Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop up malware....correct forum?


  • This topic is locked This topic is locked
2 replies to this topic

#1 sheldonofosaka

sheldonofosaka

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 31 December 2014 - 03:11 AM

This is  the second time I'm writing about this topic, as the first must have been in the wrong forum and has been moved to Parts Unknown. Please bare in mind my computer is so full of pop ups that I can hardly write. Please PM me or share a link to new location if this message is relocated. Thank you.

 

Anyways, I have some sort of pop up hijacking malware. Have run a FRST here is the log....please help...please.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Owner at 2014-12-30 22:54:35
Running from D:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Alt-Tab Task Switcher Powertoy for Windows XP (HKLM\...\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}) (Version: 1.00.0001 - Microsoft Corporation)
Anki (HKLM\...\Anki) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (Version: 12.0.2090 - AVG Technologies) Hidden
Best Flash Play (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
BitTorrent (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
BitTorrentBar Toolbar (HKLM\...\BitTorrentBar Toolbar) (Version: 6.13.3.501 - BitTorrentBar)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Burn4Free CD & DVD 4.9.0.0 (HKLM\...\Burn4Free CD & DVD_is1) (Version:  - Ikysasoft s.r.l. uninominale)
BuuyNsave (HKLM\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version:  - BuyNsave)
CCleaner (HKLM\...\CCleaner) (Version: 2.29 - Piriform)
CCoupExtension (HKLM\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version:  - "") <==== ATTENTION
Delta toolbar   (HKLM\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )
Fun2Save (HKLM\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version:  - "") <==== ATTENTION
Google Chrome (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Happy2Save (HKLM\...\{E957849A-94AC-6F46-4623-C31474E3C170}) (Version:  - "") <==== ATTENTION
HashCheck Shell Extension (x86-32) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.8.1 - Kai Liu)
HD Writer AE 2.6T (HKLM\...\{B638BA42-AE8C-4A1C-89C9-A7801F8BBBB9}) (Version: 2.06.009.1033 - Panasonic Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
j5 USB DISPLAY ADAPTER 13.10.0522.3179 (HKLM\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 13.10.0522.3179 - j5create)
Java 7 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Juice 2.2 (HKLM\...\Juice) (Version: 2.2 - Juice Team)
K-Lite Mega Codec Pack 4.7.5 (HKLM\...\KLiteCodecPack_is1) (Version: 4.7.5 - )
LonghandDouble (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4d22c860}) (Version:  - SystemAmplifier) <==== ATTENTION
magicJack (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - )
MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter) (HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\MLQTSource) (Version: 1.7.0.6 - MediaLooks)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation) Hidden
Open Command Prompt Shell Extension (x86-32) (HKLM\...\CmdOpen Shell Extension) (Version: 1.2.0.0 - Kai Liu)
ProgSense (HKLM\...\ProgSense_is1) (Version:  - recipester.org)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTime Alternative 2.8.0 (HKLM\...\QuicktimeAlt_is1) (Version: 2.8.0 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5423 - Realtek Semiconductor Corp.)
SaveLots (HKLM\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - "") <==== ATTENTION
Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.155 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TheAdBlock (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - TheAdBlock) <==== ATTENTION
Unlocker 1.8.7 (HKLM\...\Unlocker) (Version: 1.8.7 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb2279264) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{01D475AB-57B1-44CC-8A8F-3A6B0FA4989F}) (Version:  - Microsoft)
User Profile Hive Cleanup Service (HKLM\...\{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}) (Version: 1.6.30 - Microsoft Corporation)
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
YouatubeAdBlocke (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
YouTube Downloader 2.5.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - BienneSoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> D:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> D:\Documents and Settings\Owner\My Documents\Downloads\Nikita S03E04 HDTV x264 LOL mp4 (1).exe No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 5 more characters).
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 21:00 - 2010-08-26 05:18 - 00000027 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: D:\WINDOWS\Tasks\Adobe Flash Player Updater.job => D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: D:\WINDOWS\Tasks\AppleSoftwareUpdate.job => D:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: D:\WINDOWS\Tasks\At1.job => D:\DOCUME~1\Owner\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job => D:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job => D:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\DealPlyUpdate.job => D:\Program Files\DealPly\DealPlyUpdate.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\EPUpdater.job => D:\DOCUME~1\Owner\APPLIC~1\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003Core.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003UA.job => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\User_Feed_Synchronization-{0C645668-D06E-4D40-A724-910F14F0648C}.job => D:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-12-10 22:17 - 2014-12-10 22:23 - 04105216 _____ () d:\Program Files\DeltaFix\DeltaFix.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-21 18:07 - 2012-08-28 14:20 - 00226904 _____ () D:\WINDOWS\system32\GManager.exe
2013-12-21 18:07 - 2011-05-03 18:13 - 00199296 _____ () D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
2013-12-21 18:07 - 2012-02-03 18:14 - 00199296 _____ () D:\WINDOWS\system32\U2VSvr.exe
2013-12-21 18:07 - 2011-06-27 15:16 - 00199296 _____ () D:\WINDOWS\system32\U2VT2Svr.exe
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00107008 _____ () D:\Program Files\VideoLAN\VLC\vlc.exe
2010-11-14 01:46 - 2010-11-14 01:46 - 00101376 _____ () D:\Program Files\VideoLAN\VLC\libvlc.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 02262528 _____ () D:\Program Files\VideoLAN\VLC\libvlccore.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00047104 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00067072 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdirectx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00210944 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdshow_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 02170368 _____ () D:\Program Files\VideoLAN\VLC\plugins\libskins2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00046592 _____ () D:\Program Files\VideoLAN\VLC\plugins\libwaveout_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033792 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00090112 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00231424 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00039424 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00034304 _____ () D:\Program Files\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00078848 _____ () D:\Program Files\VideoLAN\VLC\plugins\libzip_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00108032 _____ () D:\Program Files\VideoLAN\VLC\plugins\libplaylist_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01199104 _____ () D:\Program Files\VideoLAN\VLC\plugins\libtaglib_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00337920 _____ () D:\Program Files\VideoLAN\VLC\plugins\liblua_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01141248 _____ () D:\Program Files\VideoLAN\VLC\plugins\libxml_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00046592 _____ () D:\Program Files\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00194048 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmp4_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033792 _____ () D:\Program Files\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00090112 _____ () D:\Program Files\VideoLAN\VLC\plugins\libavi_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 11047936 _____ () D:\Program Files\VideoLAN\VLC\plugins\libqt4_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfolder_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00088064 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaccess_http_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00037376 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfake_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00034304 _____ () D:\Program Files\VideoLAN\VLC\plugins\libcdg_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00238080 _____ () D:\Program Files\VideoLAN\VLC\plugins\libpng_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01025536 _____ () D:\Program Files\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00265216 _____ () D:\Program Files\VideoLAN\VLC\plugins\libflac_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01712128 _____ () D:\Program Files\VideoLAN\VLC\plugins\libvorbis_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00130048 _____ () D:\Program Files\VideoLAN\VLC\plugins\libspeex_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01747968 _____ () D:\Program Files\VideoLAN\VLC\plugins\liblibass_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00045568 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaraw_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033280 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaes3_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00039424 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdts_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00309760 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfaad_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00368640 _____ () D:\Program Files\VideoLAN\VLC\plugins\libtheora_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00037888 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00035840 _____ () D:\Program Files\VideoLAN\VLC\plugins\liblpcm_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036352 _____ () D:\Program Files\VideoLAN\VLC\plugins\liba52_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00258048 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 07065600 _____ () D:\Program Files\VideoLAN\VLC\plugins\libavcodec_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 01747456 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfreetype_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00048640 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00039936 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00297472 _____ () D:\Program Files\VideoLAN\VLC\plugins\libswscale_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00046080 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00135680 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00037888 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00073728 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036352 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00040448 _____ () D:\Program Files\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00052224 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032768 _____ () D:\Program Files\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00038400 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036864 _____ () D:\Program Files\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032768 _____ () D:\Program Files\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031744 _____ () D:\Program Files\VideoLAN\VLC\plugins\libscale_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libyuvp_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00038912 _____ () D:\Program Files\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00061440 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdrawable_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00057344 _____ () D:\Program Files\VideoLAN\VLC\plugins\libblend_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00128000 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00178176 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00065536 _____ () D:\Program Files\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00047104 _____ () D:\Program Files\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032768 _____ () D:\Program Files\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032256 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00033792 _____ () D:\Program Files\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00030720 _____ () D:\Program Files\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032256 _____ () D:\Program Files\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031232 _____ () D:\Program Files\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00038912 _____ () D:\Program Files\VideoLAN\VLC\plugins\libmono_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00032256 _____ () D:\Program Files\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00041472 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00031744 _____ () D:\Program Files\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00036864 _____ () D:\Program Files\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
2010-11-14 01:46 - 2010-11-14 01:46 - 00075776 _____ () D:\Program Files\VideoLAN\VLC\plugins\libaccess_mms_plugin.dll
2009-04-21 03:18 - 2010-02-06 03:29 - 01291776 _____ () D:\WINDOWS\system32\quartz.dll
2008-04-14 21:00 - 2008-04-14 21:00 - 00014336 _____ () D:\WINDOWS\system32\msdmo.dll
2008-04-14 21:00 - 2008-04-14 21:00 - 00059904 _____ () D:\WINDOWS\system32\devenum.dll
2008-05-02 13:15 - 2008-05-02 13:15 - 00010240 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll
2010-02-12 08:29 - 2010-02-03 08:46 - 00141824 _____ () D:\Program Files\WinRAR\rarext.dll
2008-04-14 21:00 - 2008-04-14 21:00 - 00562176 _____ () D:\WINDOWS\system32\qedit.dll
2010-02-11 19:01 - 2009-03-27 22:24 - 03043328 _____ () D:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
2014-12-10 14:39 - 2014-12-06 10:50 - 09009480 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 14:39 - 2014-12-06 10:50 - 01677128 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-10 14:39 - 2014-12-06 10:50 - 14913352 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: D:^Documents and Settings^Owner^Start Menu^Programs^Startup^ProgSense.lnk => D:\WINDOWS\pss\ProgSense.lnkStartup
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: BitTorrent DNA => "D:\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: CoolSwitch => D:\WINDOWS\system32\taskswitch.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: PHIME2002A => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "D:\Program Files\Java\jre6\bin\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1645522239-1844237615-1177238915-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1645522239-1844237615-1177238915-1004 - Limited - Enabled)
Guest (S-1-5-21-1645522239-1844237615-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1645522239-1844237615-1177238915-1000 - Limited - Disabled)
Owner (S-1-5-21-1645522239-1844237615-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1645522239-1844237615-1177238915-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Video Controller
Description: Video Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Modem Device on High Definition Audio Bus
Description: Modem Device on High Definition Audio Bus
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Intel® Wireless WiFi Link 4965AGN
Description: Intel® Wireless WiFi Link 4965AGN
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw4x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/29/2014 03:28:17 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (12/20/2014 10:57:18 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (11/30/2014 02:07:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
 
Error: (11/30/2014 02:07:21 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (11/22/2014 10:57:25 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (11/01/2014 10:57:42 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (10/28/2014 00:31:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
 
System errors:
=============
Error: (12/30/2014 10:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 09:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 08:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 07:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 06:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 05:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 04:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 03:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 02:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
Error: (12/30/2014 01:19:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942402
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 53%
Total physical RAM: 3062.36 MB
Available physical RAM: 1423.22 MB
Total Pagefile: 4948.24 MB
Available Pagefile: 3358.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.61 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:111.57 GB) (Free:14.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:111.54 GB) (Free:12.5 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (FEST_h_20131205) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 9300506E)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=111.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.5 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Owner (administrator) on ANONYMOUS on 30-12-2014 22:53:31
Running from D:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) D:\WINDOWS\system32\rundll32.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
() D:\WINDOWS\system32\GManager.exe
(Oracle Corporation) D:\Program Files\JAVA\jre7\bin\jqs.exe
() D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe
() D:\WINDOWS\system32\U2VSvr.exe
() D:\WINDOWS\system32\U2VT2Svr.exe
(Microsoft Corporation) D:\Program Files\UPHClean\uphclean.exe
(InstallShield Software Corporation) D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sun Microsystems, Inc.) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Magic Control Technology Corporation) D:\Program Files\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) D:\Program Files\Common Files\DesktopUtil\FDispPos.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) D:\Program Files\Skype\Phone\Skype.exe
(Safer-Networking Ltd.) D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Magic Control Technology Corporation) D:\WINDOWS\system32\MTri1+.exe
(Magic Control Technology Corporation) D:\WINDOWS\system32\MTrigger2.exe
(BitTorrent Inc.) D:\Documents and Settings\Owner\Application Data\BitTorrent\BitTorrent.exe
(Panasonic Corporation) D:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(McAfee, Inc.) D:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(Sun Microsystems, Inc.) D:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) D:\Program Files\iTunes\iTunes.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
() D:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) D:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AzMixerSel] => D:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-06-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM Startup] => D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM\...\Run: [APSDaemon] => D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [MCTDUtil] => D:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => D:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [Util] => D:\WINDOWS\system32\Util.exe [195200 2011-05-04] ()
HKLM\...\Run: [Util-MTrigger2] => D:\WINDOWS\system32\Util-MTrigger2.exe [195200 2011-05-04] ()
HKLM\...\Run: [mobilegeni daemon] => D:\Program Files\Mobogenie\DaemonProcess.exe                                                                                     
HKLM\...\Run: [Systweak Support Dock] => "D:\Program Files\Systweak Support Dock\SystweakDock.exe" /autorun 
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => D:\Program Files\QuickTime Alternative\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM\...\Policies\Explorer: [NoSharedDocuments] 1
HKLM\...\Policies\Explorer: [MaxRecentDocs] 18
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Google Update] => D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Skype] => D:\Program Files\Skype\Phone\Skype.exe [26100520 2010-03-09] (Skype Technologies S.A.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [SpybotSD TeaTimer] => D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [cdloader] => D:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-05] (magicJack L.P.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [BitTorrent] => D:\Documents and Settings\Owner\Application Data\BitTorrent\BitTorrent.exe [1388888 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\...\Run: [Akamai NetSession Interface] => "D:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe"
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> D:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> D:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * D:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1645522239-1844237615-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
URLSearchHook: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - D:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://jp.hao123.com/?tn=incore_pay_hp_01_hao123_jp" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPD0962487-0FB2-4195-ACDD-F712541E7A00&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {08695E7C-3FF8-408F-89E5-CDCE161D6692} URL = http://www.google.co.jp/search?hl=en&q={searchTerms}&rlz=1I7SUNC_en
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=8C40001D7234E42E&affID=119776&tsp=5037
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
SearchScopes: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/10&hid=14155235683423780605&lg=EN&cc=JP
BHO: SaveLots -> {0ccca2c4-51c6-40ed-9804-fb1b7a9f3045} -> D:\Documents and Settings\All Users\Application Data\SaveLots\5V5rnkxXKdzX77.dll ()
BHO: Fun2Save -> {31265a66-a6fe-44e3-884b-532afd98576e} -> D:\Documents and Settings\All Users\Application Data\Fun2Save\L0oEAFfkMUuElA.dll ()
BHO: CCoupExtension -> {ce277863-9132-4575-8c47-a0d56dce18b4} -> D:\Documents and Settings\All Users\Application Data\CCoupExtension\1TOb3DGn8L0ySN.dll ()
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1645522239-1844237615-1177238915-1003 -> BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - D:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 04 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> D:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi -> D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> D:\Program Files\JAVA\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> D:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> D:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 -> D:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @lightspark.github.com/Lightspark;version=1 -> D:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @tools.google.com/Google Update;version=3 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1645522239-1844237615-1177238915-1003: @tools.google.com/Google Update;version=9 -> D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-11]
FF HKLM\...\Firefox\Extensions: [{F31D66AC-796A-479E-9673-E793E63A5DAF}] - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF}
FF Extension: XULRunner - D:\Documents and Settings\Owner\Local Settings\Application Data\{F31D66AC-796A-479E-9673-E793E63A5DAF} [2010-08-05]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (YouTube) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-23]
CHR Extension: (Google Search) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-23]
CHR Extension: (DealPly French) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi [2013-10-16]
CHR Extension: (Live HTTP Headers) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2014-12-24]
CHR Extension: (Bcool) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcmkpifpihhlkkbjfehamkiigljaome [2012-05-21]
CHR Extension: (Google Wallet) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-23]
CHR Extension: (Naruto Ultimate Battle 2) - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pkcpghjpdhmmddoiipeafngfpkbpnokd [2014-12-18]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [jkcmkpifpihhlkkbjfehamkiigljaome] - D:\Documents and Settings\All Users\Application Data\Bcool\jkcmkpifpihhlkkbjfehamkiigljaome.crx [2012-05-21]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - D:\Program Files\1ClickDownload\1click12.crx [Not Found]
CHR StartMenuInternet: Google Chrome - D:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 4d22c860; d:\Program Files\DeltaFix\DeltaFix.dll [4105216 2014-12-10] () [File not signed] <==== ATTENTION
S2 dealplylive; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
S3 dealplylivem; D:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-10-16] (DealPly Technologies Ltd)
R2 GManager; D:\WINDOWS\system32\GManager.exe [226904 2012-08-28] ()
R2 JavaQuickStarterService; D:\Program Files\JAVA\jre7\bin\jqs.exe [170912 2013-02-08] (Oracle Corporation)
S3 McComponentHostService; D:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MCTDesktopSvr; D:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 U2VSvr; D:\WINDOWS\system32\U2VSvr.exe [199296 2012-02-03] ()
R2 U2VT2Svr; D:\WINDOWS\system32\U2VT2Svr.exe [199296 2011-06-27] ()
R2 UPHClean; D:\Program Files\UPHClean\uphclean.exe [241725 2005-04-28] (Microsoft Corporation) [File not signed]
S2 !SASCORE; "D:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X]
S2 AVGIDSAgent; "D:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 NETw4x32; D:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2530176 2008-03-13] (Intel Corporation)
S3 nm; D:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R3 Rasirda; D:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 Tcpip; D:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2009-04-21] (Microsoft Corporation) [File not signed]
R1 tStLibG; D:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-04-05] (StdLib)
S4 IntelIde; No ImagePath
S0 miqdlhhz; No ImagePath
S1 SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
U5 Tcpip6; D:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 22:53 - 2014-12-30 22:53 - 00000000 ____D () D:\FRST
2014-12-30 22:42 - 2014-12-30 22:42 - 00000000 _____ () D:\WINDOWS\WindowsUpdate.log
2014-12-24 18:24 - 2014-12-24 18:24 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\TheAdBlock
2014-12-24 10:25 - 2014-12-24 10:25 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\CCoupExtension
2014-12-18 13:26 - 2014-12-18 13:26 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\SaveLots
2014-12-18 13:24 - 2014-12-18 13:24 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Fun2Save
2014-12-17 12:25 - 2014-12-24 10:27 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\cf639b283dc8b814
2014-12-17 12:25 - 2014-12-17 12:25 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\Happy2Save
2014-12-10 22:22 - 2014-12-10 22:22 - 00000000 ____D () D:\Program Files\BuuyNsave
2014-12-10 22:21 - 2014-12-10 22:21 - 00000000 ____D () D:\Program Files\BuyNssavEE
2014-12-10 22:21 - 2014-12-10 22:21 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\igdjfopccclkjbickdbkfokhgjbikimd
2014-12-10 22:21 - 2014-12-10 22:21 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\ggelanhldkahefgdcibpcgeinibohcmk
2014-12-10 22:18 - 2014-12-22 14:21 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\SkypEmoticons
2014-12-10 22:17 - 2014-12-10 22:23 - 00000000 ____D () D:\Program Files\DeltaFix
2014-12-10 22:16 - 2014-12-10 22:16 - 00000000 ____D () D:\Program Files\YouatubeAdBlocke
2014-12-10 22:16 - 2014-12-10 22:16 - 00000000 ____D () D:\Program Files\BuuyNsavve
2014-12-10 22:16 - 2014-12-10 22:16 - 00000000 ____D () D:\Program Files\Best Flash Play
2014-12-10 22:15 - 2014-12-10 22:15 - 00000000 ____D () D:\Program Files\BuYNSaVe
2014-12-10 22:15 - 2014-12-10 22:15 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\koaidhkeeblapcmplplfkaeeomolgpdb
2014-12-10 22:15 - 2014-12-10 22:15 - 00000000 ____D () D:\Documents and Settings\All Users\Application Data\14943958585682999316
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 22:54 - 2010-08-26 05:22 - 00000000 ____D () D:\Documents and Settings\Owner\Local Settings\temp
2014-12-30 22:54 - 2010-02-13 07:16 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\BitTorrent
2014-12-30 22:40 - 2010-02-13 09:32 - 00000886 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 22:37 - 2013-10-16 22:38 - 00000830 _____ () D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-30 22:37 - 2010-02-13 09:53 - 00000978 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003UA.job
2014-12-30 22:31 - 2010-02-11 20:01 - 00000422 ____H () D:\WINDOWS\Tasks\User_Feed_Synchronization-{0C645668-D06E-4D40-A724-910F14F0648C}.job
2014-12-30 22:25 - 2013-10-16 22:20 - 00000892 _____ () D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-12-30 22:25 - 2013-10-16 22:20 - 00000888 _____ () D:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-12-30 22:25 - 2010-02-11 19:05 - 00228352 _____ () D:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-30 22:24 - 2010-02-11 18:53 - 00000000 ____D () D:\Documents and Settings\Owner
2014-12-30 22:19 - 2013-10-16 22:19 - 00000412 _____ () D:\WINDOWS\Tasks\At1.job
2014-12-30 22:19 - 2013-10-16 22:19 - 00000290 _____ () D:\WINDOWS\Tasks\DealPlyUpdate.job
2014-12-30 22:19 - 2013-10-16 22:19 - 00000000 ____D () D:\Program Files\DealPly
2014-12-30 20:54 - 2013-11-22 13:21 - 00000471 ____N () D:\WINDOWS\wiadebug.log
2014-12-30 19:40 - 2010-02-13 09:32 - 00000882 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-30 16:37 - 2010-02-11 18:53 - 00032440 ____N () D:\WINDOWS\SchedLgU.Txt
2014-12-30 14:37 - 2010-02-13 09:53 - 00000926 _____ () D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1844237615-1177238915-1003Core.job
2014-12-30 10:07 - 2011-05-23 23:04 - 00000284 _____ () D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-12-30 01:25 - 2013-10-16 22:05 - 00000266 _____ () D:\WINDOWS\Tasks\EPUpdater.job
2014-12-29 07:13 - 2010-02-11 19:52 - 00000664 _____ () D:\WINDOWS\system32\d3d9caps.dat
2014-12-29 03:25 - 2013-12-21 18:07 - 00002797 _____ () D:\WINDOWS\system32\GManager.ini
2014-12-29 03:25 - 2013-11-22 13:21 - 00000050 ____N () D:\WINDOWS\wiaservc.log
2014-12-29 03:25 - 2010-02-11 18:53 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-12-29 03:25 - 2008-04-14 21:00 - 00002206 _____ () D:\WINDOWS\system32\wpa.dbl
2014-12-27 01:46 - 2014-05-20 23:19 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\vlc
2014-12-26 00:19 - 2011-05-20 22:33 - 00001010 _____ () D:\Documents and Settings\Owner\Start Menu\Programs\magicJack.lnk
2014-12-26 00:19 - 2011-05-20 22:33 - 00001004 _____ () D:\Documents and Settings\Owner\Desktop\magicJack.lnk
2014-12-26 00:19 - 2011-05-20 22:32 - 00000000 ____D () D:\Documents and Settings\Owner\Application Data\mjusbsp
2014-12-10 23:37 - 2013-02-24 22:57 - 00701104 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-10 23:37 - 2013-02-24 22:57 - 00071344 _____ (Adobe Systems Incorporated) D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-10 14:39 - 2010-02-13 09:54 - 00002284 _____ () D:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
 
Files to move or delete:
====================
D:\Documents and Settings\Custom Settings\Apply Theme.vbs
D:\Documents and Settings\Custom Settings\Auto Config.bat
D:\Documents and Settings\Custom Settings\IE Favorite Links.bat
D:\Documents and Settings\Custom Settings\IExpress Shortcut Creator.vbs
D:\Documents and Settings\Custom Settings\System Settings.bat
D:\Documents and Settings\Custom Settings\System Settings.reg
D:\Documents and Settings\Custom Settings\TaskBarCmd v1.1.exe
D:\Documents and Settings\Custom Settings\User Settings.bat
D:\Documents and Settings\Custom Settings\User Settings.reg
D:\Documents and Settings\Custom Settings\WMP Shortcut Creator.vbs
D:\Windows\Tasks\At1.job
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


m

#2 sheldonofosaka

sheldonofosaka
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 31 December 2014 - 03:20 AM

sorry this posted 4 times....don't know why....my computer is possessed....smh. 



#3 Platypus

Platypus

  • Moderator
  • 12,822 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:39 PM

Posted 31 December 2014 - 03:26 AM

Your post was moved to here:

 

http://www.bleepingcomputer.com/forums/t/561483/pop-ups-hijacking-malware-help-please;/

 

I'll close this topic and delete the duplicates. Please wait patiently for advice in the original topic, holiday times might take a while for a suitable helper to become available.


Top 5 things that never get done:

1.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users