Jump to content


Photo
- - - - -

Laptop infected with Adware.GamePlayLab - Please help


  • This topic is locked This topic is locked
15 replies to this topic

#1 T22

T22

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 August 2012 - 11:19 AM

Hi

I seem to be infected with the Adware.GamePlayLab registry problem and am having difficulty removing the infection. Please help

I have attached the DDS log as asked

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by stan at 17:09:25 on 2012-08-17
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.1977.1342 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://uk.yahoo.com/?fr=mkg029
mStart Page = hxxp://uk.yahoo.com/?fr=mkg029
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Google Update] "c:\users\stan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\stan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{196CEF15-9A74-468A-AD1D-705498AE190D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}\45E4341405243324141364 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}\A5978554C49363132367A776 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-16 1343400]
.
=============== Created Last 30 ================
.
2012-08-15 21:32:11 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ce98babb-0afc-44ca-a957-d7ca9676fdcc}\mpengine.dll
2012-08-15 21:27:19 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-15 21:27:08 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-15 21:26:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-15 21:26:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-07-20 18:52:34 4024320 ----a-w- c:\program files\GUT1065.tmp
2012-07-20 18:52:34 -------- d-----w- c:\program files\GUM1064.tmp
.
==================== Find3M ====================
.
2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 17:10:23.08 ===============

#2 T22

T22

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 August 2012 - 11:20 AM

It wouldn't let me attach the second file so here it is, thanks in advance


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 15/03/2012 23:46:33
System Uptime: 17/08/2012 17:07:28 (0 hours ago)
.
Motherboard: eMachines, Inc. | | Danube
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 79 GiB total, 19.808 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 0.002 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP69: 31/07/2012 20:03:21 - Windows Backup
RP70: 31/07/2012 20:15:02 - Windows Update
RP71: 04/08/2012 12:25:09 - Windows Update
RP72: 06/08/2012 16:29:32 - Windows Backup
RP73: 10/08/2012 08:46:30 - Windows Update
RP74: 12/08/2012 19:55:25 - Windows Backup
RP75: 15/08/2012 18:52:56 - Windows Update
RP76: 15/08/2012 22:19:05 - avast! Free Antivirus Setup
RP77: 15/08/2012 22:26:44 - Windows Update
RP78: 15/08/2012 22:30:48 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
Canon MP270 series MP Drivers
DealPly
Google Chrome
Jessops Photo
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Picasa 3
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live ID Sign-in Assistant
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
15/08/2012 20:33:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
15/08/2012 19:05:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
15/08/2012 19:05:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
15/08/2012 19:04:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
15/08/2012 19:04:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
15/08/2012 18:41:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 19:45:26, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 11:37:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 11:20:56, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 10:17:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/08/2012 20:35:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/08/2012 19:13:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/08/2012 08:36:12, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

#3 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 August 2012 - 10:37 AM

Hello T22 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Malwarebytes' Anti-Malware knows GamePlayLab adware very well, so should not be a problem. What kind of problems do you have?


Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#4 michal101

michal101

    New Member

  • Members
  • Pip
  • 1 posts

Posted 21 August 2012 - 05:44 AM

It wouldn't let me attach the second file so here it is, thanks in advance


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 15/03/2012 23:46:33
System Uptime: 17/08/2012 17:07:28 (0 hours ago)
.
Motherboard: eMachines, Inc. | | Danube
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 79 GiB total, 19.808 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 0.002 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP69: 31/07/2012 20:03:21 - Windows Backup
RP70: 31/07/2012 20:15:02 - Windows Update
RP71: 04/08/2012 12:25:09 - Windows Update
RP72: 06/08/2012 16:29:32 - Windows Backup
RP73: 10/08/2012 08:46:30 - Windows Update
RP74: 12/08/2012 19:55:25 - Windows Backup
RP75: 15/08/2012 18:52:56 - Windows Update
RP76: 15/08/2012 22:19:05 - avast! Free Antivirus Setup
RP77: 15/08/2012 22:26:44 - Windows Update
RP78: 15/08/2012 22:30:48 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
Canon MP270 series MP Drivers
DealPly
Google Chrome
Jessops Photo
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Picasa 3
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live ID Sign-in Assistant
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
15/08/2012 20:33:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
15/08/2012 19:05:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
15/08/2012 19:05:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
15/08/2012 19:04:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
15/08/2012 19:04:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
15/08/2012 18:41:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 19:45:26, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 11:37:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 11:20:56, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/08/2012 10:17:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/08/2012 20:35:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/08/2012 19:13:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/08/2012 08:36:12, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================



Thanks
This is really beneficial but I have already removed my infection with Giant Savings removal tool. It is very effective and easy to use adware removal tool. Adwrae infection is very harmful for the system but it can be removed with Giant Savings removal tool.
-----------
for more information:- http://www.spywarepr...clean-up-the-pc

#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 21 August 2012 - 05:48 AM

I highly doubt this. The site from which you downloaded is quite dangerous:
http://ddanchev.blog...ecurity_31.html
http://www.mywot.com...ent=warn-viewsc
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 August 2012 - 04:56 AM

Are you still with me?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 T22

T22

    New Member

  • Members
  • Pip
  • 7 posts

Posted 25 August 2012 - 11:36 AM

Hi Maniac,

I am still here apologies for not getting back to you sooner.

Please find attached the log files

MBAM text


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
stan :: STAN-PC [administrator]

25/08/2012 17:03:10
mbam-log-2012-08-25 (17-03-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182047
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\stan\AppData\Local\Temp\Vid-Saver-ppi-Multi.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

#8 T22

T22

    New Member

  • Members
  • Pip
  • 7 posts

Posted 25 August 2012 - 11:40 AM

OTL log file


OTL logfile created on: 25/08/2012 17:34:31 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\stan\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 62.38% Memory free
3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79.43 Gb Total Space | 18.50 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: STAN-PC | User Name: stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
PRC - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/16 11:15:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2012/08/25 17:31:40 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\lwaq.sys -- (loyk)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6PQH3YuVww&i=26
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 3A C3 39 06 03 CD 01 [binary data]
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000242c01930b
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQH3YuVww&i=26
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/08/19 22:04:59 | 000,000,000 | ---D | M]

[2012/04/09 17:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/09 17:19:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/08/19 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\stan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\stan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\
CHR - Extension: AdBlock = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\
CHR - Extension: Gmail = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/09 20:36:02 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{196CEF15-9A74-468A-AD1D-705498AE190D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 17:31:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2012/08/19 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\Downloads
[2012/08/19 22:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2012/08/19 22:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader
[2012/08/19 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/08/19 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012/08/19 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/19 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/08/17 19:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/17 17:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/25 17:31:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lwaq.sys
[2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2012/08/25 17:28:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 16:57:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000UA.job
[2012/08/25 16:55:19 | 1554,669,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 08:35:25 | 000,002,447 | ---- | M] () -- C:\Users\stan\Desktop\Google Chrome.lnk
[2012/08/21 13:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000Core.job
[2012/08/19 22:07:34 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2012/08/19 22:05:17 | 000,001,939 | ---- | M] () -- C:\user.js
[2012/08/17 21:58:52 | 000,611,220 | ---- | M] () -- C:\Users\stan\Desktop\Attach.zip
[2012/08/17 18:30:05 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/17 18:21:18 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/17 18:21:18 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/15 22:32:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/15 20:34:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/15 18:46:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 17:31:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lwaq.sys
[2012/08/19 22:07:34 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2012/08/19 22:07:34 | 000,000,177 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.url
[2012/08/17 17:14:02 | 000,611,220 | ---- | C] () -- C:\Users\stan\Desktop\Attach.zip
[2012/08/15 22:32:28 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/09 15:45:32 | 000,000,883 | ---- | C] () -- C:\Users\stan\AppData\Roaming\result.db
[2012/06/02 23:33:58 | 000,000,017 | ---- | C] () -- C:\Users\stan\AppData\Local\resmon.resmoncfg
[2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/03/19 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Audacity
[2012/04/22 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Babylon
[2012/04/22 14:19:41 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\uTorrent
[2012/07/07 22:42:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Extra report


OTL logfile created on: 25/08/2012 17:34:31 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\stan\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 62.38% Memory free
3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79.43 Gb Total Space | 18.50 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: STAN-PC | User Name: stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
PRC - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/16 11:15:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2012/08/25 17:31:40 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\lwaq.sys -- (loyk)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6PQH3YuVww&i=26
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 3A C3 39 06 03 CD 01 [binary data]
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000242c01930b
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQH3YuVww&i=26
IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/08/19 22:04:59 | 000,000,000 | ---D | M]

[2012/04/09 17:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/09 17:19:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/08/19 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\stan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\stan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\
CHR - Extension: AdBlock = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\
CHR - Extension: Gmail = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/09 20:36:02 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{196CEF15-9A74-468A-AD1D-705498AE190D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 17:31:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2012/08/19 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\Downloads
[2012/08/19 22:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2012/08/19 22:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader
[2012/08/19 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012/08/19 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012/08/19 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/19 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/08/17 19:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/17 17:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/25 17:31:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lwaq.sys
[2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2012/08/25 17:28:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 16:57:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000UA.job
[2012/08/25 16:55:19 | 1554,669,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 08:35:25 | 000,002,447 | ---- | M] () -- C:\Users\stan\Desktop\Google Chrome.lnk
[2012/08/21 13:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000Core.job
[2012/08/19 22:07:34 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2012/08/19 22:05:17 | 000,001,939 | ---- | M] () -- C:\user.js
[2012/08/17 21:58:52 | 000,611,220 | ---- | M] () -- C:\Users\stan\Desktop\Attach.zip
[2012/08/17 18:30:05 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/17 18:21:18 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/17 18:21:18 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/15 22:32:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/15 20:34:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/15 18:46:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 17:31:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lwaq.sys
[2012/08/19 22:07:34 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2012/08/19 22:07:34 | 000,000,177 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.url
[2012/08/17 17:14:02 | 000,611,220 | ---- | C] () -- C:\Users\stan\Desktop\Attach.zip
[2012/08/15 22:32:28 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/09 15:45:32 | 000,000,883 | ---- | C] () -- C:\Users\stan\AppData\Roaming\result.db
[2012/06/02 23:33:58 | 000,000,017 | ---- | C] () -- C:\Users\stan\AppData\Local\resmon.resmoncfg
[2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/03/19 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Audacity
[2012/04/22 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Babylon
[2012/04/22 14:19:41 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\uTorrent
[2012/07/07 22:42:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 26 August 2012 - 06:32 AM

This is not content of Extras.txt. Please check again.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 T22

T22

    New Member

  • Members
  • Pip
  • 7 posts

Posted 01 September 2012 - 11:35 AM

sorry, attached below


OTL Extras logfile created on: 25/08/2012 17:34:31 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\stan\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 62.38% Memory free
3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 79.43 Gb Total Space | 18.50 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: STAN-PC | User Name: stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops Photo] -- "C:\Program Files\Jessops Photo\Jessops Photo\Jessops Photo.exe" "%1" ()
Directory [Photo Show] -- "C:\Program Files\Jessops Photo\Jessops Photo\Photo Show.exe" -d "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DFE9E34-977D-4265-8534-09C034DFB006}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11AF93AE-3A81-4E71-9532-596E5D47B0C6}" = rport=139 | protocol=6 | dir=out | app=system |
"{236A549A-4E5D-4E33-9D3A-7D615A5FAF88}" = lport=445 | protocol=6 | dir=in | app=system |
"{42BE93A9-6DBE-4C68-89B2-060C300AE444}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{490672B4-70E2-43AC-8E60-D2001242B8D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B3B76F4-EAD8-4FEE-B35E-F28272AA8A44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EB5FCD4-99D4-45E1-8EC1-9B55CA5C0EA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{662EEECA-9128-4D0B-9D48-15B95581EF57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6A1164B3-9351-45A0-AA30-F86744468E6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BE07477-3B22-48F3-9829-3271C290E6E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C7D3898-96AD-4B53-BD4C-6D1E60023F3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{76B9F11F-1C0E-4A5C-9E81-A3B5599EC22E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7FD95204-C66A-44FC-BA8C-515E2BAFEDCA}" = lport=137 | protocol=17 | dir=in | app=system |
"{84BC212B-942D-47C6-90AA-E01935A6FB6D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8E9ACD1A-25D7-47DF-ADE0-6E7DFC5ADA03}" = lport=138 | protocol=17 | dir=in | app=system |
"{93C42E96-DA02-48FB-816E-4CFED26FC606}" = rport=138 | protocol=17 | dir=out | app=system |
"{ABF66BEF-7CE8-419B-872A-4C2CE8345989}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B89D2384-B4F4-4EF7-A65E-08C8EC23C496}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C87FFA55-0610-46C8-927B-7E647BE8CD7C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D9E35FCD-DB8C-4261-8F4C-FF8BA04ECAED}" = lport=139 | protocol=6 | dir=in | app=system |
"{E07BFDE0-8E44-4A8C-9C8F-9E8670919B15}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6EE53A2-16BD-4211-9FD2-B6AE50E316DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4FF420B-7D3F-4D15-B7FE-F2A582D29874}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F69B4596-5BAD-4672-9D53-D3FBA0C92415}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E8407A-9F65-440C-A00E-A0D5D2F6C169}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{08ED2ED4-6060-47CD-9FD4-B30F8FA2C433}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BDFFE80-A72F-45C6-817C-D14CFEF90355}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{108329E1-5082-4935-9B85-C16FDBFFB709}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{143B25EC-366C-4ADB-A6AC-86D01B3710D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E37A2FA-5224-4446-BFA4-E168EAC8431A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2412BB30-3D51-4BFB-809A-8D19B1863C6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55D57B8C-695E-4580-9BF2-1EE14EBA8E04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{615DD3A3-2AEF-4F36-9722-CF3D0315A177}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66F73075-E112-47F7-A9CC-7C4AE13E615B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DB530D8-062A-4EAD-B346-5A5699BF0566}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6DCAA7F1-55BA-499D-BDE1-1C9FD2119037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EAD11C2-6FE5-41EC-972E-DA75835F4DD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{847D67BB-1B7C-4434-B018-6BB5AEFAF27D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8C35F4BC-4763-4E83-B1A7-CE13F1BE7CDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{91556ED0-9767-4C51-AC9A-598A8FE23596}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A44B8E42-2959-4FFD-918C-CDA5DB5EE375}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE2C980B-4C89-416A-A296-EF2DDC85772F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD1CDA54-6C92-4AD5-9FBF-C75AC4113BA7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CAC03649-5F02-48D5-9206-D4F98C585B5B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D549302C-91D3-4E18-9809-7B74CFCF6437}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EA12D847-386F-4C4F-B0C6-66FB56837C70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFEEA87F-238F-498C-8CC5-D495B1FE0A8F}" = protocol=6 | dir=out | app=system |
"TCP Query User{E06A838F-B852-4C2C-8EC0-D82856720D89}C:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe |
"UDP Query User{9DBA9BC6-C98D-4C36-9E1F-C0B5C75CC08A}C:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.474
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DealPly" = DealPly
"ENTERPRISE" = Microsoft Office Enterprise 2007
"incredibar" = Incredibar Toolbar on IE
"Jessops Photo" = Jessops Photo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Picasa 3" = Picasa 3
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswFsBlk. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswMonFlt. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswRdr. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswSnx. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary aswSP. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary avast! Network Shield Support. System Error: The system cannot find the
file specified. .

Error - 17/08/2012 12:09:27 | Computer Name = stan-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/08/2012 12:58:10 | Computer Name = stan-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/08/2012 13:31:31 | Computer Name = stan-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/08/2012 14:41:40 | Computer Name = stan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 09/06/2012 12:15:35 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the avast!
Antivirus service to connect.

Error - 09/06/2012 12:15:35 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 09/06/2012 12:16:53 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the avast!
Antivirus service to connect.

Error - 09/06/2012 12:16:53 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 09/06/2012 12:18:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the avast!
Antivirus service to connect.

Error - 09/06/2012 12:18:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 09/06/2012 12:35:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the avast!
Antivirus service to connect.

Error - 09/06/2012 12:35:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053

Error - 09/06/2012 12:37:40 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the avast!
Antivirus service to connect.

Error - 09/06/2012 12:37:40 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following
error: %%1053


< End of report >

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 September 2012 - 12:09 PM

Step 1

Please uninstall the following applications:

Incredibar Toolbar on IE
DealPly



Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb178?a=6PQH3YuVww&i=26
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=10c8685b00000000000000242c01930b
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQH3YuVww&i=26
    [2012/04/09 17:19:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    CHR - Extension: Web Assistant = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
    O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
    O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    O3 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    [2012/08/19 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
    [2012/08/19 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
    [2012/08/19 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
    [2012/04/22 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Babylon
    [2012/04/22 14:19:41 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\uTorrent
    
    :files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 T22

T22

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 September 2012 - 03:34 PM

Hi fix file below


All processes killed
========== OTL ==========
HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\resources folder moved successfully.
C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\libraries folder moved successfully.
C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found.
File C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.
File C:\Program Files\DealPly\DealPlyIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ not found.
File C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
C:\Program Files\Perion\NewTab folder moved successfully.
C:\Program Files\Perion folder moved successfully.
Folder C:\Program Files\Incredibar.com\ not found.
C:\Program Files\Web Assistant\resources folder moved successfully.
C:\Program Files\Web Assistant\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.
C:\Program Files\Web Assistant\Firefox folder moved successfully.
C:\Program Files\Web Assistant folder moved successfully.
C:\Users\stan\AppData\Roaming\Babylon folder moved successfully.
C:\Users\stan\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\stan\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\stan\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\stan\Desktop\cmd.bat deleted successfully.
C:\Users\stan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: stan
->Temp folder emptied: 71295252 bytes
->Temporary Internet Files folder emptied: 203527384 bytes
->Google Chrome cache emptied: 234158570 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20206681 bytes
RecycleBin emptied: 145201949 bytes

Total Files Cleaned = 643.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.58.1 log created on 09032012_212751

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 September 2012 - 06:37 AM

How are things now? :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 T22

T22

    New Member

  • Members
  • Pip
  • 7 posts

Posted 04 September 2012 - 08:50 AM

Thanks for your help Maniac. I ran a scan and it has gone!

Thanks again

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 September 2012 - 10:06 AM

Glad I could help! :)

Please run OTL and click on CleanUp button.

Some malware prevention tips:
http://forums.malwar...howtopic=104379


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 05 September 2012 - 08:14 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users