Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

platformdll browser hijacking


  • This topic is locked This topic is locked
2 replies to this topic

#1 MLD_1138

MLD_1138

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 30 January 2015 - 02:27 PM

Hello. I seem to be infected with some pretty annoying malware. It continues to interrupt mine and my family's browsing, taking the browser to a site called platformdll.com and wanting to update adobe. I have also just recently been fighting off a lot of browser ads from allsaver.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by matt (administrator) on MARABELLE on 30-01-2015 10:21:42
Running from C:\Documents and Settings\matt\My Documents\Downloads
Loaded Profiles: matt & UpdatusUser (Available profiles: matt & UpdatusUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Samsung) C:\Program Files\SAMSUNG\PC Auto Backup\WiselinkPro.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
() C:\Program Files\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
() C:\Documents and Settings\All Users\Application Data\{f8498419-dba7-3eb5-f849-98419dba1067}\BiRMN.DVDSCR.HDC0OL.rar.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(SmartPC Tools) C:\Program Files\SmartPCTools\Registry Repair Wizard\RCleaner.exe
(SmartPCTools) C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM\...\Run: [nmapp] => C:\Program Files\Pure Networks\Network Magic\nmapp.exe [472112 2012-02-25] (Cisco Systems, Inc.)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296 2011-04-24] (Kaspersky Lab ZAO)
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-515967899-1757981266-839522115-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe [813448 2013-05-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-515967899-1757981266-839522115-1003\...\MountPoints2: J - J:\MotoCastSetup.exe -a
HKU\S-1-5-21-515967899-1757981266-839522115-1003\...\MountPoints2: {20fa6586-adb7-11e2-be1b-0006252708c8} - K:\iLinker.exe
HKU\S-1-5-21-515967899-1757981266-839522115-1003\...\MountPoints2: {cfc3f917-5f28-11e2-add6-0006252708c8} - J:\MotoCastSetup.exe -a
HKU\S-1-5-18\...\RunOnce: [adaware] => reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
HKU\S-1-5-18\...\RunOnce: [adaware_XP] => reg.exe delete "HKCU\Software\adaware" /f
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
Startup: C:\Documents and Settings\matt\Start Menu\Programs\Startup\BiRMN.DVDSCR.HDC0OL.rar.lnk
ShortcutTarget: BiRMN.DVDSCR.HDC0OL.rar.lnk -> C:\Documents and Settings\All Users\Application Data\{f8498419-dba7-3eb5-f849-98419dba1067}\BiRMN.DVDSCR.HDC0OL.rar.exe ()
BootExecute: autocheck autochk * lsdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
HKU\S-1-5-21-515967899-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
HKU\S-1-5-21-515967899-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515967899-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
URLSearchHook: [S-1-5-21-515967899-1757981266-839522115-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-515967899-1757981266-839522115-1003 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-515967899-1757981266-839522115-1003 -> {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-515967899-1757981266-839522115-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
BHO: Unisales -> {0fb1bc9e-2cd6-41e2-9d14-b084ab295b6b} -> C:\Program Files\Unisales\d9UGR0WyukYPRe.dll ()
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: youtubeadblocker -> {1fbae602-15d4-4fbd-94e2-c0a11b8e1399} -> C:\Program Files\youtubeadblocker\FXUXtjOmkwqOBm.dll ()
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\adawaretb\adawareDx.dll ()
BHO: 50iCCOupaonns -> {89f8bb58-6934-49af-a5e9-d19ff1947885} -> C:\Program Files\50iCCOupaonns\X55FQ6IjPQP64S.dll ()
BHO: RReugulAArDEaallS -> {a8d4a995-3488-4487-8055-77722eb7dd3a} -> C:\Program Files\RReugulAArDEaallS\j272baUBa7Zkzd.dll ()
BHO: JoniCouppoen -> {c53ae49d-165f-47cb-8f7d-08e10e57dc93} -> C:\Program Files\JoniCouppoen\cnRwZiuj6D5lrV.dll ()
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
Toolbar: HKLM - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74&l=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\searchplugins\bing-zugo.xml
FF Extension: youtubeadblocker - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\9A@P.net [2015-01-22]
FF Extension: EnJooyCouppon - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\h@xh4h.net [2015-01-30]
FF Extension: ALLliSaveir - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\U3c@U.org [2015-01-29]
FF Extension: UnIsalEss - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\wZ@W.edu [2015-01-22]
FF Extension: Flashblock - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: WOT - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-06-28]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-06-28]
FF Extension: NoScript - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-28]
FF Extension: Adblock Plus - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-29]
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-02-25]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-02-25]
FF HKLM\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-02-25]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-01-21]
CHR Extension: (NinjaKit) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpbepnljaakggeobkclonlkhbdgccfek [2015-01-29]
CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-01-21]
CHR Extension: (Ultimate Football Results) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj [2015-01-29]
CHR Extension: (TrashMail net for Google Chrome) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpkbealomjndjpckajbnpakcoeelbpcf [2015-01-22]
CHR Extension: (Anti-Banner) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-01-21]
CHR Extension: (NewSaVerr) - C:\Documents and Settings\All Users\Application Data\aijccelkdckafcdlfmondikhniahaiic\ [2013-01-21]
CHR Extension: (UnIsalEss) - C:\Documents and Settings\All Users\Application Data\mkbepabaicpjeidlnnelblolojmbkgpn\ [2013-01-21]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-08-05]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-08-05]
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\Object\chromeaddon.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-08-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296 2011-04-24] (Kaspersky Lab ZAO)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 dd693f9b; c:\Program Files\TampaGeneration\TampaGeneration.dll [3329536 2015-01-22] () [File not signed]
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [176848 2011-04-08] (iWin Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
S2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152720 2012-05-25] (Lavasoft Limited)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-24] (NVIDIA Corporation)
R2 WiselinkPro; C:\Program Files\SAMSUNG\PC Auto Backup\WiselinkPro.exe [7262263 2012-01-18] (Samsung) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FlyUsb; C:\WINDOWS\System32\DRIVERS\FlyUsb.sys [18560 2011-11-12] (LeapFrog)
R3 HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [936448 2005-12-06] (Conexant Systems, Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [133208 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\WINDOWS\System32\DRIVERS\kl2.sys [11352 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [565552 2011-04-20] (Kaspersky Lab)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [34608 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [19472 2009-11-02] (Kaspersky Lab)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64512 2011-12-23] (Lavasoft AB)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2012-02-25] (VSO Software) [File not signed]
R2 pnarp; C:\WINDOWS\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.)
R2 purendis; C:\WINDOWS\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.)
R3 USBNET_XP; C:\WINDOWS\System32\DRIVERS\netusbxp.sys [72576 2002-02-19] (The LinkSys Group, Inc.)
R3 winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [670208 2005-12-06] (Conexant Systems, Inc.)
S3 WMP11V27; C:\WINDOWS\System32\DRIVERS\WMP11V27.sys [171776 2002-07-30] (The Linksys Group, Inc) [File not signed]
S4 IntelIde; No ImagePath
S3 PCANDIS5; \??\H:\AutoRun\PCANDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 10:21 - 2015-01-30 10:21 - 00000000 ____D () C:\FRST
2015-01-29 17:51 - 2015-01-29 17:51 - 00000000 ____D () C:\Program Files\Ultimate Football Results
2015-01-29 17:51 - 2015-01-29 17:51 - 00000000 ____D () C:\Program Files\RReugulAArDEaallS
2015-01-29 17:51 - 2015-01-29 17:51 - 00000000 ____D () C:\Program Files\EnJooyCouppon
2015-01-29 09:31 - 2015-01-29 09:31 - 00000000 ____D () C:\Program Files\NinjaKit
2015-01-29 09:31 - 2015-01-29 09:31 - 00000000 ____D () C:\Program Files\NewSaVerr
2015-01-29 09:30 - 2015-01-29 09:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\aijccelkdckafcdlfmondikhniahaiic
2015-01-29 09:10 - 2015-01-29 09:10 - 00000000 ____D () C:\Program Files\50iCCOupaonns
2015-01-29 00:50 - 2015-01-29 00:50 - 00000000 ____D () C:\Program Files\ALLliSaveir
2015-01-26 09:42 - 2015-01-26 09:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-22 19:47 - 2015-01-07 11:08 - 629334647 _____ () C:\Documents and Settings\matt\Desktop\birdman.2014.dvdscr.mkv
2015-01-22 10:51 - 2015-01-22 10:51 - 00000000 ____D () C:\Program Files\TampaGeneration
2015-01-22 10:50 - 2015-01-22 10:50 - 00000000 ____D () C:\Program Files\youtubeadblocker
2015-01-22 10:50 - 2015-01-22 10:50 - 00000000 ____D () C:\Program Files\TrashMail net for Google Chrome
2015-01-22 10:49 - 2015-01-29 17:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\9715625810124000914
2015-01-22 10:49 - 2015-01-22 10:49 - 00000000 ____D () C:\Program Files\UnIsalEss
2015-01-22 10:49 - 2015-01-22 10:49 - 00000000 ____D () C:\Program Files\Unisales
2015-01-22 10:48 - 2015-01-22 10:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\mkbepabaicpjeidlnnelblolojmbkgpn
2015-01-22 10:47 - 2015-01-30 09:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{f8498419-dba7-3eb5-f849-98419dba1067}
2015-01-20 19:54 - 2015-01-07 21:11 - 628936342 _____ () C:\Documents and Settings\matt\Desktop\AmercanSnper14.DDSCR.x264-HD3D (1).mkv
2015-01-10 08:54 - 2015-01-08 22:44 - 627337669 _____ () C:\Documents and Settings\matt\Desktop\Inherent.Vice.2014.DVDSCR.mkv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 10:22 - 2011-07-09 21:46 - 00000000 ____D () C:\Documents and Settings\matt\Local Settings\Temp
2015-01-30 10:03 - 2012-04-24 09:44 - 00000454 _____ () C:\WINDOWS\Tasks\PrintProjects Communicator.job
2015-01-30 10:01 - 2012-02-25 13:10 - 00000232 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2015-01-30 09:58 - 2011-07-11 12:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-01-30 09:57 - 2011-07-12 15:14 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 09:45 - 2011-07-09 21:41 - 01124559 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-30 09:42 - 2012-01-30 20:20 - 00000064 _____ () C:\WINDOWS\system32\rp_stats.dat
2015-01-30 09:42 - 2012-01-30 20:20 - 00000044 _____ () C:\WINDOWS\system32\rp_rules.dat
2015-01-30 09:40 - 2012-04-11 04:15 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-01-30 09:40 - 2011-07-11 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-01-30 09:39 - 2014-03-24 08:31 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-30 09:39 - 2013-09-03 07:34 - 00000532 _____ () C:\WINDOWS\Tasks\Amazon Music Helper.job
2015-01-30 09:39 - 2011-07-12 15:14 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 09:39 - 2004-08-04 04:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-30 09:38 - 2012-05-03 06:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-30 09:38 - 2012-04-24 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2015-01-30 09:38 - 2012-01-29 04:17 - 00039504 _____ () C:\aaw7boot.log
2015-01-30 09:38 - 2011-07-09 21:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-30 09:38 - 2011-07-09 14:19 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-30 09:38 - 2011-07-09 14:19 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-29 23:01 - 2011-07-09 21:45 - 00032610 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-26 22:53 - 2012-02-25 12:28 - 00001057 _____ () C:\Documents and Settings\matt\Application Data\vso_ts_preview.xml
2015-01-26 22:53 - 2012-02-25 12:27 - 00000000 ____D () C:\Documents and Settings\matt\Application Data\Vso
2015-01-26 09:48 - 2012-02-28 21:03 - 00000000 ____D () C:\Documents and Settings\matt\My Documents\ConvertXToDVD
2015-01-20 19:52 - 2011-07-09 14:16 - 00878857 _____ () C:\WINDOWS\setupapi.log
2015-01-15 03:05 - 2013-07-13 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 03:00 - 2011-07-11 11:29 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-10 08:54 - 2012-02-25 14:48 - 00000000 ____D () C:\Documents and Settings\matt\Local Settings\Application Data\Nero
2015-01-09 17:14 - 2014-03-24 08:31 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-07 09:42 - 2011-07-09 21:46 - 00000178 ___SH () C:\Documents and Settings\matt\ntuser.ini

==================== Files in the root of some directories =======

2012-02-25 12:27 - 2012-02-25 12:27 - 0087608 _____ () C:\Documents and Settings\matt\Application Data\inst.exe
2012-02-25 12:27 - 2012-02-25 12:27 - 0007887 _____ () C:\Documents and Settings\matt\Application Data\pcouffin.cat
2012-02-25 12:27 - 2012-02-25 12:27 - 0001144 _____ () C:\Documents and Settings\matt\Application Data\pcouffin.inf
2012-02-25 12:27 - 2012-02-25 12:27 - 0000034 _____ () C:\Documents and Settings\matt\Application Data\pcouffin.log
2012-02-25 12:27 - 2012-02-25 12:27 - 0047360 _____ (VSO Software) C:\Documents and Settings\matt\Application Data\pcouffin.sys
2012-02-25 12:28 - 2015-01-26 22:53 - 0001057 _____ () C:\Documents and Settings\matt\Application Data\vso_ts_preview.xml
2011-07-11 15:19 - 2012-05-14 05:54 - 0026624 _____ () C:\Documents and Settings\matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-24 09:30 - 2013-08-04 21:57 - 0068172 _____ () C:\Documents and Settings\matt\Local Settings\Application Data\installer.log
2012-04-24 09:30 - 2012-04-24 09:30 - 0000230 _____ () C:\Documents and Settings\matt\Local Settings\Application Data\LaunchHomeCenter.log
2012-02-25 13:32 - 2012-02-25 13:32 - 0017408 _____ () C:\Documents and Settings\matt\Local Settings\Application Data\WebpageIcons.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
 
 
And the Addition log.
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by matt at 2015-01-30 10:23:03
Running from C:\Documents and Settings\matt\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Watch Live! Anti-Virus (Disabled - Up to date) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Kaspersky Internet Security (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

50iCCOupaonns (HKLM\...\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}) (Version:  - "") <==== ATTENTION
Ad-Aware (HKLM\...\{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}) (Version: 9.0.7 - Lavasoft Limited)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 0.9.1.20 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
ALLliSaveir (HKLM\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version:  - "") <==== ATTENTION
Amazon Music (HKU\S-1-5-21-515967899-1757981266-839522115-1003\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (Version: 3.0.0 - Amazon Services LLC) Hidden
Angry Birds Seasons (HKLM\...\{F3FDA09C-57AA-40CC-A555-FED7EF421E7E}) (Version: 2.4.1 - Rovio)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.9.0 - Ask.com) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon PowerShot A3300 IS and A3200 IS and A2200 Camera User Guide (HKLM\...\CameraUserGuide-PSA3300ISandPSA3200ISandPSA2200) (Version: 1.0.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Cisco Network Magic (Version: 5.5.09195.0 - Pure Networks) Hidden
ConvertXtoDVD 4.0.12.327 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version:  - )
Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version: 10.0 - Driver-Soft Inc.)
EnJooyCouppon (HKLM\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version:  - "") <==== ATTENTION
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
iWin Games (remove only) (HKLM\...\iWinArcade) (Version:  - )
Jewel Quest: The Sapphire Dragon (remove only) (HKLM\...\Jewel Quest: The Sapphire Dragon) (Version:  - )
JoniCouppoen (HKLM\...\{51417852-174C-88D4-34A0-D0FE7858BE47}) (Version:  - "") <==== ATTENTION
Kaspersky Internet Security 2012 (HKLM\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (Version: 12.0.0.374 - Kaspersky Lab) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 3.2.19.13664 - LeapFrog)
LeapFrog Connect (Version: 3.2.19.13664 - LeapFrog) Hidden
LeapFrog Tag Plugin (Version: 3.2.19.13664 - LeapFrog) Hidden
MagnumTurbo (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{dd693f9b}) (Version:  - MykonosChord) <==== ATTENTION
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{CD232781-26CA-4E18-BC70-4343A2F0D583}) (Version: 8.01.249.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11300.14.100 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.11200.16.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.11400.18.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.12300.23.100 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.11400.15.100 - Nero AG)
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.14800.28.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.12600.30.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network Magic (HKLM\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
NewSaVerr (HKLM\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version:  - "") <==== ATTENTION
NinjaKit (HKLM\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version:  - "") <==== ATTENTION
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PC Auto Backup (HKLM\...\InstallShield_{662548BC-3506-4843-B7AA-F44D352F76A8}) (Version: 1.1.1.10 - Samsung Electronics Co,. Ltd.)
PC Auto Backup (Version: 1.1.1.10 - Samsung Electronics Co,. Ltd.) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.6972 - RocketLife Inc.)
Pure Networks Platform (Version: 11.2.09195.1 - Pure Networks) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6392 - Realtek Semiconductor Corp.)
Registry Repair Wizard (HKLM\...\Registry Repair Wizard_is1) (Version:  - SmartPCTools)
RReugulAArDEaallS (HKLM\...\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}) (Version:  - "") <==== ATTENTION
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version:  - )
TrashMail net for Google Chrome (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Ultimate Football Results (HKLM\...\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}) (Version:  - "") <==== ATTENTION
Unisales (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - ) <==== ATTENTION
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM\...\TagPlugin) (Version: 3.2.19.13664 - LeapFrog)
VLC media player 1.1.6 (HKLM\...\VLC media player) (Version: 1.1.6 - VideoLAN)
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.00 (HKLM\...\WinRAR 4.00) (Version:  - )
Wireless PCI Card Configuration Utility (HKLM\...\{5C6956F3-B586-4674-BCD0-CCF7EC1DF766}) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
youtubeadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-515967899-1757981266-839522115-1003_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Documents and Settings\matt\My Documents\Downloads\BiRMN.DVDSCR.HDC0OL.rar.exe No File

==================== Restore Points  =========================

01-11-2014 13:17:09 System Checkpoint
02-11-2014 13:25:36 System Checkpoint
03-11-2014 14:25:36 System Checkpoint
04-11-2014 15:25:41 System Checkpoint
05-11-2014 16:25:39 System Checkpoint
06-11-2014 16:42:03 System Checkpoint
07-11-2014 16:43:38 System Checkpoint
08-11-2014 17:22:13 System Checkpoint
09-11-2014 18:22:13 System Checkpoint
11-11-2014 10:36:49 System Checkpoint
12-11-2014 10:58:49 System Checkpoint
13-11-2014 03:00:20 Software Distribution Service 3.0
14-11-2014 03:58:48 System Checkpoint
15-11-2014 04:58:54 System Checkpoint
16-11-2014 05:12:24 System Checkpoint
17-11-2014 05:45:48 System Checkpoint
18-11-2014 05:56:52 System Checkpoint
19-11-2014 19:34:28 System Checkpoint
21-11-2014 23:45:15 System Checkpoint
23-11-2014 18:34:54 System Checkpoint
30-11-2014 09:15:28 System Checkpoint
01-12-2014 09:49:52 System Checkpoint
02-12-2014 09:51:15 System Checkpoint
03-12-2014 11:32:45 System Checkpoint
04-12-2014 11:39:14 System Checkpoint
05-12-2014 12:15:44 System Checkpoint
06-12-2014 12:17:01 System Checkpoint
07-12-2014 12:50:17 System Checkpoint
08-12-2014 13:20:19 System Checkpoint
09-12-2014 13:28:48 System Checkpoint
10-12-2014 14:20:20 System Checkpoint
11-12-2014 03:00:16 Software Distribution Service 3.0
12-12-2014 03:08:19 System Checkpoint
13-12-2014 03:20:23 System Checkpoint
14-12-2014 04:08:20 System Checkpoint
15-12-2014 05:19:19 System Checkpoint
16-12-2014 06:17:44 System Checkpoint
17-12-2014 07:19:20 System Checkpoint
18-12-2014 08:11:49 System Checkpoint
19-12-2014 09:02:27 System Checkpoint
20-12-2014 09:47:17 System Checkpoint
21-12-2014 10:56:23 System Checkpoint
22-12-2014 11:46:18 System Checkpoint
23-12-2014 11:58:16 System Checkpoint
24-12-2014 12:46:18 System Checkpoint
25-12-2014 14:07:21 System Checkpoint
26-12-2014 14:45:47 System Checkpoint
27-12-2014 15:57:47 System Checkpoint
28-12-2014 16:45:47 System Checkpoint
29-12-2014 17:02:37 System Checkpoint
30-12-2014 17:45:47 System Checkpoint
31-12-2014 18:54:22 System Checkpoint
01-01-2015 19:09:59 System Checkpoint
02-01-2015 20:10:06 System Checkpoint
03-01-2015 21:08:31 System Checkpoint
04-01-2015 21:09:29 System Checkpoint
05-01-2015 22:07:29 System Checkpoint
06-01-2015 23:07:29 System Checkpoint
07-01-2015 23:12:14 System Checkpoint
08-01-2015 23:59:05 System Checkpoint
10-01-2015 00:47:05 System Checkpoint
11-01-2015 00:59:08 System Checkpoint
12-01-2015 01:59:06 System Checkpoint
13-01-2015 02:47:07 System Checkpoint
14-01-2015 03:58:06 System Checkpoint
15-01-2015 03:00:17 Software Distribution Service 3.0
16-01-2015 03:58:07 System Checkpoint
17-01-2015 04:58:06 System Checkpoint
18-01-2015 05:44:47 System Checkpoint
19-01-2015 06:44:47 System Checkpoint
20-01-2015 07:05:30 System Checkpoint
21-01-2015 07:55:33 System Checkpoint
22-01-2015 08:54:25 System Checkpoint
23-01-2015 10:21:12 System Checkpoint
24-01-2015 10:42:27 System Checkpoint
25-01-2015 11:41:21 System Checkpoint
26-01-2015 11:53:22 System Checkpoint
27-01-2015 12:53:22 System Checkpoint
28-01-2015 13:53:22 System Checkpoint
29-01-2015 14:41:21 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2004-08-04 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Amazon Music Helper.job => C:\Documents and Settings\matt\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => c:\Program Files\Microsoft IntelliPoint\ipoint.exe
Task: C:\WINDOWS\Tasks\PrintProjects Communicator.job => C:\Documents and Settings\All Users\Application Data\PrintProjects\MessageCheck.exe
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-22 10:51 - 2015-01-22 10:51 - 03329536 _____ () c:\Program Files\TampaGeneration\TampaGeneration.dll
2010-04-30 13:02 - 2010-04-30 13:02 - 00057344 _____ () C:\Program Files\SAMSUNG\PC Auto Backup\lang.dll
2010-09-03 12:11 - 2010-09-03 12:11 - 00520295 _____ () C:\Program Files\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe
2011-07-11 13:16 - 2011-05-04 23:02 - 00355432 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2014-01-22 11:45 - 2014-01-22 11:45 - 01381888 _____ () C:\Documents and Settings\All Users\Application Data\{f8498419-dba7-3eb5-f849-98419dba1067}\BiRMN.DVDSCR.HDC0OL.rar.exe
2015-01-26 09:42 - 2015-01-26 09:43 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-05-28 18:38 - 2013-05-30 18:30 - 16033160 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Auto Backup.lnk => C:\WINDOWS\pss\PC Auto Backup.lnkCommon Startup
MSCONFIG\startupreg: Ad-Aware Browsing Protection => "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Documents and Settings\matt\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Documents and Settings\matt\Local Settings\Application Data\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Registry Repair Wizard Scheduler => "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup

========================= Accounts: ==========================

Administrator (S-1-5-21-515967899-1757981266-839522115-500 - Administrator - Enabled)
Guest (S-1-5-21-515967899-1757981266-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-515967899-1757981266-839522115-1000 - Limited - Disabled)
matt (S-1-5-21-515967899-1757981266-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\matt
SUPPORT_388945a0 (S-1-5-21-515967899-1757981266-839522115-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-515967899-1757981266-839522115-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2015 09:42:39 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/30/2015 09:42:36 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/28/2015 04:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nmsrvc.exe, version 11.2.9170.0, faulting module nmcore.dll, version 11.2.9195.1, fault address 0x001de1c6.
Processing media-specific event for [nmsrvc.exe!ws!]

Error: (01/26/2015 08:18:56 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/23/2015 08:35:53 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/22/2015 10:49:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.0.5486, faulting module mozalloc.dll, version 35.0.0.5486, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/09/2015 08:19:13 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/02/2015 08:30:10 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/02/2015 08:20:03 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (12/31/2014 08:53:18 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (01/28/2015 04:31:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pure Networks Platform Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/25/2015 10:09:26 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.106 for the Network Card with network address 0006252708C8 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/06/2015 08:53:04 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.106 on the
Network Card with network address 0006252708C8.

Error: (01/05/2015 09:20:09 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverPARTYDOLLNetBT_Tcpip_{A2E5DD87-B777-40CF

Error: (01/05/2015 07:44:06 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverPARTYDOLLNetBT_Tcpip_{A2E5DD87-B777-40CF

Error: (01/05/2015 06:32:07 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverPARTYDOLLNetBT_Tcpip_{A2E5DD87-B777-40CF

Error: (01/05/2015 03:59:04 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverPARTYDOLLNetBT_Tcpip_{A2E5DD87-B777-40CF

Error: (01/05/2015 02:59:00 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverPARTYDOLLNetBT_Tcpip_{A2E5DD87-B777-40CF

Error: (01/05/2015 01:50:30 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverPARTYDOLLNetBT_Tcpip_{A2E5DD87-B777-40CF

Error: (01/05/2015 00:38:29 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverPARTYDOLLNetBT_Tcpip_{A2E5DD87-B777-40CF


Microsoft Office Sessions:
=========================
Error: (01/30/2015 09:42:39 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/30/2015 09:42:36 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/28/2015 04:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nmsrvc.exe11.2.9170.0nmcore.dll11.2.9195.1001de1c6

Error: (01/26/2015 08:18:56 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/23/2015 08:35:53 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/22/2015 10:49:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.5486mozalloc.dll35.0.0.548600001425

Error: (01/09/2015 08:19:13 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/02/2015 08:30:10 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (01/02/2015 08:20:03 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Assertion failed: (m_state == _SDKState::NotInitialized || m_state == _SDKState::InitializingEngine || m_state == _SDKState::Finished || m_state == _SDKState::NoDefsAvailable || m_state == _SDKState::Idle) in .\SDKController.cpp:1058

Error: (12/31/2014 08:53:18 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 83%
Total physical RAM: 958.48 MB
Available physical RAM: 162.48 MB
Total Pagefile: 2309.23 MB
Available Pagefile: 1340.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:191.9 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
 
 
 
I also downloaded the aswMBR and did a scan. Here is that log.
 
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-01-30 10:38:28
-----------------------------
10:38:28.177    OS Version: Windows 5.1.2600 Service Pack 3
10:38:28.177    Number of processors: 2 586 0x4B02
10:38:28.177    ComputerName: MARABELLE  UserName: matt
10:38:29.661    Initialize success
10:38:30.099    VM: initialized successfully
10:38:30.099    VM: Amd CPU virtualization not supported
10:52:26.271    AVAST engine defs: 15013000
10:52:31.067    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
10:52:31.067    Disk 0 Vendor: WDC_WD25 10.0 Size: 238475MB BusType: 3
10:52:31.802    Disk 0 MBR read successfully
10:52:31.802    Disk 0 MBR scan
10:52:37.271    Disk 0 Windows XP default MBR code
10:52:37.302    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       238464 MB offset 63
10:52:37.474    Disk 0 default boot code
10:52:41.005    Disk 0 scanning sectors +488376000
10:52:42.224    Disk 0 scanning C:\WINDOWS\system32\drivers
10:54:46.442    Service scanning
10:56:20.458    Service PCANDIS5 H:\AutoRun\PCANDIS5.SYS **LOCKED** 21
10:56:53.161    Modules scanning
10:56:53.177    Disk 0 trace - called modules:
10:56:53.208    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
10:56:53.208    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85deaab8]
10:56:53.208    3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000006f[0x85de1920]
10:56:53.208    5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x85de1a38]
10:57:44.255    AVAST engine scan C:\WINDOWS
10:59:33.630    AVAST engine scan C:\WINDOWS\system32
11:05:12.099    AVAST engine scan C:\WINDOWS\system32\drivers
11:05:37.599    AVAST engine scan C:\Documents and Settings\matt
11:08:56.755    File: C:\Documents and Settings\matt\Local Settings\Temp\09f9eC44F8\temp\putfu.xyz  **INFECTED** Win32:Dropper-gen [Drp]
11:11:28.755    AVAST engine scan C:\Documents and Settings\All Users
11:17:33.067    Disk 0 statistics 1968325/0/0 @ 1.06 MB/s
11:17:33.083    Scan finished successfully
11:18:11.286    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\matt\My Documents\Downloads\MBR.dat"
11:18:11.286    The log file has been saved successfully to "C:\Documents and Settings\matt\My Documents\Downloads\aswMBR.txt"


 
All logs are also attached.
 
 
 
I realize everyone here if very busy, but I just wanted to go ahead and thank you for reading my post and let you all know that I appreciate any help that is given.

Attached Files


Edited by nasdaq, 31 January 2015 - 09:45 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 31 January 2015 - 10:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Did you install this application?
What is it?
C:\Documents and Settings\All Users\Application Data\{f8498419-dba7-3eb5-f849-98419dba1067}\BiRMN.DVDSCR.HDC0OL.rar.exe
===

Using the Add/Remove programs remove the following Adware programs.



50iCCOupaonns (HKLM\...\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}) (Version: - "") <==== ATTENTION
ALLliSaveir (HKLM\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version: - "") <==== ATTENTION
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.6.9.0 - Ask.com) <==== ATTENTION
EnJooyCouppon (HKLM\...\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}) (Version: - "") <==== ATTENTION
JoniCouppoen (HKLM\...\{51417852-174C-88D4-34A0-D0FE7858BE47}) (Version: - "") <==== ATTENTION
MagnumTurbo (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{dd693f9b}) (Version: - MykonosChord) <==== ATTENTION
NewSaVerr (HKLM\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version: - "") <==== ATTENTION
NinjaKit (HKLM\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION
RReugulAArDEaallS (HKLM\...\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}) (Version: - "") <==== ATTENTION
TrashMail net for Google Chrome (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
Ultimate Football Results (HKLM\...\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}) (Version: - "") <==== ATTENTION
Unisales (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version: - ) <==== ATTENTION
youtubeadblocker (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
HKU\S-1-5-21-515967899-1757981266-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
URLSearchHook: [S-1-5-21-515967899-1757981266-839522115-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-515967899-1757981266-839522115-1003 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-515967899-1757981266-839522115-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74
BHO: youtubeadblocker -> {1fbae602-15d4-4fbd-94e2-c0a11b8e1399} -> C:\Program Files\youtubeadblocker\FXUXtjOmkwqOBm.dll ()
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\adawaretb\adawareDx.dll ()
BHO: 50iCCOupaonns -> {89f8bb58-6934-49af-a5e9-d19ff1947885} -> C:\Program Files\50iCCOupaonns\X55FQ6IjPQP64S.dll ()
BHO: RReugulAArDEaallS -> {a8d4a995-3488-4487-8055-77722eb7dd3a} -> C:\Program Files\RReugulAArDEaallS\j272baUBa7Zkzd.dll ()
BHO: JoniCouppoen -> {c53ae49d-165f-47cb-8f7d-08e10e57dc93} -> C:\Program Files\JoniCouppoen\cnRwZiuj6D5lrV.dll ()
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
Toolbar: HKLM - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=21833&r=2015/01/22&hid=16575418718292021888&lg=EN&cc=US&unqvl=74&l=1&q=
FF SearchPlugin: C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\searchplugins\bing-zugo.xml
FF Extension: youtubeadblocker - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\9A@P.net [2015-01-22]
FF Extension: EnJooyCouppon - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\h@xh4h.net [2015-01-30]
FF Extension: ALLliSaveir - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\U3c@U.org [2015-01-29]
FF Extension: UnIsalEss - C:\Documents and Settings\matt\Application Data\Mozilla\Firefox\Profiles\rdrmss29.default\Extensions\wZ@W.edu [2015-01-22]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Ultimate Football Results) - C:\Documents and Settings\matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj [2015-01-29]
CHR Extension: (NewSaVerr) - C:\Documents and Settings\All Users\Application Data\aijccelkdckafcdlfmondikhniahaiic\ [2013-01-21]
CHR Extension: (UnIsalEss) - C:\Documents and Settings\All Users\Application Data\mkbepabaicpjeidlnnelblolojmbkgpn\ [2013-01-21]
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\Object\chromeaddon.crx [Not Found]
R2 dd693f9b; c:\Program Files\TampaGeneration\TampaGeneration.dll [3329536 2015-01-22] () [File not signed]
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [176848 2011-04-08] (iWin Inc.)
S4 IntelIde; No ImagePath
S3 PCANDIS5; \??\H:\AutoRun\PCANDIS5.SYS [X]
U1 WS2IFSL; No ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 06 February 2015 - 09:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users