Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

http://uk.woofi.info/ [Closed]


  • This topic is locked This topic is locked

#31
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi I have completed the last instructions, but on start up I am getting the NETBT error and the QoS Packet Scheduler error also the google installer came back. Here is the report

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753} folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.3.787.43 folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753} folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.2.643.41 folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager\2.2.565.25 folder moved successfully.
C:\Users\shadbolt\AppData\Local\VirtualStore\ProgramData\Browser Manager folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\SparkTrust Registration3.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
Thanks
  • 0

Advertisements


#32
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for the update. Next post I will deal will the Netbt error.

Did the uninstalls go through o.k? and did you remove the items from Task scheduler. There should have been 2 Google Items listed there. :)
  • 0

#33
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello to you :)

I will search for a replacement driver, once I have that I can replace the missing or corrupt driver\s

OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    pacer.*

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

  • 0

#34
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Please ignore my last post it is incorrect. If you have done the scan nevermind, I don't want to see that one. Please repeat with these instructions


I will search for a replacement driver, once I have that I can replace the missing or corrupt driver

OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    md5start/
    pacer.*
    md5stop/

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

  • 0

#35
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Today is not a good day :( another blunder by myself I'm afraid this is the correct scan.

Please ignore my last post it is incorrect also!!. If you have done the scan nevermind, I don't want to see that one. Please repeat with these instructions

I will search for a replacement driver, once I have that I can replace the missing or corrupt driver

OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    /md5start
    pacer.*
    /md5stop

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

  • 0

#36
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi thanks for the help here is the report
OTL logfile created on: 30/06/2013 21:11:42 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 39.89% Memory free
3.25 Gb Paging File | 1.90 Gb Available in Paging File | 58.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 102.62 Gb Free Space | 68.85% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 12:29:43 | 000,000,000 | ---D | C] -- C:\MATS
[2013/06/28 20:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/06/28 20:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/28 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\RK_Quarantine
[2013/06/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\246fix
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/06/30 19:58:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 19:58:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 17:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/30 15:53:21 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/06/30 13:58:36 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/30 13:58:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/30 13:58:10 | 1608,888,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/30 13:57:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/29 22:59:45 | 199,487,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/29 20:26:11 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/06/28 10:32:02 | 000,911,360 | ---- | M] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:45:59 | 000,020,558 | ---- | M] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/06/28 10:31:30 | 000,911,360 | ---- | C] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:45:59 | 000,020,558 | ---- | C] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< pacer.* >

< End of report >
  • 0

#37
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there I gave you the wrong scan I'm afraid I do apologise, can you do the scan from my last post it starts with:

Today is not a good day :( another blunder by myself I'm afraid this is the correct scan.
  • 0

#38
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Hellomut. I am giving you a new post as I am unhappy with how I left things yesterday. I gave you the incorrect scan instructions for OTL and also the proxy has returned.

I have some questions for you that I need answered :)
  • Did you set the proxy http=127.0.0.1:8877;https=127.0.0.1:8877 yourself and do you know anything about it? If you did set this then ignore step 1
  • Do you use the Trusteer Rapport program?
  • Do you intend on using Chrome and or Firefox in the future?
  • Can you tell me what you see in connection options when you complete step 1 below


1. Internet Options
  • Click Start and type Internet Options in the search bar and press Enter
  • Select the Connections Tab then click Lan Settings
    Posted Image
  • The settings should be as shown above.
  • Uncheck the use automatic configuration script
  • Uncheck the box under Proxy Server if checked.

2. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    /md5start
    pacer.*
    /md5stop

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

Things I want to see in your next post.
  • Answers to questions
  • OTL fix log

  • 0

#39
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi there here are the answers to your questions
No I din't set the proxy http=127.0.0.1:8877;https=127.0.0.1:8877 I dont know what it is
No I don't use the Trusteer Rapport program.
I don't think I will use Chrome or Firfox
In the connections options it is the same as your screen print shows
Here are the results of the scan

OTL logfile created on: 02/07/2013 08:15:45 - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 39.14% Memory free
3.25 Gb Paging File | 1.50 Gb Available in Paging File | 46.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 21:59:49 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/03/21 09:04:26 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/05/15 15:46:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/21 09:04:28 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/03/21 09:04:42 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/03/21 09:04:42 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/03/21 09:04:42 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\shadbolt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 12:29:43 | 000,000,000 | ---D | C] -- C:\MATS
[2013/06/28 20:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/06/28 20:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/28 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\RK_Quarantine
[2013/06/24 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\246fix
[2013/06/13 17:43:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/13 17:43:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/13 17:25:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\reply2
[2013/06/13 09:10:06 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\Desktop\New Folder
[2013/06/13 07:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/11 20:42:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
[2013/06/09 17:16:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Malwarebytes
[2013/06/09 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/09 10:36:32 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/07/02 07:58:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 07:58:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/02 07:21:47 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/07/01 11:29:50 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/06/30 17:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/30 13:58:36 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/06/30 13:58:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/30 13:58:10 | 1608,888,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/30 13:57:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/29 22:59:45 | 199,487,035 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/28 10:32:02 | 000,911,360 | ---- | M] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:45:59 | 000,020,558 | ---- | M] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 17:25:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\shadbolt\Desktop\JRT.exe
[2013/06/13 09:32:49 | 000,648,201 | ---- | M] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:44 | 000,890,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2013/06/13 07:46:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/06/28 10:31:30 | 000,911,360 | ---- | C] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/28 09:45:59 | 000,020,558 | ---- | C] () -- C:\Users\shadbolt\Desktop\how-to-remove-malware.htm
[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2013/06/13 09:32:48 | 000,648,201 | ---- | C] () -- C:\Users\shadbolt\Desktop\AdwCleaner.exe
[2013/06/13 08:44:43 | 000,890,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\SecurityCheck.exe
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: PACER.SYS >
[2008/04/05 02:20:52 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=12B318FEA3F8A63BE8E7C13D8BA97564 -- C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.22151_none_ae9ff60970e9e6b9\pacer.sys
[2009/04/11 05:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=99514FAA8DF93D34B5589187DB3AA0BA -- C:\Windows\System32\drivers\pacer.sys
[2009/04/11 05:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=99514FAA8DF93D34B5589187DB3AA0BA -- C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6002.18005_none_b036e19c54c66d2f\pacer.sys
[2008/01/21 03:33:52 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=A114CFE308C24B8235B03CFDFFE11E99 -- C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18000_none_ae4b689057a4a1e3\pacer.sys
[2008/04/05 02:21:42 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=BFEF604508A0ED1EAE2A73E872555FFB -- C:\Windows\winsxs\x86_microsoft-windows-qos_31bf3856ad364e35_6.0.6001.18046_none_ae262a9c57bfa9b1\pacer.sys

< MD5 for: PACER.SYS.MUI >
[2006/11/02 13:38:57 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=45E640F7DA6F51085E8CFBA1F1C1DFC6 -- C:\Windows\System32\drivers\en-US\pacer.sys.mui
[2006/11/02 13:38:57 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=45E640F7DA6F51085E8CFBA1F1C1DFC6 -- C:\Windows\winsxs\x86_microsoft-windows-qos.resources_31bf3856ad364e35_6.0.6000.16386_en-us_392be9f2b16d1494\pacer.sys.mui

< End of report >
Many Thanks
  • 0

#40
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Nutloaf
I have just found out what Trusteer Rapport is, this is the program all the banks use for thier online banking and I do use it as the banks will not cover any losses if you don't use it and somebody hacks your system.

Regards
Hellomut
  • 0

Advertisements


#41
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thank you for that update, I was going to ask you to uninststall that, but as you use Online banking this is needed.

I am currently looking into the Proxy issue and the NetBT errors which may take some time.

Is Google Update still a problem. This program comes with Chrome and Google Earth. Reinstalling Chrome may help if this is still an issue. If you decide to install Chrome I will need an OTL scan to check it's settings. You could also do this with Firefox. Let me know what you want to do and I will provide you with links to these browsers.
  • 0

#42
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Hellomut, thanks for sticking with me :thumbsup:

I need to look at a registry key to help me with the Proxy issue that keeps returning.


OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Ther are 8 None boxes please check all 8.
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    /md5start
    wininet.*
    /md5stop

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

Device Manager
  • click Start and in the search bar type Device manager and press Enter
  • Are there any yellow ! or ? symbols listed, if so what are the items flagged?

  • 0

#43
hellomut

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Nutloaf
I don't minde having Chrome, I dont think I want firfox. I have run the scan and the results are below. I check the divice manager and found one marked with a ? it was listed as other devices I opened that up and it said Ancilliay Function driver for windsock. Now I seem to remember that showed up when my wife purchased a new laptop and switched it on I had a message: Windows Media Player found unknown device
(F4-B7-E2-19-4B-EB)

OTL logfile created on: 03/07/2013 14:41:37 - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 27.68% Memory free
3.25 Gb Paging File | 1.83 Gb Available in Paging File | 56.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 92.52 Gb Free Space | 62.07% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings >
"IE5_UA_Backup_Flag" = 5.0
"User Agent" = Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName" = [email protected]
"AutoConfigProxy" = wininet.dll -- [2013/05/16 23:28:26 | 001,129,472 | ---- | M] (Microsoft Corporation)
"MimeExclusionListForCache" = multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"UseSchannelDirectly" = 01 00 00 00 [binary data]
"EnableHttp1_1" = 1
"PrivDiscUiShown" = 1
"WarnOnIntranet" = 1
"WarnOnPost" = 01 00 00 00 [binary data]
"UrlEncoding" = 0
"SecureProtocols" = 160
"PrivacyAdvanced" = 0
"ZonesSecurityUpgradeDone" = 1
"DisableCachingOfSSLPages" = 0
"WarnonZoneCrossing" = 0
"CertificateRevocation" = 1
"EnableNegotiate" = 1
"MigrateProxy" = 1
"ProxyEnable" = 0
"EnableAutodial" = 0
"NoNetAutodial" = 0
"GlobalUserOffline" = 0
"ZonesSecurityUpgrade" = 2A C0 C3 4A 90 F3 CB 01 [binary data]
"ProxyHttp1.1" = 1
"BackgroundConnections" = 1
"EnablePunycode" = 1
"ShowPunycode" = 0
"CreateUriCacheSize" = 80
"CoInternetCombineIUriCacheSize" = 80
"SecurityIdIUriCacheSize" = 30
"SpecialFoldersCacheSize" = 8

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]

< MD5 for: WININET.DLL >
[2011/12/14 03:28:29 | 001,127,424 | ---- | M] (Microsoft Corporation) MD5=022A78194E2C7106F5AF9F2BC6AC8774 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20546_none_c2552cd2f8e0ae57\wininet.dll
[2011/11/03 23:39:47 | 001,127,424 | ---- | M] (Microsoft Corporation) MD5=02F98B5C0E397AD06124D84428CF8F1A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16440_none_c1c58e4bdfc87683\wininet.dll
[2013/02/02 04:30:21 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=03728C624D05C2F157BBD46F6B7F6EA0 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16470_none_c1a51e87dfe0ca56\wininet.dll
[2012/11/14 02:33:20 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=0635D714351F842D43EA184E75C4A3FF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20565_none_c23e8cb0f8f1cce2\wininet.dll
[2010/05/04 19:28:30 | 000,834,048 | ---- | M] (Microsoft Corporation) MD5=0DC7A1B98FE22C894DB7505F1B5303B7 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22685_none_02211bd8bb2d01ae\wininet.dll
[2012/02/28 01:58:46 | 001,127,424 | ---- | M] (Microsoft Corporation) MD5=11A34DCA08EB2A586246F2D6C2A81D58 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20548_none_c2572d66f8dee105\wininet.dll
[2013/02/02 04:36:46 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=1284D72C04B553ED5382EA14303D66DB -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20580_none_c223eb66f9068611\wininet.dll
[2013/01/08 21:41:13 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=16C45E6881449C6330567E51C13920FA -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20573_none_c231bc30f8fbb625\wininet.dll
[2012/05/17 23:35:47 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=1C191A4F0960F21B5D58C8A65BAF5427 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16446_none_c1cb9007dfc30e8d\wininet.dll
[2011/12/14 03:57:18 | 001,127,424 | ---- | M] (Microsoft Corporation) MD5=1D94FA7C81D2FFE494AF094619BA706F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16441_none_c1c68e95dfc78fda\wininet.dll
[2012/08/24 08:12:40 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=2895E29EFCFC0B1BCF8AEE1A0C67913C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20557_none_c24b5d30f8e7e39f\wininet.dll
[2013/04/04 21:55:36 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=28B2DD8DBAEE306290A74ED03DB3768F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20593_none_c21c1c58f90bee07\wininet.dll
[2011/07/22 03:48:26 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=2C7332C222D1FE1FC57D622699A8C001 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16434_none_c1d45f5fdfbcbfee\wininet.dll
[2013/04/04 23:02:17 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=2C96B3921B4CDE10DBAED5AAD760DB67 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16483_none_c19d4f79dfe6324c\wininet.dll
[2011/11/04 00:07:24 | 001,127,424 | ---- | M] (Microsoft Corporation) MD5=32569DF2F9BEF05DD7D56E30590EDFD9 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20544_none_c2532c3ef8e27ba9\wininet.dll
[2010/05/04 20:38:23 | 000,834,560 | ---- | M] (Microsoft Corporation) MD5=42534A33F524671A160AAC4456B2BB4C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22398_none_03ffbeb2b858bec8\wininet.dll
[2012/05/17 23:19:05 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=43BAC67996D8765A5F1B3A4EA6231E21 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20551_none_c2455b74f8ed4b95\wininet.dll
[2012/02/28 02:11:07 | 001,127,424 | ---- | M] (Microsoft Corporation) MD5=44465367256D1C72B58F5ABAA19E7016 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16443_none_c1c88f29dfc5c288\wininet.dll
[2008/01/21 03:34:21 | 000,825,856 | ---- | M] (Microsoft Corporation) MD5=455D715A840579BDC1CF8E5C1DA76849 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
[2013/02/22 04:35:17 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=490E24D5E427DFA55B1C1182F0DB861C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20586_none_c229ed22f9011e1b\wininet.dll
[2010/05/04 20:15:20 | 000,834,048 | ---- | M] (Microsoft Corporation) MD5=4C4F5080682BF9B1100D5938C12B55F9 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18255_none_039e60b99f1d6335\wininet.dll
[2010/09/08 07:01:28 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=545264F1F3AC5BD57B159EBBDC4FDC58 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18975_none_e48b6b0db7d48c2d\wininet.dll
[2012/06/28 23:54:19 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=54C30A4066A28F9A017E095E283B2762 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20554_none_c2485c52f8ea979a\wininet.dll
[2012/08/24 07:51:27 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=5553611E2F9EA6F613079177F1233068 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16450_none_c1babe5fdfd09274\wininet.dll
[2010/11/02 07:01:54 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=5681261BF2572F8776E1344DCB090C0B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18999_none_e479cc5db7e1296b\wininet.dll
[2008/06/27 05:15:28 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=618A51B5FB9DD5810960F6044C0E9289 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
[2013/05/16 23:28:26 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=6A25377A76479A0C0BF3DB6FC42FE09A -- C:\Windows\System32\wininet.dll
[2013/05/16 23:28:26 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=6A25377A76479A0C0BF3DB6FC42FE09A -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16490_none_c18f7eafdff10238\wininet.dll
[2009/03/08 12:34:57 | 000,914,944 | ---- | M] (Microsoft Corporation) MD5=6CE32F7778061CCC5814D5E0F282D369 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
[2010/09/08 07:25:04 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=6D4B5C39BB00A8BD98462664E73AC403 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23067_none_e521ae94d0e878cf\wininet.dll
[2012/10/08 08:37:57 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=6E3AC8A54A1881806BA2B58539483788 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20562_none_c23b8bd2f8f480dd\wininet.dll
[2010/12/18 07:27:04 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=74BCC23D622F32DA0450D164735ACAB1 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19019_none_e4d023dfb7a07d25\wininet.dll
[2012/06/29 01:09:01 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=75A97A2C060E72AB49E071E08C7DD2BA -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16448_none_c1cd909bdfc1413b\wininet.dll
[2010/06/26 07:05:49 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=78D42E00B5AB233F34116C0EF07F1BC9 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18943_none_e4a9da3db7be05ac\wininet.dll
[2010/12/18 08:18:09 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=7D6AACE6BF60B5A1D572E082DEC9F0F0 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23111_none_e551be5ad0c55237\wininet.dll
[2012/11/14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=7FA3A810F383588D46220967DE8B64FF -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16457_none_c1c1c065dfca43d5\wininet.dll
[2009/04/11 07:28:25 | 000,828,416 | ---- | M] (Microsoft Corporation) MD5=8777B44511D8BCCF47B5A7CBDC02DE11 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
[2012/06/02 09:25:08 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=8E87270C4704CF2951E1E7820D6C8A2B -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16447_none_c1cc9051dfc227e4\wininet.dll
[2012/10/08 08:48:03 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=9CB0D2A9A77D91D9614355EE9FF00519 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16455_none_c1bfbfd1dfcc1127\wininet.dll
[2010/05/04 07:31:32 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=9DF755B063C647A1CAEB17F3E2FDDE1D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23019_none_e559bec4d0be1fc8\wininet.dll
[2011/04/05 13:42:02 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=A1236375B74EA63C75657D564890C436 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16421_none_c1dc2e6ddfb757f8\wininet.dll
[2011/07/22 02:48:19 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=AA75F065975FCE762FC9BBF5A3C08368 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20534_none_c25dfc2af8da5fb8\wininet.dll
[2008/06/27 04:49:46 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=AE7150C0696C656D02FDD48259F4EFF5 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
[2013/01/08 23:03:20 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=B49B56B64F57699A1A663D2CF7D0A56F -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16464_none_c1b3ef9bdfd513c1\wininet.dll
[2011/09/01 02:57:54 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=C0FCEE8D760C70DB6EF858BB2262288E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20537_none_c260fd08f8d7abbd\wininet.dll
[2013/02/22 04:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=C5B6468422DB1C8AA36C32CBB0197E5E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16476_none_c1ab2043dfdb6260\wininet.dll
[2013/05/16 22:43:29 | 001,129,984 | ---- | M] (Microsoft Corporation) MD5=CC25EA1287613DC45D25A26037B4DBDD -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20600_none_c27a6cacf8c5a3b0\wininet.dll
[2010/11/02 08:12:02 | 000,919,552 | ---- | M] (Microsoft Corporation) MD5=D364DEB34DB229A4C1EFB1BC68F505C4 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23091_none_e4fb3d14d1063498\wininet.dll
[2011/09/01 03:28:15 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=D3788D91530CFA005BD516189A4C676E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16437_none_c1d7603ddfba0bf3\wininet.dll
[2012/06/02 09:16:44 | 001,129,472 | ---- | M] (Microsoft Corporation) MD5=E430161A632F9A8FE512DE0CA5685559 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20553_none_c2475c08f8eb7e43\wininet.dll
[2008/06/27 04:54:49 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=E74D932CA7B3DA8CDB7A5F11F5A03ABC -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
[2008/06/27 04:50:35 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=EDF59D63DDBC8BE0BB4836EFFFC04BDC -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
[2010/05/04 19:42:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=F12FBAF1DA549CBB79E6D89AD3A57ED0 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18470_none_019d4ba1a20bca19\wininet.dll
[2010/05/04 06:59:21 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=F317362AEB06140E7FB1B29331FDC038 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18928_none_e4c47b87b7a94c7d\wininet.dll
[2010/06/26 07:51:32 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=F60F99762FABCD7F4B53A4A0EBAE3505 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23040_none_e5304c66d0de8f8c\wininet.dll

< MD5 for: WININET.DLL.MUI >
[2009/03/08 22:27:22 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=2A7D8005E806CB18CB20CBD997DF6B45 -- C:\Windows\winsxs\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_8.0.6001.18702_en-us_fb3bcd5f6f74a2b2\wininet.dll.mui
[2011/04/05 13:42:03 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=7EDE37CE87B8CC356B2CBC282BAD03D1 -- C:\Windows\System32\en-US\wininet.dll.mui
[2011/04/05 13:42:03 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=7EDE37CE87B8CC356B2CBC282BAD03D1 -- C:\Windows\winsxs\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_9.1.8112.16421_en-us_d843e5f5978d7867\wininet.dll.mui
[2006/11/02 13:38:51 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=CEF8451BC502E154F50DDCBDA5FDAC65 -- C:\Windows\winsxs\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1619e9095cbe2181\wininet.dll.mui

< End of report >
Thanks
  • 0

#44
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for the information Hellomut I really appreciate that. The results will take some looking at so bear with me. We are making progress although it may seem slow, it is important to sort the proxy issue. I have a plan for Chrome and Firefox as I think there are issues there also.

You installed Chrome for me and stated that Genio homepage was in place. Did you then uninstall Chrome? It did not appear in the next OTL scan.
  • 0

#45
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Hellomut.

Here's what I want you to do. Install 2 browsers and run another scan for a registry setting. Don't worry about any hijacked homepages I will deal with these. I also need to see the Extras again please. :)

1. Install Chrome and FireFox
  • Choose the Language then save the installer to your Desktop. Then right click and Run as Administrator FIREFOX
  • Click download and follow the prompts. CHROME

2. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP