Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop ups, hijacking, malware. Help please;)


  • This topic is locked This topic is locked
11 replies to this topic

#1 sheldonofosaka

sheldonofosaka

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 30 December 2014 - 09:45 AM

Mod Edit: Moved to appropriate forum ~~ boopme


I'm running windows XP
My computer has been showing symptoms for a few weeks, but recently they got drastically worse.
I'm inundated by constant pop ups. Anytime I click on something the webpage is hijacked and redirected to an ad; this has become so bad that I've been forced to write this message from my IPhone.
I've already run a FRST scan. I will attempt to copy and past results, yet not certain I will be able because of hijacking, was unable to log on to this site on previous attempt.
Please advise.
Best Regards, SheldonOfOsaka

Edited by boopme, 30 December 2014 - 09:54 AM.


BC AdBot (Login to Remove)

 


#2 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 30 December 2014 - 09:52 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Owner (administrator) on ANONYMOUS on 30-12-2014 22:53:31
Running from D:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) D:\WINDOWS\system32\rundll32.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
() D:\WINDOWS\system32\GManager.exe
(Oracle Corporation) D:\Program Files\JAVA\jre7\bin\jqs.exe
() D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
() D:\WINDOWS\system32\U2VSvr.exe
() D:\WINDOWS\system32\U2VT2Svr.exe
(Microsoft Corporation) D:\Program Files\UPHClean\uphclean.exe
(InstallShield Software Corporation) D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sun Microsystems, Inc.) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Magic Control Technology Corporation) D:\Program Files\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) D:\Program Files\Common Files\DesktopUtil\FDispPos.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) D:\Program Files\Skype\Phone\Skype.exe
(Safer-Networking Ltd.) D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Magic Control Technology Corporation) D:\WINDOWS\system32\MTri1+.exe
(Magic Control Technology Corporation) D:\WINDOWS\system32\MTrigger2.exe
(BitTorrent Inc.) D:\Documents and Settings\Owner\Application Data\BitTorrent\BitTorrent.exe
(Panasonic Corporation) D:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(McAfee, Inc.) D:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) D:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) D:\Program Files\iTunes\iTunes.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
() D:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) D:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AzMixerSel] => D:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM Startup] => D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [MCTDUtil] => D:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => D:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [Util] => D:\WINDOWS\system32\Util.exe [195200 2011-05-04] ()
HKLM\...\Run: [Util-MTrigger2] => D:\WINDOWS\system32\Util-MTrigger2.exe [195200 2011-05-04] ()
HKLM\...\Run: [mobilegeni daemon] => D:\Program Files\Mobogenie\DaemonProcess.exe                                                                                     
HKLM\...\Run: [Systweak Support Dock] => "D:\Program Files\Systweak Support Dock\SystweakDock.exe" /autorun 
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => D:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoSharedDocuments] 1
HKLM\...\Policies\Explorer: [MaxRecentDocs] 18
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Google Update] => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Skype] => D:\Program Files\Skype\Phone\Skype.exe [26100520 2010-03-09] (Skype Technologies S.A.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [SpybotSD TeaTimer] => D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [cdloader] => D:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-05] (magicJack L.P.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [BitTorrent] => D:\Documents and Settings\Owner\Application Data\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Akamai NetSession Interface] => "D:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe"
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> D:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> D:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * D:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
URLSearchHook: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - D:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://jp.hao123.com/?tn=incore_pay_hp_01_hao123_jp" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {08695E7C-3FF8-408F-89E5-CDCE161D6692} URL = http://www.google.co.jp/search?hl=en&q={searchTerms}&rlz=1I7SUNC_en
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=8C40001D7234E42E&affID=119776&tsp=5037
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
BHO: SaveLots -> {0ccca2c4-51c6-40ed-9804-fb1b7a9f3045} -> D:\Documents and Settings\All Users\Application Data\SaveLots\5V5rnkxXKdzX77.dll ()
BHO: Fun2Save -> {31265a66-a6fe-44e3-884b-532afd98576e} -> D:\Documents and Settings\All Users\Application Data\Fun2Save\L0oEAFfkMUuElA.dll ()
BHO: CCoupExtension -> {ce277863-9132-4575-8c47-a0d56dce18b4} -> D:\Documents and Settings\All Users\Application Data\CCoupExtension\1TOb3DGn8L0ySN.dll ()
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - D:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 04 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi -> D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> D:\Program Files\JAVA\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> D:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @lightspark.github.com/Lightspark;version=1 -> D:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @tools.google.com/Google Update;version=3 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @tools.google.com/Google Update;version=9 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-11]
FF HKLM\...\Firefox\Extensions: [{F31D66AC-796A-479E-9673-E793E63A5DAF}] - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF}
FF Extension: XULRunner - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF} [2010-08-05]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (YouTube) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-23]
CHR Extension: (Google Search) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-23]
CHR Extension: (DealPly French) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi [2013-10-16]
CHR Extension: (Live HTTP Headers) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2014-12-24]
CHR Extension: (Bcool) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcmkpifpihhlkkbjfehamkiigljaome [2012-05-21]
CHR Extension: (Google Wallet) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-23]
CHR Extension: (Naruto Ultimate Battle 2) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pkcpghjpdhmmddoiipeafngfpkbpnokd [2014-12-18]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [jkcmkpifpihhlkkbjfehamkiigljaome] - D:\Documents and Settings\All Users\Application Data\Bcool\jkcmkpifpihhlkkbjfehamkiigljaome.crx [2012-05-21]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - D:\Program Files\1ClickDownload\1click12.crx [Not Found]
CHR StartMenuInternet: Google Chrome - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 4d22c860; d:\Program Files\DeltaFix\DeltaFix.dll [4105216 2014-12-10] () [File not signed] <==== ATTENTION
S2 dealplylive; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
S3 dealplylivem; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
R2 GManager; D:\WINDOWS\system32\GManager.exe [226904 2012-08-28] ()
R2 JavaQuickStarterService; D:\Program Files\JAVA\jre7\bin\jqs.exe [170912 2013-02-08] (Oracle Corporation)
S3 McComponentHostService; D:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MCTDesktopSvr; D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 U2VSvr; D:\WINDOWS\system32\U2VSvr.exe [199296 2012-02-03] ()
R2 U2VT2Svr; D:\WINDOWS\system32\U2VT2Svr.exe [199296 2011-06-27] ()
R2 UPHClean; D:\Program Files\UPHClean\uphclean.exe [241725 2005-04-28] (Microsoft Corporation) [File not signed]
S2 !SASCORE; "D:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X]
S2 AVGIDSAgent; "D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 NETw4x32; D:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2530176 2008-03-13] (Intel Corporation)
S3 nm; D:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R3 Rasirda; D:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 Tcpip; D:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2009-04-21] (Microsoft Corporation) [File not signed]
R1 tStLibG; D:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-05] (StdLib)
S4 IntelIde; No ImagePath
S0 miqdlhhz; No ImagePath
S1 SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
U5 Tcpip6; D:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 22:53 - 2014-12-30 22:53 - 00000000 ____D () D:\FRST
2014-12-30 22:42 - 2014-12-30 22:42 - 00000000 _____ () D:\WINDOWS\WindowsUpdate.log
2014-12-24 18:24 - 2014-12-24 18:24 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\TheAdBlock
2014-12-24 10:25 - 2014-12-24 10:25 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\CCoupExtension
2014-12-18 13:26 - 2014-12-18 13:26 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\SaveLots
2014-12-18 13:24 - 2014-12-18 13:24 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Fun2Save
2014-12-17 12:25 - 2014-12-24 10:27 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\cf639b283dc8b814
2014-12-17 12:25 - 2014-12-17 12:25 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Happy2Save
2014-12-10 22:22 - 2014-12-10 22:22 - 00000000 ____D () D:\Program Files\BuuyNsave
2014-12-10 22:21 - 2014-12-10 22:21 - 00000000 ____D () D:\Program Files\BuyNssavEE
2014-12-10 22:21 - 2014-12-10 22:21 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\igdjfopccclkjbickdbkfokhgjbikimd
2014-12-10 22:21 - 2014-12-10 22:21 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\ggelanhldkahefgdcibpcgeinibohcmk
2014-12-10 22:18 - 2014-12-22 14:21 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\SkypEmoticons
2014-12-10 22:17 - 2014-12-10 22:23 - 00000000 ____D () D:\Program Files\DeltaFix
2014-12-10 22:16 - 2014-12-10 22:16 - 00000000 ____D () D:\Program Files\YouatubeAdBlocke
2014-12-10 22:16 - 2014-12-10 22:16 - 00000000 ____D () D:\Program Files\BuuyNsavve
2014-12-10 22:16 - 2014-12-10 22:16 - 00000000 ____D () D:\Program Files\Best Flash Play
2014-12-10 22:15 - 2014-12-10 22:15 - 00000000 ____D () D:\Program Files\BuYNSaVe
2014-12-10 22:15 - 2014-12-10 22:15 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\koaidhkeeblapcmplplfkaeeomolgpdb
2014-12-10 22:15 - 2014-12-10 22:15 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\14943958585682999316
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 22:54 - 2010-08-26 05:22 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\temp
2014-12-30 22:54 - 2010-02-13 07:16 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\BitTorrent
2014-12-30 22:40 - 2010-02-13 09:32 - 00000886 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 22:37 - 2013-10-16 22:38 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-30 22:37 - 2010-02-13 09:53 - 00000978 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003UA.job
2014-12-30 22:31 - 2010-02-11 20:01 - 00000422 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{0C645668-D06E-4D40-A724-910F14F0648C}.job
2014-12-30 22:25 - 2013-10-16 22:20 - 00000892 _____ () D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-12-30 22:25 - 2013-10-16 22:20 - 00000888 _____ () D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-12-30 22:25 - 2010-02-11 19:05 - 00228352 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-30 22:24 - 2010-02-11 18:53 - 00000000 ____D () D:\Documents and Settings\Owner
2014-12-30 22:19 - 2013-10-16 22:19 - 00000412 _____ () D:\WINDOWS\Tasks\At1.job
2014-12-30 22:19 - 2013-10-16 22:19 - 00000290 _____ () D:\WINDOWS\Tasks\DealPlyUpdate.job
2014-12-30 22:19 - 2013-10-16 22:19 - 00000000 ____D () D:\Program Files\DealPly
2014-12-30 20:54 - 2013-11-22 13:21 - 00000471 ____N () D:\WINDOWS\wiadebug.log
2014-12-30 19:40 - 2010-02-13 09:32 - 00000882 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 16:37 - 2010-02-11 18:53 - 00032440 ____N () D:\WINDOWS\SchedLgU.Txt
2014-12-30 14:37 - 2010-02-13 09:53 - 00000926 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003Core.job
2014-12-30 10:07 - 2011-05-23 23:04 - 00000284 _____ () D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-12-30 01:25 - 2013-10-16 22:05 - 00000266 _____ () D:\WINDOWS\Tasks\EPUpdater.job
2014-12-29 07:13 - 2010-02-11 19:52 - 00000664 _____ () D:\WINDOWS\system32\d3d9caps.dat
2014-12-29 03:25 - 2013-12-21 18:07 - 00002797 _____ () D:\WINDOWS\system32\GManager.ini
2014-12-29 03:25 - 2013-11-22 13:21 - 00000050 ____N () D:\WINDOWS\wiaservc.log
2014-12-29 03:25 - 2010-02-11 18:53 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-12-29 03:25 - 2008-04-14 21:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-12-27 01:46 - 2014-05-20 23:19 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\vlc
2014-12-26 00:19 - 2011-05-20 22:33 - 00001010 _____ () D:\Documents and Settings\Owner\Start Menu\Programs\magicJack.lnk
2014-12-26 00:19 - 2011-05-20 22:33 - 00001004 _____ () D:\Documents and Settings\Owner\Desktop\magicJack.lnk
2014-12-26 00:19 - 2011-05-20 22:32 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\mjusbsp
2014-12-10 23:37 - 2013-02-24 22:57 - 00701104 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-10 23:37 - 2013-02-24 22:57 - 00071344 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-10 14:39 - 2010-02-13 09:54 - 00002284 _____ () D:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
 
Files to move or delete:
====================
D:\Documents and Settings\Custom Settings\Apply Theme.vbs
D:\Documents and Settings\Custom Settings\Auto Config.bat
D:\Documents and Settings\Custom Settings\IE Favorite Links.bat
D:\Documents and Settings\Custom Settings\IExpress Shortcut Creator.vbs
D:\Documents and Settings\Custom Settings\System Settings.bat
D:\Documents and Settings\Custom Settings\System Settings.reg
D:\Documents and Settings\Custom Settings\TaskBarCmd v1.1.exe
D:\Documents and Settings\Custom Settings\User Settings.bat
D:\Documents and Settings\Custom Settings\User Settings.reg
D:\Documents and Settings\Custom Settings\WMP Shortcut Creator.vbs
D:\Windows\Tasks\At1.job
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#3 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 30 December 2014 - 09:57 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Owner at 2014-12-30 22:54:35
Running from D:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
Anki (HKLM\...\Anki) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (Version: 12.0.2090 - AVG Technologies) Hidden
Best Flash Play (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
BitTorrent (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
BitTorrentBar Toolbar (HKLM\...\BitTorrentBar Toolbar) (Version: 6.13.3.501 - BitTorrentBar)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Burn4Free CD & DVD 4.9.0.0 (HKLM\...\Burn4Free CD & DVD_is1) (Version:  - Ikysasoft s.r.l. uninominale)
BuuyNsave (HKLM\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version:  - BuyNsave)
CCleaner (HKLM\...\CCleaner) (Version: 2.29 - Piriform)
CCoupExtension (HKLM\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version:  - "") <==== ATTENTION
Delta toolbar   (HKLM\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Fun2Save (HKLM\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version:  - "") <==== ATTENTION
Google Chrome (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Happy2Save (HKLM\...\{E957849A-94AC-6F46-4623-C31474E3C170}) (Version:  - "") <==== ATTENTION
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.8.1 - Kai Liu)
HD Writer AE 2.6T (HKLM\...\{B638BA42-AE8C-4A1C-89C9-A7801F8BBBB9}) (Version: 2.06.009.1033 - Panasonic Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
j5 USB DISPLAY ADAPTER 13.10.0522.3179 (HKLM\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 13.10.0522.3179 - j5create)
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Juice 2.2 (HKLM\...\Juice) (Version: 2.2 - Juice Team)
K-Lite Mega Codec Pack 4.7.5 (HKLM\...\KLiteCodecPack_is1) (Version: 4.7.5 - )
LonghandDouble (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4d22c860}) (Version:  - SystemAmplifier) <==== ATTENTION
magicJack (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - )
MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter) (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\MLQTSource) (Version: 1.7.0.6 - MediaLooks)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation) Hidden
Open Command Prompt Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 1.2.0.0 - Kai Liu)
ProgSense (HKLM\...\ProgSense_is1) (Version:  - recipester.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 2.8.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.8.0 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5423 - Realtek Semiconductor Corp.)
SaveLots (HKLM\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - "") <==== ATTENTION
Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.155 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TheAdBlock (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - TheAdBlock) <==== ATTENTION
Unlocker 1.8.7 (HKLM\...\Unlocker) (Version: 1.8.7 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb2279264) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{01D475AB-57B1-44CC-8A8F-3A6B0FA4989F}) (Version:  - Microsoft)
User Profile Hive Cleanup Service (HKLM\...\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}) (Version: 1.6.30 - Microsoft Corporation)
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
YouatubeAdBlocke (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
YouTube Downloader 2.5.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> D:\Documents and Settings\Owner\My Documents\Downloads\Nikita S03E04 HDTV x264 LOL mp4 (1).exe No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 5 more characters).
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 21:00 - 2010-08-26 05:18 - 00000027 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\AppleSoftwareUpdate.job => D:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: D:\WINDOWS\Tasks\At1.job => D:\DOCUME~1\Owner\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job => D:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job => D:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\DealPlyUpdate.job => D:\Program Files\DealPly\DealPlyUpdate.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\EPUpdater.job => D:\DOCUME~1\Owner\APPLIC~1\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003Core.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003UA.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{0C645668-D06E-4D40-A724-910F14F0648C}.job => D:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-10 22:17 - 2014-12-10 22:23 - 04105216 _____ () d:\Program Files\DeltaFix\DeltaFix.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-21 18:07 - 2012-08-28 14:20 - 00226904 _____ () D:\WINDOWS\system32\GManager.exe
2013-12-21 18:07 - 2011-05-03 18:13 - 00199296 _____ () D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
2013-12-21 18:07 - 2012-02-03 18:14 - 00199296 _____ () D:\WINDOWS\system32\U2VSvr.exe
2013-12-21 18:07 - 2011-06-27 15:16 - 00199296 _____ () D:\WINDOWS\system32\U2VT2Svr.exe
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00107008 _____ () D:\Program Files\VideoLAN\VLC\vlc.exe
2010-11-14 01:46 - 2010-11-14 01:46 - 00101376 _____ () D:\Program Files\VideoLAN\VLC\libvlc.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 02262528 _____ () D:\Program Files\VideoLAN\VLC\libvlccore.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00047104 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00067072 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00210944 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 02170368 _____ () D:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00046592 _____ () D:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033792 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00090112 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00231424 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00039424 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00034304 _____ () D:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00078848 _____ () D:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00108032 _____ () D:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01199104 _____ () D:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00337920 _____ () D:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01141248 _____ () D:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00046592 _____ () D:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00194048 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033792 _____ () D:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00090112 _____ () D:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 11047936 _____ () D:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00088064 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaccess_http_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00037376 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00034304 _____ () D:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00238080 _____ () D:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01025536 _____ () D:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00265216 _____ () D:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01712128 _____ () D:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00130048 _____ () D:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01747968 _____ () D:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00045568 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033280 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00039424 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00309760 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00368640 _____ () D:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00037888 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00035840 _____ () D:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036352 _____ () D:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00258048 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 07065600 _____ () D:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01747456 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00048640 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00039936 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00297472 _____ () D:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00046080 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00135680 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00037888 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00073728 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036352 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00040448 _____ () D:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00052224 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032768 _____ () D:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00038400 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036864 _____ () D:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032768 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031744 _____ () D:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00038912 _____ () D:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00061440 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00057344 _____ () D:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00128000 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00178176 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00065536 _____ () D:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00047104 _____ () D:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032768 _____ () D:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032256 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033792 _____ () D:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00030720 _____ () D:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032256 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00038912 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032256 _____ () D:\Program Files\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00041472 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031744 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036864 _____ () D:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00075776 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaccess_mms_plugin.dll
2009-04-21 03:18 - 2010-02-06 03:29 - 01291776 _____ () D:\WINDOWS\system32\quartz.dll
2008-04-14 21:00 - 2008-04-14 21:00 - 00014336 _____ () D:\WINDOWS\system32\msdmo.dll
2008-04-14 21:00 - 2008-04-14 21:00 - 00059904 _____ () D:\WINDOWS\system32\devenum.dll
2008-05-02 13:15 - 2008-05-02 13:15 - 00010240 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll
2010-02-12 08:29 - 2010-02-03 08:46 - 00141824 _____ () D:\Program Files\WinRAR\rarext.dll
2008-04-14 21:00 - 2008-04-14 21:00 - 00562176 _____ () D:\WINDOWS\system32\qedit.dll
2010-02-11 19:01 - 2009-03-27 22:24 - 03043328 _____ () D:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
2014-12-10 14:39 - 2014-12-06 10:50 - 09009480 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 14:39 - 2014-12-06 10:50 - 01677128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-10 14:39 - 2014-12-06 10:50 - 14913352 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: D:^Documents and Settings^Owner^Start Menu^Programs^Startup^ProgSense.lnk => D:\WINDOWS\pss\ProgSense.lnkStartup
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: BitTorrent DNA => "D:\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: CoolSwitch => D:\WINDOWS\system32\taskswitch.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: PHIME2002A => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files\Java\jre6\bin\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1645522239-1844237615-1177238915-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1645522239-1844237615-1177238915-1004 - Limited - Enabled)
Guest (S-1-5-21-1645522239-1844237615-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1645522239-1844237615-1177238915-1000 - Limited - Disabled)
Owner (S-1-5-21-1645522239-1844237615-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1645522239-1844237615-1177238915-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Video Controller
Description: Video Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Modem Device on High Definition Audio Bus
Description: Modem Device on High Definition Audio Bus
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Intel® Wireless WiFi Link 4965AGN
Description: Intel® Wireless WiFi Link 4965AGN
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw4x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/29/2014 03:28:17 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (12/20/2014 10:57:18 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (11/30/2014 02:07:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
 
Error: (11/30/2014 02:07:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (11/22/2014 10:57:25 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (11/01/2014 10:57:42 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
 
System errors:
=============
Error: (12/30/2014 10:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 09:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 08:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 07:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 06:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 05:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 04:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 03:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 02:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 01:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 53%
Total physical RAM: 3062.36 MB
Available physical RAM: 1423.22 MB
Total Pagefile: 4948.24 MB
Available Pagefile: 3358.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.61 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:111.57 GB) (Free:14.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:111.54 GB) (Free:12.5 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (FEST_h_20131205) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 9300506E)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=111.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.5 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#4 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 03 January 2015 - 10:33 PM

Thanks for your reply. Yet, still waiting for help...O_o...please....;)



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 PM

Posted 04 January 2015 - 09:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561483 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 04 January 2015 - 10:07 AM


Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these malware programs using the Add/Remove Programs applet.

CCoupExtension
Delta toolbar
Fun2Save
Happy2Save
LonghandDouble
SaveLots
TheAdBlock
YouatubeAdBlocke


===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [mobilegeni daemon] => D:\Program Files\Mobogenie\DaemonProcess.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
URLSearchHook: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - D:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://jp.hao123.com/?tn=incore_pay_hp_01_hao123_jp" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=8C40001D7234E42E&affID=119776&tsp=5037
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
BHO: SaveLots -> {0ccca2c4-51c6-40ed-9804-fb1b7a9f3045} -> D:\Documents and Settings\All Users\Application Data\SaveLots\5V5rnkxXKdzX77.dll ()
BHO: Fun2Save -> {31265a66-a6fe-44e3-884b-532afd98576e} -> D:\Documents and Settings\All Users\Application Data\Fun2Save\L0oEAFfkMUuElA.dll ()
BHO: CCoupExtension -> {ce277863-9132-4575-8c47-a0d56dce18b4} -> D:\Documents and Settings\All Users\Application Data\CCoupExtension\1TOb3DGn8L0ySN.dll ()
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @checkpoint.com/FFApi -> D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @lightspark.github.com/Lightspark;version=1 -> D:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{F31D66AC-796A-479E-9673-E793E63A5DAF}] - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF}
FF Extension: XULRunner - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF} [2010-08-05]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (DealPly French) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi [2013-10-16]
CHR Extension: (Bcool) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcmkpifpihhlkkbjfehamkiigljaome [2012-05-21]
CHR Extension: (Google Wallet) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [jkcmkpifpihhlkkbjfehamkiigljaome] - D:\Documents and Settings\All Users\Application Data\Bcool\jkcmkpifpihhlkkbjfehamkiigljaome.crx [2012-05-21]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - D:\Program Files\1ClickDownload\1click12.crx [Not Found]
R2 4d22c860; d:\Program Files\DeltaFix\DeltaFix.dll [4105216 2014-12-10] () [File not signed] <==== ATTENTION
S2 dealplylive; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
S3 dealplylivem; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
S2 !SASCORE; "D:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X]
S2 AVGIDSAgent; "D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]
R1 tStLibG; D:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-05] (StdLib)
S4 IntelIde; No ImagePath
S0 miqdlhhz; No ImagePath
S1 SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
U1 WS2IFSL; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please post the logs and let me know what problem persists.

#7 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 January 2015 - 11:03 AM

Thank you for your help...unfortunately there still appear to be pop-ups... :(

 

# AdwCleaner v4.106 - Report created 05/01/2015 at 00:53:22
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - ANONYMOUS
# Running from : D:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpi
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\onekit
Key Deleted : HKCU\Software\Baidu
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DealPly
Key Deleted : HKLM\SOFTWARE\DealPlyLive
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : HKLM\SOFTWARE\Lightspark Team
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{842C4394-47F7-60DE-480B-C09116B63559}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{98449C67-C7AF-BB53-112D-26C916814611}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[0\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.searchfix.info/?pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP");
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchfix.info/?pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP&l=1&q=");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchfix.info/?pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP&l=1&q=");
 
-\\ Google Chrome v
 
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8C40001D7234E42E&affID=119776&tsp=5037
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.gboxapp.com/?category=web&query={searchTerms}&x=0&y=0&language=en
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejnmnhkgiphcaeefbaooconkceehicfi
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.gboxapp.com/
 
*************************
 
AdwCleaner[R0].txt - [23000 octets] - [05/01/2015 00:43:31]
AdwCleaner[R1].txt - [7369 octets] - [05/01/2015 00:50:49]
AdwCleaner[S0].txt - [14872 octets] - [05/01/2015 00:48:57]
AdwCleaner[S1].txt - [7247 octets] - [05/01/2015 00:53:22]
 
########## EOF - D:\AdwCleaner\AdwCleaner[S1].txt - [7307 octets] ##########
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 03
Ran by Owner at 2015-01-05 00:33:24 Run:1
Running from D:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [mobilegeni daemon] => D:\Program Files\Mobogenie\DaemonProcess.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
URLSearchHook: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - D:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://jp.hao123.com/?tn=incore_pay_hp_01_hao123_jp" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=8C40001D7234E42E&affID=119776&tsp=5037
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
BHO: SaveLots -> {0ccca2c4-51c6-40ed-9804-fb1b7a9f3045} -> D:\Documents and Settings\All Users\Application Data\SaveLots\5V5rnkxXKdzX77.dll ()
BHO: Fun2Save -> {31265a66-a6fe-44e3-884b-532afd98576e} -> D:\Documents and Settings\All Users\Application Data\Fun2Save\L0oEAFfkMUuElA.dll ()
BHO: CCoupExtension -> {ce277863-9132-4575-8c47-a0d56dce18b4} -> D:\Documents and Settings\All Users\Application Data\CCoupExtension\1TOb3DGn8L0ySN.dll ()
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @checkpoint.com/FFApi -> D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @lightspark.github.com/Lightspark;version=1 -> D:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{F31D66AC-796A-479E-9673-E793E63A5DAF}] - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF}
FF Extension: XULRunner - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF} [2010-08-05]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (DealPly French) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi [2013-10-16]
CHR Extension: (Bcool) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcmkpifpihhlkkbjfehamkiigljaome [2012-05-21]
CHR Extension: (Google Wallet) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [jkcmkpifpihhlkkbjfehamkiigljaome] - D:\Documents and Settings\All Users\Application Data\Bcool\jkcmkpifpihhlkkbjfehamkiigljaome.crx [2012-05-21]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - D:\Program Files\1ClickDownload\1click12.crx [Not Found]
R2 4d22c860; d:\Program Files\DeltaFix\DeltaFix.dll [4105216 2014-12-10] () [File not signed] <==== ATTENTION
S2 dealplylive; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
S3 dealplylivem; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
S2 !SASCORE; "D:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X]
S2 AVGIDSAgent; "D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]
R1 tStLibG; D:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-05] (StdLib)
S4 IntelIde; No ImagePath
S0 miqdlhhz; No ImagePath
S1 SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
U1 WS2IFSL; No ImagePath
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
"HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
"HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. 
"HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found. 
"HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ccca2c4-51c6-40ed-9804-fb1b7a9f3045} => Key not found. 
"HKCR\CLSID\{0ccca2c4-51c6-40ed-9804-fb1b7a9f3045}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31265a66-a6fe-44e3-884b-532afd98576e} => Key not found. 
"HKCR\CLSID\{31265a66-a6fe-44e3-884b-532afd98576e}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce277863-9132-4575-8c47-a0d56dce18b4} => Key not found. 
"HKCR\CLSID\{ce277863-9132-4575-8c47-a0d56dce18b4}" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} => value deleted successfully.
HKCR\CLSID\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} => Key not found. 
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found. 
"HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3" => Key deleted successfully.
D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9" => Key deleted successfully.
D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll not found.
"HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18" => Key deleted successfully.
D:\Program Files\Veetle\Player\npvlc.dll => Moved successfully.
"HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => Key deleted successfully.
D:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{F31D66AC-796A-479E-9673-E793E63A5DAF} => value deleted successfully.
D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF} => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi => Moved successfully.
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcmkpifpihhlkkbjfehamkiigljaome => Moved successfully.
D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jkcmkpifpihhlkkbjfehamkiigljaome" => Key deleted successfully.
D:\Documents and Settings\All Users\Application Data\Bcool\jkcmkpifpihhlkkbjfehamkiigljaome.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh" => Key deleted successfully.
4d22c860 => Service not found.
dealplylive => Service deleted successfully.
dealplylivem => Service deleted successfully.
!SASCORE => Service deleted successfully.
AVGIDSAgent => Service deleted successfully.
wscsvc => Service deleted successfully.
wuauserv => Service deleted successfully.
tStLibG => Unable to stop service
tStLibG => Service deleted successfully.
IntelIde => Service deleted successfully.
miqdlhhz => Service deleted successfully.
SASKUTIL => Service deleted successfully.
WS2IFSL => Service deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 00:33:33 ====
 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 04 January 2015 - 11:08 AM

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#9 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 January 2015 - 11:50 AM

The computer is running much better and so far I haven't seen any popups;D

 

 Results of screen317's Security Check version 0.99.93  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 13  
 Java version 32-bit out of Date! 
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive D:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 04 January 2015 - 03:21 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 13

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 04 January 2015 - 08:37 PM

I believe all is well. Thanks so much for all your help!!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 PM

Posted 05 January 2015 - 08:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users