnt.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-23 00:42 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2008-04-14 04:41 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 04:42 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2011-11-04 15:26 - 2011-11-04 15:26 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 12:36 - 2009-11-24 12:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-01-16 22:22 - 2014-01-11 02:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-16 22:22 - 2014-01-11 02:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-16 22:22 - 2014-01-11 02:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2014 01:11:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2032
 
Error: (01/28/2014 01:11:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2032
 
Error: (01/28/2014 01:11:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2014 01:44:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 117626891
 
Error: (01/27/2014 01:44:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 117626891
 
Error: (01/27/2014 01:44:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/26/2014 05:04:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1969
 
Error: (01/26/2014 05:04:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1969
 
Error: (01/26/2014 05:04:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/22/2014 00:51:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4062
 
 
System errors:
=============
Error: (01/30/2014 03:41:37 AM) (Source: Service Control Manager) (User: )
Description: The Micro Niche Finder Background Download Service service failed to start due to the following error: 
%%3
 
Error: (01/30/2014 03:36:02 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.147 on the
Network Card with network address 001FE2A7422A.
 
Error: (01/27/2014 01:44:55 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.110 on the
Network Card with network address 001FE2A7422A.
 
Error: (01/25/2014 03:00:18 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (01/25/2014 03:00:18 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
Error: (01/25/2014 02:59:44 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (01/25/2014 02:59:44 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
Error: (01/23/2014 09:03:29 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.123 on the
Network Card with network address 001FE2A7422A.
 
Error: (01/21/2014 11:37:17 PM) (Source: Service Control Manager) (User: )
Description: The Micro Niche Finder Background Download Service service failed to start due to the following error: 
%%3
 
Error: (01/20/2014 06:54:34 PM) (Source: 0) (User: )
Description: C:
 
 
Microsoft Office Sessions:
=========================
Error: (03/04/2013 11:04:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 3070.04 MB
Available physical RAM: 1674.75 MB
Total Pagefile: 4954 MB
Available Pagefile: 3314.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.78 GB) (Free:24.11 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 8CCC3CDC)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 31 January 2014 - 05:58 AM

I will be out of town for the next three days. Please get this post open.



#8 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 03 February 2014 - 03:43 AM

here, please help



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 03 February 2014 - 04:25 AM

Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#10 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 04 February 2014 - 02:10 AM

# AdwCleaner v3.018 - Report created 03/02/2014 at 22:56:48
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Big H - HYDRO
# Running from : C:\Documents and Settings\Big H\Desktop\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Big H\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Big H\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Big H\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Big H\Local Settings\Application Data\thinstall
Folder Deleted : C:\Documents and Settings\Big H\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Big H\Application Data\thinstall
[!] Folder Deleted : C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\DOCUME~1\BIGH~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\prefs.js ]

Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1355204981303,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6685 octets] - [03/02/2014 22:19:45]
AdwCleaner[S0].txt - [6399 octets] - [03/02/2014 22:56:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6459 octets] ##########
 



#11 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 04 February 2014 - 02:15 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Big H (administrator) on HYDRO on 03-02-2014 23:13:39
Running from C:\Documents and Settings\Big H\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\Documents and Settings\Big H\Local Settings\Temp\RtkBtMnt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(O2Micro International) C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Spotify Ltd) C:\Documents and Settings\Big H\Application Data\Spotify\Data\SpotifyWebHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-05-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2010-12-22] (Synaptics, Inc.)
HKLM\...\Run: [PLFSet] - C:\WINDOWS\PLFSet.dll [45056 2007-04-25] ( )
HKLM\...\Run: [AtiPTA] - C:\WINDOWS\system32\atiptaxx.exe [344064 2006-02-21] (ATI Technologies, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1226608 2010-12-09] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [DNS7reminder] - C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll [X]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Documents and Settings\Big H\Application Data\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-27] (Spotify Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {512BBC28-452F-4EF7-AC29-FC6F348F964B} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default
FF Homepage: hxxp://www.yahoo.com/
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Big H\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Big H\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Extension: WebRank SEO Toolbar - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\webrank-toolbar@probcomp.com [2013-12-25]
FF Extension: Forecastfox - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-12-19]
FF Extension: EPUBReader - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-25]
FF Extension: iMacros for Firefox - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}(2) [2013-10-17]
FF Extension: Cookies Manager+ - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-08-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-10-15]
FF Extension: Firebug - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\firebug@software.joehewitt.com.xpi [2012-07-26]
FF Extension: Platinum Hide IP - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\support@platinumhideip.com.xpi [2012-03-12]
FF Extension: Cookie Manager Button - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}.xpi [2011-10-14]
FF Extension: FireFTP - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-12-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-15]
FF Extension: DownThemAll! - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-10-09]
FF Extension: Greasemonkey - C:\Documents and Settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-10-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-10-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-26]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\IPSFF [2013-12-09]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Big H\Application Data\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Big H\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (TVU Web Player for FireFox) - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-28]
CHR Extension: (Docs Offline Background Page) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-28]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-07]
CHR Extension: (Webpage Screenshot Capture) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-06-16]
CHR Extension: (Google Search) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-28]
CHR Extension: (Netflix) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-04-29]
CHR Extension: (YouTube mp3) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena [2013-08-09]
CHR Extension: (Pandora) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-04-29]
CHR Extension: (Click&Clean) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2013-11-07]
CHR Extension: (LastPass) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-11-07]
CHR Extension: (Forecastfox) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-04-28]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Click&Clean App) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-11-07]
CHR Extension: (Gmail) - C:\Documents and Settings\Big H\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-28]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\DOCUME~1\BIGH~1\LOCALS~1\Temp\crx314.tmp [2013-04-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2013-02-11] (SUPERAntiSpyware.com)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] ()
S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2009-02-19] (Symantec Corporation)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2009-02-19] (Symantec Corporation)
R2 o2flash; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe [1785792 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\snac.exe [288208 2012-11-03] (Symantec Corporation)
S2 Micro Niche Finder Background Download Service; No ImagePath
S3 WPFFontCache_v0400; No ImagePath

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R1 atitray; C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17952 2007-11-04] ()
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281504 2011-09-10] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2007-09-20] (Broadcom Corp.)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx86.sys [1098968 2014-01-14] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A}; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [134304 2012-11-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-09] (Symantec Corporation)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140127.011\IDSxpx86.sys [383120 2014-01-15] (Symantec Corporation)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2011-09-10] ()
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140127.002\NAVENG.SYS [93272 2013-12-09] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140127.002\NAVEX15.SYS [1612376 2013-12-09] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSP.SYS [585888 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SRTSPX.SYS [32888 2012-11-03] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [28136 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMDS.SYS [368288 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMEFA.SYS [927904 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-12-09] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.SYS [175264 2012-11-03] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SEP\0C0107DF\07DF.105\x86\SYMTDI.SYS [394656 2012-11-03] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [111584 2013-12-09] (Symantec Corporation)
R3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer.sys [150488 2012-11-03] (Symantec Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [255232 2007-04-17] (Marvell)
S3 catchme; \??\C:\DOCUME~1\BIGH~1\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U4 WinDefend;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 22:56 - 2014-02-03 22:56 - 00006685 _____ C:\Documents and Settings\Big H\Desktop\AdwCleaner[R0].txt
2014-02-03 22:19 - 2014-02-03 22:57 - 00000000 ____D C:\AdwCleaner
2014-01-30 03:48 - 2014-01-30 03:48 - 00024957 _____ C:\Documents and Settings\Big H\Desktop\Addition.txt
2014-01-30 03:46 - 2014-02-03 23:13 - 00028554 _____ C:\Documents and Settings\Big H\Desktop\FRST.txt
2014-01-30 03:46 - 2014-01-30 03:48 - 00000000 ____D C:\FRST
2014-01-30 03:44 - 2014-01-30 03:44 - 01137152 _____ (Farbar) C:\Documents and Settings\Big H\Desktop\FRST.exe
2014-01-20 19:29 - 2014-01-27 23:40 - 00022272 _____ C:\Documents and Settings\Big H\Desktop\attach.txt
2014-01-20 19:29 - 2014-01-27 23:39 - 00015350 _____ C:\Documents and Settings\Big H\Desktop\dds.txt
2014-01-20 18:56 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-20 18:56 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-20 18:56 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-20 18:56 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-20 18:54 - 2014-01-20 18:56 - 00005134 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-16 22:03 - 2014-01-16 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 21:59 - 2014-01-16 22:03 - 00004478 _____ C:\WINDOWS\KB2914368.log
2014-01-15 21:14 - 2014-01-15 21:14 - 00000000 ____D C:\SUPERDelete
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-02-03 23:14 - 2012-04-25 12:06 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 23:13 - 2014-01-30 03:46 - 00028554 _____ C:\Documents and Settings\Big H\Desktop\FRST.txt
2014-02-03 23:06 - 2010-12-22 01:00 - 01078846 _____ C:\WINDOWS\WindowsUpdate.log
2014-02-03 23:05 - 2010-12-21 16:50 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-02-03 23:05 - 2010-12-21 16:50 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-02-03 23:04 - 2012-04-25 12:06 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 23:04 - 2010-12-22 01:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-02-03 23:04 - 2004-08-04 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-02-03 22:57 - 2014-02-03 22:19 - 00000000 ____D C:\AdwCleaner
2014-02-03 22:57 - 2013-12-09 19:21 - 00393216 _____ C:\WINDOWS\system32\config\Symantec.evt
2014-02-03 22:57 - 2011-11-04 15:46 - 00131072 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-03 22:57 - 2010-12-22 01:07 - 00000178 ___SH C:\Documents and Settings\Big H\ntuser.ini
2014-02-03 22:57 - 2010-12-22 01:05 - 00032382 _____ C:\WINDOWS\SchedLgU.Txt
2014-02-03 22:56 - 2014-02-03 22:56 - 00006685 _____ C:\Documents and Settings\Big H\Desktop\AdwCleaner[R0].txt
2014-02-03 00:41 - 2011-06-04 06:39 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-30 03:48 - 2014-01-30 03:48 - 00024957 _____ C:\Documents and Settings\Big H\Desktop\Addition.txt
2014-01-30 03:48 - 2014-01-30 03:46 - 00000000 ____D C:\FRST
2014-01-30 03:44 - 2014-01-30 03:44 - 01137152 _____ (Farbar) C:\Documents and Settings\Big H\Desktop\FRST.exe
2014-01-30 03:37 - 2013-02-27 12:13 - 00094662 _____ C:\WINDOWS\setupapi.log
2014-01-27 23:40 - 2014-01-20 19:29 - 00022272 _____ C:\Documents and Settings\Big H\Desktop\attach.txt
2014-01-27 23:39 - 2014-01-20 19:29 - 00015350 _____ C:\Documents and Settings\Big H\Desktop\dds.txt
2014-01-23 21:03 - 2012-02-12 17:18 - 00000000 ____D C:\Documents and Settings\Big H\Application Data\Skype
2014-01-21 14:15 - 2010-12-22 01:07 - 00000000 ____D C:\Documents and Settings\Big H
2014-01-20 18:56 - 2014-01-20 18:54 - 00005134 _____ C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-20 18:56 - 2012-08-31 23:55 - 00000000 ____D C:\Program Files\Java
2014-01-16 22:08 - 2011-11-18 16:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-16 22:07 - 2013-08-09 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 22:03 - 2014-01-16 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-16 22:03 - 2014-01-16 21:59 - 00004478 _____ C:\WINDOWS\KB2914368.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00306704 _____ C:\WINDOWS\iis6.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00284404 _____ C:\WINDOWS\FaxSetup.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00144716 _____ C:\WINDOWS\ocgen.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00129772 _____ C:\WINDOWS\tsoc.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00094536 _____ C:\WINDOWS\comsetup.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00086580 _____ C:\WINDOWS\msmqinst.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00057259 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00049818 _____ C:\WINDOWS\netfxocm.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00019550 _____ C:\WINDOWS\MedCtrOC.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00015732 _____ C:\WINDOWS\ocmsn.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00014306 _____ C:\WINDOWS\tabletoc.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00014214 _____ C:\WINDOWS\msgsocm.log
2014-01-16 22:03 - 2013-03-13 09:29 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-16 22:03 - 2010-12-22 03:14 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-16 01:23 - 2013-02-25 14:21 - 00000000 ____D C:\Program Files\Video Thumbnails Maker
2014-01-15 21:14 - 2014-01-15 21:14 - 00000000 ____D C:\SUPERDelete
2014-01-15 21:10 - 2011-12-27 17:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Skype
2014-01-14 00:20 - 2014-01-14 00:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-01-14 00:20 - 2012-02-12 17:18 - 00000000 ___RD C:\Program Files\Skype
2014-01-14 00:20 - 2012-02-12 17:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2014-01-06 20:48 - 2012-09-28 14:13 - 00000000 ____D C:\Documents and Settings\Big H\Application Data\iFunbox_UserCache
2014-01-04 21:06 - 2013-03-18 23:15 - 00000000 ____D C:\Documents and Settings\Big H\Application Data\Spotify
2014-01-04 20:11 - 2013-03-18 23:17 - 00000000 ____D C:\Documents and Settings\Big H\Local Settings\Application Data\Spotify

Some content of TEMP:
====================
C:\Documents and Settings\Big H\Local Settings\Temp\HitmanPro.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Big H\Local Settings\Temp\ot_ahlhj.dll
C:\Documents and Settings\Big H\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Big H\Local Settings\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 05 February 2014 - 03:55 AM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#13 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 05 February 2014 - 11:00 PM

 ComboFix 14-02-05.02 - Big H 02/05/2014  18:57:59.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1995 [GMT -8:00]
Running from: c:\documents and settings\Big H\Desktop\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Big H\Application Data\ubot
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\compile.exe_0x5F4166D53D18E674EF964D14371EFD8D.1.manifest
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
c:\documents and settings\Big H\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\XRegistry.tmp
c:\documents and settings\Big H\My Documents\u-bot
c:\documents and settings\Big H\My Documents\u-bot\friendpos.txt
c:\documents and settings\Big H\My Documents\u-bot\mailpos.txt
c:\documents and settings\Big H\My Documents\u-bot\urls.txt
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-06 to 2014-02-06  )))))))))))))))))))))))))))))))
.
.
2014-02-04 06:19 . 2014-02-04 06:57 -------- d-----w- C:\AdwCleaner
2014-01-30 11:46 . 2014-02-04 07:14 -------- d-----w- C:\FRST
2014-01-21 02:56 . 2013-12-19 05:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 05:14 . 2014-01-16 05:14 -------- d-----w- C:\SUPERDelete
2014-01-14 08:20 . 2014-01-14 08:20 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-25 08:11 . 2013-08-04 16:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-25 08:11 . 2013-08-04 16:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-19 04:46 . 2012-09-01 07:56 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-10 03:20 . 2013-12-10 03:20 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-12-10 03:17 . 2013-12-10 03:17 419792 ----a-w- c:\windows\system32\SymVPN.dll
2013-12-10 03:17 . 2013-12-10 03:17 359888 ----a-w- c:\windows\system32\sysfer.dll
2013-12-10 03:17 . 2013-12-10 03:17 32816 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-12-10 03:17 . 2013-12-10 03:17 136144 ----a-w- c:\windows\system32\FwsVpn.dll
2013-12-10 03:17 . 2013-12-10 03:17 10704 ----a-w- c:\windows\system32\sysferThunk.dll
2013-12-10 03:17 . 2013-12-10 03:17 111584 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-11-27 20:21 . 2008-04-14 07:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2008-04-14 12:41 150528 ----a-w- c:\windows\system32\imagehlp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-09-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Big H\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Big H\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Big H\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Big H\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\Big H\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-11-27 1168896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-15 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2010-12-22 102400]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-26 1985824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Big H^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Big H\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Big H\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Big H\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Big H\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.2015.2015.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.2015.2015.105\\Bin\\snac.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51001:TCP"= 51001:TCP:Dragon Smart Phone Server
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [12/22/2010 1:15 AM 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12/22/2010 1:15 AM 35712]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymDS.sys [11/3/2012 7:22 AM 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\SymEFA.sys [11/3/2012 7:22 AM 927904]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [12/22/2010 2:36 AM 17952]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140121.011\BHDrvx86.sys [2/3/2014 11:29 PM 1098968]
R1 ccSettings_{29AC8EDB-F22A-46D3-9D66-4244585EAD0A};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [11/3/2012 7:22 AM 134304]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0107DF\07DF.105\x86\Ironx86.sys [11/3/2012 7:22 AM 175264]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 3:38 PM 116608]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/23/2010 12:24 PM 296808]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [11/3/2012 7:22 AM 143928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/27/2014 3:37 PM 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140205.011\IDSXpx86.sys [2/5/2014 12:11 AM 383120]
S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service; [x]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 8:15 AM 172192]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [11/3/2012 7:22 AM 28136]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/26/2013 12:03 AM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 06:30 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 20:06]
.
2014-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-25 20:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\documents and settings\Big H\Application Data\Mozilla\Firefox\Profiles\fxcip6ed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKCU-Run-AdobeBridge - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-05 19:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-562591055-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:bf,c0,c9,a6,9b,69,5e,d1,5f,ad,e1,5b,2a,a9,32,5c,e2,31,45,9f,f3,
   4e,d0,ec,4c,24,d1,d6,89,6e,ce,99,84,ae,a5,ec,c1,5a,90,91,09,20,12,cc,16,1f,\
"rkeysecu"=hex:01,0a,02,14,5c,bb,eb,a2,15,a6,27,35,c9,83,df,62
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{543ffede-0b91-4249-b812-ece1738d1aeb}]
@Denied: (Full) (Everyone)
"Model"=dword:00000056
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a1,45,ce,76,a3,01,a0,c4,73,fc,d5,43,11,70,95,80,a2,fe,c7,f6,dd,
   62,54,93,b0,0b,95,0a,5f,07,8a,dd,54,ec,c0,4e,8d,ba,ad,b0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1416)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-02-05  19:19:02
ComboFix-quarantined-files.txt  2014-02-06 03:18
ComboFix2.txt  2012-09-18 20:52
.
Pre-Run: 25,391,054,848 bytes free
Post-Run: 27,207,536,640 bytes free
.
- - End Of File - - 2296AFD5140E20F1518FA37D5CD08DBD
8F558EB6672622401DA993E1E865C861


#14 icecold240

icecold240
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 08 February 2014 - 03:17 PM

still waiting for help



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 10 February 2014 - 04:18 AM

Sorry for the delay.


Step 1

  • Start Malwarebytes Anti-Malware with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
  • Note: Do not forget to re-enable your antivirus application after running the above scan!





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users