T22

Laptop infected with Adware.GamePlayLab - Please help

16 posts in this topic

Hi

I seem to be infected with the Adware.GamePlayLab registry problem and am having difficulty removing the infection. Please help

I have attached the DDS log as asked

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by stan at 17:09:25 on 2012-08-17

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.1977.1342 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

mDefault_Page_URL = hxxp://uk.yahoo.com/?fr=mkg029

mStart Page = hxxp://uk.yahoo.com/?fr=mkg029

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [Google Update] "c:\users\stan\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\users\stan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{196CEF15-9A74-468A-AD1D-705498AE190D} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}\45E4341405243324141364 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}\A5978554C49363132367A776 : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-16 1343400]

.

=============== Created Last 30 ================

.

2012-08-15 21:32:11 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ce98babb-0afc-44ca-a957-d7ca9676fdcc}\mpengine.dll

2012-08-15 21:27:19 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-15 21:27:08 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-08-15 21:26:57 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-15 21:26:57 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2012-07-20 18:52:34 4024320 ----a-w- c:\program files\GUT1065.tmp

2012-07-20 18:52:34 -------- d-----w- c:\program files\GUM1064.tmp

.

==================== Find3M ====================

.

2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 17:10:23.08 ===============

Share this post


Link to post
Share on other sites

It wouldn't let me attach the second file so here it is, thanks in advance

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 15/03/2012 23:46:33

System Uptime: 17/08/2012 17:07:28 (0 hours ago)

.

Motherboard: eMachines, Inc. | | Danube

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 79 GiB total, 19.808 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 0.002 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP69: 31/07/2012 20:03:21 - Windows Backup

RP70: 31/07/2012 20:15:02 - Windows Update

RP71: 04/08/2012 12:25:09 - Windows Update

RP72: 06/08/2012 16:29:32 - Windows Backup

RP73: 10/08/2012 08:46:30 - Windows Update

RP74: 12/08/2012 19:55:25 - Windows Backup

RP75: 15/08/2012 18:52:56 - Windows Update

RP76: 15/08/2012 22:19:05 - avast! Free Antivirus Setup

RP77: 15/08/2012 22:26:44 - Windows Update

RP78: 15/08/2012 22:30:48 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Apple Application Support

Apple Software Update

Canon MP270 series MP Drivers

DealPly

Google Chrome

Jessops Photo

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Picasa 3

QuickTime

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live ID Sign-in Assistant

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

15/08/2012 20:33:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

15/08/2012 19:05:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

15/08/2012 19:05:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

15/08/2012 19:04:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

15/08/2012 19:04:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

15/08/2012 18:41:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 19:45:26, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 11:37:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 11:20:56, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 10:17:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/08/2012 20:35:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/08/2012 19:13:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/08/2012 08:36:12, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello T22 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Malwarebytes' Anti-Malware knows GamePlayLab adware very well, so should not be a problem. What kind of problems do you have?

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Share this post


Link to post
Share on other sites

It wouldn't let me attach the second file so here it is, thanks in advance

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 15/03/2012 23:46:33

System Uptime: 17/08/2012 17:07:28 (0 hours ago)

.

Motherboard: eMachines, Inc. | | Danube

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 79 GiB total, 19.808 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 0.002 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP69: 31/07/2012 20:03:21 - Windows Backup

RP70: 31/07/2012 20:15:02 - Windows Update

RP71: 04/08/2012 12:25:09 - Windows Update

RP72: 06/08/2012 16:29:32 - Windows Backup

RP73: 10/08/2012 08:46:30 - Windows Update

RP74: 12/08/2012 19:55:25 - Windows Backup

RP75: 15/08/2012 18:52:56 - Windows Update

RP76: 15/08/2012 22:19:05 - avast! Free Antivirus Setup

RP77: 15/08/2012 22:26:44 - Windows Update

RP78: 15/08/2012 22:30:48 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Apple Application Support

Apple Software Update

Canon MP270 series MP Drivers

DealPly

Google Chrome

Jessops Photo

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Picasa 3

QuickTime

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live ID Sign-in Assistant

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

15/08/2012 20:33:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

15/08/2012 19:05:46, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

15/08/2012 19:05:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

15/08/2012 19:04:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

15/08/2012 19:04:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

15/08/2012 18:41:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 19:45:26, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 11:37:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 11:20:56, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/08/2012 10:17:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/08/2012 20:35:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/08/2012 19:13:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/08/2012 08:36:12, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Thanks

This is really beneficial but I have already removed my infection with Giant Savings removal tool. It is very effective and easy to use adware removal tool. Adwrae infection is very harmful for the system but it can be removed with Giant Savings removal tool.

-----------

for more information:- http://www.spywareprotectiontool.com/effective-giant-savings-removal-tool-to-clean-up-the-pc

Share this post


Link to post
Share on other sites

Hi Maniac,

I am still here apologies for not getting back to you sooner.

Please find attached the log files

MBAM text

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.25.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

stan :: STAN-PC [administrator]

25/08/2012 17:03:10

mbam-log-2012-08-25 (17-03-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 182047

Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\stan\AppData\Local\Temp\Vid-Saver-ppi-Multi.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

OTL log file

OTL logfile created on: 25/08/2012 17:34:31 - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\stan\Desktop

Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 62.38% Memory free

3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 79.43 Gb Total Space | 18.50 Gb Free Space | 23.30% Space Free | Partition Type: NTFS

Drive D: | 69.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: STAN-PC | User Name: stan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe

PRC - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll

MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll

MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll

MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)

SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/03/16 11:15:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - [2012/08/25 17:31:40 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\lwaq.sys -- (loyk)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)

DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)

DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb178?a=6PQH3YuVww&i=26

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 3A C3 39 06 03 CD 01 [binary data]

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=10c8685b00000000000000242c01930b

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQH3YuVww&i=26

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/08/19 22:04:59 | 000,000,000 | ---D | M]

[2012/04/09 17:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions

[2012/04/09 17:19:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012/08/19 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\stan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

CHR - plugin: Google Update (Enabled) = C:\Users\stan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Web Assistant = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\

CHR - Extension: AdBlock = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\

CHR - Extension: Gmail = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/09 20:36:02 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()

O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)

O3 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{196CEF15-9A74-468A-AD1D-705498AE190D}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 17:31:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe

[2012/08/19 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\Downloads

[2012/08/19 22:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader

[2012/08/19 22:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader

[2012/08/19 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perion

[2012/08/19 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com

[2012/08/19 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/08/19 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant

[2012/08/17 19:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/08/17 17:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/25 17:31:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lwaq.sys

[2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe

[2012/08/25 17:28:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/25 16:57:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000UA.job

[2012/08/25 16:55:19 | 1554,669,568 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/22 08:35:25 | 000,002,447 | ---- | M] () -- C:\Users\stan\Desktop\Google Chrome.lnk

[2012/08/21 13:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000Core.job

[2012/08/19 22:07:34 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk

[2012/08/19 22:05:17 | 000,001,939 | ---- | M] () -- C:\user.js

[2012/08/17 21:58:52 | 000,611,220 | ---- | M] () -- C:\Users\stan\Desktop\Attach.zip

[2012/08/17 18:30:05 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/08/17 18:21:18 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/17 18:21:18 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/15 22:32:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/08/15 20:34:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012/08/15 18:46:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 17:31:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lwaq.sys

[2012/08/19 22:07:34 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk

[2012/08/19 22:07:34 | 000,000,177 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.url

[2012/08/17 17:14:02 | 000,611,220 | ---- | C] () -- C:\Users\stan\Desktop\Attach.zip

[2012/08/15 22:32:28 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/06/09 15:45:32 | 000,000,883 | ---- | C] () -- C:\Users\stan\AppData\Roaming\result.db

[2012/06/02 23:33:58 | 000,000,017 | ---- | C] () -- C:\Users\stan\AppData\Local\resmon.resmoncfg

[2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/03/19 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Audacity

[2012/04/22 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Babylon

[2012/04/22 14:19:41 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\uTorrent

[2012/07/07 22:42:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extra report

OTL logfile created on: 25/08/2012 17:34:31 - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\stan\Desktop

Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 62.38% Memory free

3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 79.43 Gb Total Space | 18.50 Gb Free Space | 23.30% Space Free | Partition Type: NTFS

Drive D: | 69.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: STAN-PC | User Name: stan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe

PRC - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll

MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll

MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll

MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)

SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/03/16 11:15:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - [2012/08/25 17:31:40 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\lwaq.sys -- (loyk)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/11/20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - [2010/11/20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)

DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2010/11/20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)

DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=mkg029

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=mkg029

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb178?a=6PQH3YuVww&i=26

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 3A C3 39 06 03 CD 01 [binary data]

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=10c8685b00000000000000242c01930b

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQH3YuVww&i=26

IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\stan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/08/19 22:04:59 | 000,000,000 | ---D | M]

[2012/04/09 17:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions

[2012/04/09 17:19:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

[2012/08/19 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\stan\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\stan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

CHR - plugin: Google Update (Enabled) = C:\Users\stan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Web Assistant = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\

CHR - Extension: AdBlock = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\

CHR - Extension: New tab for Chrome\u2122 = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\

CHR - Extension: Gmail = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/09 20:36:02 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()

O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)

O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)

O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)

O3 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{196CEF15-9A74-468A-AD1D-705498AE190D}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9943EB6A-F3DA-4F86-9E34-1BE9DBA2B9A3}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 17:31:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe

[2012/08/19 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\Downloads

[2012/08/19 22:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader

[2012/08/19 22:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader

[2012/08/19 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perion

[2012/08/19 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com

[2012/08/19 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/08/19 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant

[2012/08/17 19:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/08/17 17:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/25 17:31:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lwaq.sys

[2012/08/25 17:31:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe

[2012/08/25 17:28:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/25 17:07:49 | 000,019,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/25 16:57:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000UA.job

[2012/08/25 16:55:19 | 1554,669,568 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/22 08:35:25 | 000,002,447 | ---- | M] () -- C:\Users\stan\Desktop\Google Chrome.lnk

[2012/08/21 13:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2934697185-4014517736-1319693140-1000Core.job

[2012/08/19 22:07:34 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk

[2012/08/19 22:05:17 | 000,001,939 | ---- | M] () -- C:\user.js

[2012/08/17 21:58:52 | 000,611,220 | ---- | M] () -- C:\Users\stan\Desktop\Attach.zip

[2012/08/17 18:30:05 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/08/17 18:21:18 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/17 18:21:18 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/15 22:32:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/08/15 20:34:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012/08/15 18:46:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Users\stan\Documents\*.tmp files -> C:\Users\stan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 17:31:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lwaq.sys

[2012/08/19 22:07:34 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk

[2012/08/19 22:07:34 | 000,000,177 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.url

[2012/08/17 17:14:02 | 000,611,220 | ---- | C] () -- C:\Users\stan\Desktop\Attach.zip

[2012/08/15 22:32:28 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/06/09 15:45:32 | 000,000,883 | ---- | C] () -- C:\Users\stan\AppData\Roaming\result.db

[2012/06/02 23:33:58 | 000,000,017 | ---- | C] () -- C:\Users\stan\AppData\Local\resmon.resmoncfg

[2010/11/20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2010/11/20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/03/19 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Audacity

[2012/04/22 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Babylon

[2012/04/22 14:19:41 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\uTorrent

[2012/07/07 22:42:45 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

This is not content of Extras.txt. Please check again.

Share this post


Link to post
Share on other sites

sorry, attached below

OTL Extras logfile created on: 25/08/2012 17:34:31 - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\stan\Desktop

Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 62.38% Memory free

3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 79.43 Gb Total Space | 18.50 Gb Free Space | 23.30% Space Free | Partition Type: NTFS

Drive D: | 69.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: STAN-PC | User Name: stan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Jessops Photo] -- "C:\Program Files\Jessops Photo\Jessops Photo\Jessops Photo.exe" "%1" ()

Directory [Photo Show] -- "C:\Program Files\Jessops Photo\Jessops Photo\Photo Show.exe" -d "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0DFE9E34-977D-4265-8534-09C034DFB006}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{11AF93AE-3A81-4E71-9532-596E5D47B0C6}" = rport=139 | protocol=6 | dir=out | app=system |

"{236A549A-4E5D-4E33-9D3A-7D615A5FAF88}" = lport=445 | protocol=6 | dir=in | app=system |

"{42BE93A9-6DBE-4C68-89B2-060C300AE444}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{490672B4-70E2-43AC-8E60-D2001242B8D1}" = rport=445 | protocol=6 | dir=out | app=system |

"{4B3B76F4-EAD8-4FEE-B35E-F28272AA8A44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5EB5FCD4-99D4-45E1-8EC1-9B55CA5C0EA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{662EEECA-9128-4D0B-9D48-15B95581EF57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{6A1164B3-9351-45A0-AA30-F86744468E6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6BE07477-3B22-48F3-9829-3271C290E6E2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6C7D3898-96AD-4B53-BD4C-6D1E60023F3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{76B9F11F-1C0E-4A5C-9E81-A3B5599EC22E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{7FD95204-C66A-44FC-BA8C-515E2BAFEDCA}" = lport=137 | protocol=17 | dir=in | app=system |

"{84BC212B-942D-47C6-90AA-E01935A6FB6D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8E9ACD1A-25D7-47DF-ADE0-6E7DFC5ADA03}" = lport=138 | protocol=17 | dir=in | app=system |

"{93C42E96-DA02-48FB-816E-4CFED26FC606}" = rport=138 | protocol=17 | dir=out | app=system |

"{ABF66BEF-7CE8-419B-872A-4C2CE8345989}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B89D2384-B4F4-4EF7-A65E-08C8EC23C496}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C87FFA55-0610-46C8-927B-7E647BE8CD7C}" = rport=10243 | protocol=6 | dir=out | app=system |

"{D9E35FCD-DB8C-4261-8F4C-FF8BA04ECAED}" = lport=139 | protocol=6 | dir=in | app=system |

"{E07BFDE0-8E44-4A8C-9C8F-9E8670919B15}" = rport=137 | protocol=17 | dir=out | app=system |

"{E6EE53A2-16BD-4211-9FD2-B6AE50E316DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F4FF420B-7D3F-4D15-B7FE-F2A582D29874}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F69B4596-5BAD-4672-9D53-D3FBA0C92415}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01E8407A-9F65-440C-A00E-A0D5D2F6C169}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{08ED2ED4-6060-47CD-9FD4-B30F8FA2C433}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{0BDFFE80-A72F-45C6-817C-D14CFEF90355}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{108329E1-5082-4935-9B85-C16FDBFFB709}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{143B25EC-366C-4ADB-A6AC-86D01B3710D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1E37A2FA-5224-4446-BFA4-E168EAC8431A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{2412BB30-3D51-4BFB-809A-8D19B1863C6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{55D57B8C-695E-4580-9BF2-1EE14EBA8E04}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{615DD3A3-2AEF-4F36-9722-CF3D0315A177}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{66F73075-E112-47F7-A9CC-7C4AE13E615B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6DB530D8-062A-4EAD-B346-5A5699BF0566}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{6DCAA7F1-55BA-499D-BDE1-1C9FD2119037}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6EAD11C2-6FE5-41EC-972E-DA75835F4DD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{847D67BB-1B7C-4434-B018-6BB5AEFAF27D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{8C35F4BC-4763-4E83-B1A7-CE13F1BE7CDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{91556ED0-9767-4C51-AC9A-598A8FE23596}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A44B8E42-2959-4FFD-918C-CDA5DB5EE375}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AE2C980B-4C89-416A-A296-EF2DDC85772F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BD1CDA54-6C92-4AD5-9FBF-C75AC4113BA7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CAC03649-5F02-48D5-9206-D4F98C585B5B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D549302C-91D3-4E18-9809-7B74CFCF6437}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{EA12D847-386F-4C4F-B0C6-66FB56837C70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FFEEA87F-238F-498C-8CC5-D495B1FE0A8F}" = protocol=6 | dir=out | app=system |

"TCP Query User{E06A838F-B852-4C2C-8EC0-D82856720D89}C:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe |

"UDP Query User{9DBA9BC6-C98D-4C36-9E1F-C0B5C75CC08A}C:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\stan\appdata\local\temp\rarsfx0\bie_kms.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.474

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"DealPly" = DealPly

"ENTERPRISE" = Microsoft Office Enterprise 2007

"incredibar" = Incredibar Toolbar on IE

"Jessops Photo" = Jessops Photo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Picasa 3" = Picasa 3

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary aswFsBlk. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary aswMonFlt. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary aswRdr. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary aswSnx. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary aswSP. System Error: The system cannot find the file specified. .

Error - 15/08/2012 17:30:49 | Computer Name = stan-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary avast! Network Shield Support. System Error: The system cannot find the

file specified. .

Error - 17/08/2012 12:09:27 | Computer Name = stan-PC | Source = WinMgmt | ID = 10

Description =

Error - 17/08/2012 12:58:10 | Computer Name = stan-PC | Source = WinMgmt | ID = 10

Description =

Error - 17/08/2012 13:31:31 | Computer Name = stan-PC | Source = WinMgmt | ID = 10

Description =

Error - 17/08/2012 14:41:40 | Computer Name = stan-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 09/06/2012 12:15:35 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the avast!

Antivirus service to connect.

Error - 09/06/2012 12:15:35 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000

Description = The avast! Antivirus service failed to start due to the following

error: %%1053

Error - 09/06/2012 12:16:53 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the avast!

Antivirus service to connect.

Error - 09/06/2012 12:16:53 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000

Description = The avast! Antivirus service failed to start due to the following

error: %%1053

Error - 09/06/2012 12:18:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the avast!

Antivirus service to connect.

Error - 09/06/2012 12:18:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000

Description = The avast! Antivirus service failed to start due to the following

error: %%1053

Error - 09/06/2012 12:35:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the avast!

Antivirus service to connect.

Error - 09/06/2012 12:35:08 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000

Description = The avast! Antivirus service failed to start due to the following

error: %%1053

Error - 09/06/2012 12:37:40 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the avast!

Antivirus service to connect.

Error - 09/06/2012 12:37:40 | Computer Name = stan-PC | Source = Service Control Manager | ID = 7000

Description = The avast! Antivirus service failed to start due to the following

error: %%1053

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Incredibar Toolbar on IE

DealPly

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb178?a=6PQH3YuVww&i=26
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=10c8685b00000000000000242c01930b
    IE - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQH3YuVww&i=26
    [2012/04/09 17:19:52 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    CHR - Extension: Web Assistant = C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
    O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
    O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    O3 - HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    [2012/08/19 22:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
    [2012/08/19 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
    [2012/08/19 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
    [2012/04/22 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\Babylon
    [2012/04/22 14:19:41 | 000,000,000 | ---D | M] -- C:\Users\stan\AppData\Roaming\uTorrent

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Hi fix file below

All processes killed

========== OTL ==========

HKU\S-1-5-21-2934697185-4014517736-1319693140-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.

C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.

C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.

C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.

C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.

C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.

C:\Users\stan\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.

C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\resources folder moved successfully.

C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\libraries folder moved successfully.

C:\Users\stan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.

C:\Program Files\Web Assistant\Extension32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ not found.

File C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ not found.

File C:\Program Files\DealPly\DealPlyIE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ not found.

File C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll not found.

Registry value HKEY_USERS\S-1-5-21-2934697185-4014517736-1319693140-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

C:\Program Files\Perion\NewTab folder moved successfully.

C:\Program Files\Perion folder moved successfully.

Folder C:\Program Files\Incredibar.com\ not found.

C:\Program Files\Web Assistant\resources folder moved successfully.

C:\Program Files\Web Assistant\libraries folder moved successfully.

C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.

C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.

C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully.

C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully.

C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully.

C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.

C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.

C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.

C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.

C:\Program Files\Web Assistant\Firefox folder moved successfully.

C:\Program Files\Web Assistant folder moved successfully.

C:\Users\stan\AppData\Roaming\Babylon folder moved successfully.

C:\Users\stan\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\stan\AppData\Roaming\uTorrent\apps folder moved successfully.

C:\Users\stan\AppData\Roaming\uTorrent folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\stan\Desktop\cmd.bat deleted successfully.

C:\Users\stan\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: stan

->Temp folder emptied: 71295252 bytes

->Temporary Internet Files folder emptied: 203527384 bytes

->Google Chrome cache emptied: 234158570 bytes

->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 20206681 bytes

RecycleBin emptied: 145201949 bytes

Total Files Cleaned = 643.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.58.1 log created on 09032012_212751

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Thanks for your help Maniac. I ran a scan and it has gone!

Thanks again

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.