Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://uk.woofi.info/ [Closed]

Started by hellomut , Jun 10 2013 09:55 AM

  • This topic is locked This topic is locked

#76
Nutloaf
Posted 15 July 2013 - 09:02 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Did you carry out Steps 3 and 4?

These steps to put it simply, download the service pack then unwrap it to the Hellomut folder ready for me to install.
  • 0

Advertisements

#77
Nutloaf
Posted 15 July 2013 - 04:31 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
If you like Hellomut I could repost steps 3 and 4 with pictures included so you can see where everything is where it's supposed to be :)
  • 0

#78
Nutloaf
Posted 15 July 2013 - 06:59 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Hellomut, I am terribly sorry but there was a slight error in one of my commands in step 4.

I am reposting the instructions I want you to carry out with some pictures so you can see how everything should look. If you have already downloaded the Service Pack then there is no need to download again.


1. Download Service Pack 2 and Create hellomut Folder

  • Use this link to download Vista Service Pack 2 click Download and Save to Desktop
  • Right Click the Service Pack Icon on your desktop and make sure you select Cut. Now click the Start Globe then Computer and under Hard Disk Drives double click Local Disk (C:)
  • Right click an empty space and select Paste. Windows6.0-KB948465-X86 is now in the C:\ folder.
  • In the same Window, Right click an empty space once more and select New then Folder, and name this new folder hellomut and press Enter
  • O.K so you should have Windows6.0-KB948465-X86 and the hellomut folder in Local Disk C:
  • Close Window


2. Open CMD
  • Click Start and in the search bar type cmd in the list that appears right click CMD and Run as Administrator
  • At the prompt, Copy and Paste the following: c:\Windows6.0-KB948465-X86.exe /x:c:\hellomut and press Enter
  • At the next prompt, Copy and Paste the following: Expand -f:* c:\hellomut\Windows6.0-KB948465-X86.cab c:\hellomut and press Enter


  • Files will now be expanded to the hellomut folder.


  • The lines whizzing past stop, but the files are still being extracted. In the pic below it's on file 2359 out of 4995


  • When complete the CMD window will look like the pic below, with a new prompt ready.


  • Now close CMD

Now if you look in the hellomut folder it will look like the pic below but with a lot more files to scroll down. Close this Window.




All Done report back once this is complete. We then have all we need to replace the bad files and can carry on in my next post :thumbsup:
  • 0

#79
hellomut
Posted 18 July 2013 - 04:37 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi done that now all looks as your description
Hellomut
  • 0

#80
Nutloaf
Posted 19 July 2013 - 08:24 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Great News Hellomut!

Well that was a bit fiddly wasn't it? which is why I kept that till last :)

Now we have all the Service Pack files on your PC. There is now one method left we can try, to uninstall the Service Pack and try for a complete install. This would be the best method so we will give that a go first.

I will give you a command that will uninstall Service Pack 2 and then use Windows update to install again. If this doesn't work then we are looking at replacing some files, which we are now ready to do :)



1. Open CMD

  • Click Start and in the search bar type cmd in the list that appears right click CMD and Run as Administrator
  • At the prompt, Copy and Paste the following: md nutbox and press Enter
  • At the next prompt, Copy and Paste the following: start /w pkgmgr.exe /m:c:\hellomut\Windows6.0-KB948465-x86.cab /up /s:nutbox and press Enter
  • There will be a flashing cursor in CMD. Close CMD.
  • It will appear that nothing is happening but it can take 2 - 3 hours to uninstall. You will then be prompted by Windows Package Manager to restart computer, please do so and move to step 2.

2. Windows Update

  • Click Start and in the search bar type Windows Update and press Enter
  • Select Check For Updates once complete click the link for updates found and check if Service Pack 2 is available and install. Then Reboot.
  • If not present install the updates found and repeat this process until Service Pack is found and installed

  • 0

#81
hellomut
Posted 21 July 2013 - 04:05 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi there not good news after I downloaded the service pack 2 the system slowed right down, I can open a web site but it will not open any links
or it takes about half an hour. I tried your last instructions and pasted the instructions in but never got the promped from windows package manager I left it on over night but nothing happened.

Hellomut
  • 0

#82
hellomut
Posted 21 July 2013 - 05:19 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Back again I have just started my laptop and opened firefox all system are running fine through this browser, but not bing or google.

Hellomt
  • 0

#83
Nutloaf
Posted 21 July 2013 - 06:49 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

opened firefox all system are running fine through this browser, but not bing or google.

1. So firefox is working, but you can't use Google or Bing through Firefox?

2. Have you had any messages about running low on RAM?

3. Did you purchase the laptop from new or was it a second hand\reconditioned laptop?

4. The Service Pack we downloaded is just a download. It hasn't been installed or anything else it will only take up hard drive space.
I think the issue runs a little deeper than some missing files. The OTL scan shows that you have Service Pack 1 and 2 installed. The last command I gave you and previous commands should have worked. I feel if I replace the Netbt files you will still have problems.

My thoughts are now lying with your Hard drive and amount of memory (RAM). I will check in with my instructor as to what I want to do next.

Thanks Hellomut and feel to answer my questions above before I post any further instructions.
  • 0

#84
hellomut
Posted 22 July 2013 - 12:37 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi there, I purchased the laptop from Fujitsu about four year ago it was a factory refurb but I think it was new it came in a sealed box with all the paper work. I have not had any problems until I picked up the Woofi bug. Regarding using the machine it works if I run through Firefox, if I try using Bing or Google I can open the home pages but I can’t get past them when I try to open another page / site it just sits there and does nothing. Regarding RAM it had another stick added when I got the machine I think it’s got 4meg in it.

Hellomut
  • 0

#85
Nutloaf
Posted 22 July 2013 - 07:47 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
O.K the infection may have returned so I will need an OTL scan.

Other than the slow down and browser issues, there is still the NetBT issue?

OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • In the Extra Registry box select Use Safe List
  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

  • 0

Advertisements

#86
hellomut
Posted 22 July 2013 - 02:00 PM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Scan done, the NetBT issue is still here
TL Extras logfile created on: 22/07/2013 20:43:07 - Run 16
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 28.33% Memory free
3.25 Gb Paging File | 2.00 Gb Available in Paging File | 61.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 85.33 Gb Free Space | 57.25% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2C0250-7AE5-4151-9D15-A9C9638063C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2279B924-6ECC-4CE9-BF51-7B652F4FC377}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{400345B6-B29E-4910-8246-BDADB92C181E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A9FE20C-1B30-4A8E-847F-A43A00F1AA93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{579A72EB-59EC-46FD-A2B5-ECBA30771282}" = lport=2869 | protocol=6 | dir=in | app=system |
"{602DC809-86EB-44A4-8135-5BED17A8267F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FBC7D60-5253-421C-9251-37C18545EB81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F4A6644-71BB-4034-89F6-9E10527A417C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3672045-1DBE-45F9-80B6-021638F0C5C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD8E8D70-17DF-4681-B982-3F5A231E78E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDB0F1D8-C28B-477D-906C-BA6CCE90B56A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00D35D1-9734-4288-986E-2DC7173960F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D26684FB-A868-44B5-8354-C2156AA5F434}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FF4581A9-4EE8-4710-97C5-7E9396E042A8}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C8121B-FCDC-419A-8154-EB3123B99851}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2CD9BDDB-8B78-4151-9EB3-5793FECAA73D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{392851F9-9A6A-4E74-ABA5-30A4807940D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43F11DEB-C794-4427-8F20-056A82FD7C2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{446933C3-18A8-4C68-9C4A-518FE23CD91B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{456EE8C0-E3F7-47F2-80AD-02EAE34525F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{45F13DB1-72E3-428F-B0A7-7BDE3B2B4306}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{47763EDA-9041-40BC-910F-8E87C27B27A4}" = protocol=6 | dir=out | app=system |
"{58938025-154F-4CEC-9D59-C9B94B728E2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{651F276D-F903-440F-8CC3-AED091E2D459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D1EA845-3ADB-42EE-AEFE-A93511804F57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F11E426-706C-4075-B863-43FA027E31A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92BFA062-E482-4E03-B749-552792D13A4E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A3AA04DA-A246-4820-8326-011BB147C350}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A898AA63-69E7-46C2-9C2E-1B0373E38027}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B9B87347-76AF-4289-A870-FCF9068BEAAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7B9C89-D908-4201-A37D-A24EED8CBC83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3849FF0-8057-4224-A7D0-F38E9AC23651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FC04C91A-7ADD-4224-B74A-CE3C70F56760}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CADA6C3C-C7B5-47F3-98C5-0900326B2E79}" = Wireless Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 22.0 (x86 en-GB)" = Mozilla Firefox 22.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/07/2013 11:48:28 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/07/2013 14:51:34 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 18/07/2013 18:11:43 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/07/2013 03:35:14 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/07/2013 08:01:01 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/07/2013 06:52:17 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/07/2013 02:01:33 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/07/2013 09:29:45 | Computer Name = shadbolt-PC | Source = Application Error | ID = 1000
Description =

Error - 22/07/2013 09:46:18 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/07/2013 11:08:55 | Computer Name = shadbolt-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 22/07/2013 15:51:32 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/07/2013 15:51:32 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 22/07/2013 15:52:34 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/07/2013 15:52:34 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 22/07/2013 15:53:36 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/07/2013 15:53:36 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 22/07/2013 15:54:39 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/07/2013 15:54:39 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 22/07/2013 15:55:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/07/2013 15:55:41 | Computer Name = shadbolt-PC | Source = Service Control Manager | ID = 7023
Description =


< End of report >
OTL logfile created on: 22/07/2013 20:43:07 - Run 16
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shadbolt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 28.33% Memory free
3.25 Gb Paging File | 2.00 Gb Available in Paging File | 61.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 85.33 Gb Free Space | 57.25% Space Free | Partition Type: NTFS

Computer Name: SHADBOLT-PC | User Name: shadbolt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/18 16:14:14 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/06/18 15:21:11 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/11 20:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shadbolt\Desktop\OTL.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/03 13:11:26 | 000,323,584 | ---- | M] (Inventec Corp.) -- C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe
PRC - [2008/08/12 16:21:12 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/18 15:21:30 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/03 11:50:23 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/07/22 14:25:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/06/18 15:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPIXNEW.SYS -- (SUNPLUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/23 13:00:33 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/06/18 16:14:30 | 000,103,120 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/06/18 16:14:28 | 000,174,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/06/18 16:14:28 | 000,102,448 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/01 08:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/07/15 17:00:06 | 000,016,384 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\shadbolt\Desktop
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.co.uk/ [binary data]
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/07/04 08:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\shadbolt\AppData\Roaming\Mozilla\Extensions
[2012/08/13 10:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/04 08:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/04 08:49:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\shadbolt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\shadbolt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\shadbolt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\shadbolt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\shadbolt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/06/13 07:46:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Touchpad_Hotkey] C:\Program Files\FSC\Wireless Utility\Touchpad Hotkey.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless_Selector] C:\Program Files\FSC\Wireless Utility\Wireless Selector.exe (Inventec Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947C342D-E596-4FCA-961C-2CF318C18106}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/22 14:25:56 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Macromedia
[2013/07/19 22:00:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\nutbox
[2013/07/18 11:20:54 | 000,000,000 | ---D | C] -- C:\hellomut
[2013/07/18 06:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/07/18 06:16:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013/07/11 17:17:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/10 16:51:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\sandbox
[2013/07/09 21:07:54 | 000,000,000 | -HSD | C] -- C:\found.004
[2013/07/08 00:00:51 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/07/04 08:50:18 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Roaming\Mozilla
[2013/07/04 08:50:18 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Mozilla
[2013/07/04 08:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/04 08:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/04 08:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/04 08:30:56 | 000,000,000 | ---D | C] -- C:\Users\shadbolt\AppData\Local\Deployment
[2013/06/30 12:29:43 | 000,000,000 | ---D | C] -- C:\MATS
[2013/06/28 20:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/06/28 20:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2013/07/22 20:46:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/22 20:42:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 20:39:41 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/07/22 20:07:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 20:07:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 16:08:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 16:07:25 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/07/22 16:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 16:07:04 | 1608,867,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 16:07:02 | 235,641,867 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/22 14:33:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/22 07:20:46 | 000,002,637 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2013/07/18 06:26:02 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/07/17 14:56:49 | 001,153,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\Seaward-PAT-Testing-Guide.pdf
[2013/07/17 10:07:47 | 001,769,472 | ---- | M] () -- C:\Users\shadbolt\Documents\Contacts Web Database.accdb
[2013/07/17 10:03:51 | 001,153,839 | ---- | M] () -- C:\Users\shadbolt\Desktop\Seaward-PAT-Testing-Guide (1).pdf
[2013/07/13 22:25:42 | 000,000,093 | ---- | M] () -- C:\Windows\System32\Configurations.plist.signed
[2013/07/13 01:48:45 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 17:14:16 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/11 17:14:16 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/10 17:06:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/09 21:10:36 | 000,372,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/04 14:59:31 | 000,001,995 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/04 08:50:08 | 000,000,870 | ---- | M] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/04 08:50:08 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/28 10:32:02 | 000,911,360 | ---- | M] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/23 18:36:37 | 000,000,600 | ---- | M] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk

========== Files Created - No Company Name ==========

[2013/07/18 06:26:02 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/07/18 06:26:02 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/07/17 10:03:49 | 001,153,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\Seaward-PAT-Testing-Guide (1).pdf
[2013/07/17 10:01:47 | 001,153,839 | ---- | C] () -- C:\Users\shadbolt\Desktop\Seaward-PAT-Testing-Guide.pdf
[2013/07/13 22:25:40 | 000,000,093 | ---- | C] () -- C:\Windows\System32\Configurations.plist.signed
[2013/07/04 08:50:08 | 000,000,870 | ---- | C] () -- C:\Users\shadbolt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/04 08:50:08 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/04 08:50:08 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/04 08:33:55 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/04 08:32:28 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/04 08:32:26 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 10:31:30 | 000,911,360 | ---- | C] () -- C:\Users\shadbolt\Desktop\RogueKiller.exe
[2013/06/23 18:36:37 | 000,000,600 | ---- | C] () -- C:\Users\shadbolt\Desktop\sc-cleaner - Shortcut.lnk
[2012/09/01 18:00:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/01/13 16:06:11 | 000,036,587 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010/08/06 20:04:07 | 000,013,312 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:18:37 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/04 20:14:40 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/29 20:51:13 | 000,000,680 | ---- | C] () -- C:\Users\shadbolt\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


< End of report >
Hellomut
  • 0

#87
Nutloaf
Posted 23 July 2013 - 09:32 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Hellomut :)

I want you to disable Windows Defender as there is a possible conflict with this and Rapport. We will also reset IE and Chrome.


1. Disable Windows Defender

  • Click Start and in the search bar type Services and select the Services cog icon from the list and press Enter
  • Scroll Down the list and Right Click on Windows Defender then Click Properties
  • Click the Down Arrow under Startup type: and Click Disabled. Click Apply then O.K and close window


2. OTL Fix
  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    IE - HKU\S-1-5-21-1354192852-3371487025-2257261009-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

    :REG
    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    [HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\run]
    "windows Defender"=-

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


3. Reset Chrome

  • Close Chrome if open.
  • Click Start and in the search bar copy and paste the following: %LOCALAPPDATA%\Google\Chrome\User Data and press Enter
  • Right click the Default folder and select Rename. and name this folder Defaultold and press Enter
  • Launch Chrome and default settings should be restored.

4. Reset IE

  • Click Start and in the search bar type internet options and press Enter
  • Click the Advanced tab and under Reset Internet Explorer Settings click Reset then click Reset again and select Close

I want to see the OTL fix results.

How are the browsers now?

How are things running?
  • 0

#88
hellomut
Posted 24 July 2013 - 03:23 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi I have completed all those instructions the browsers are still having problems IE will not open now, not sure what to do with this machine may be it's time to scrap it. Anyway here is the log
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1354192852-3371487025-2257261009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\run\\windows Defender deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: shadbolt
->Temp folder emptied: 283262740 bytes
->Temporary Internet Files folder emptied: 278306577 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68427509 bytes
->Google Chrome cache emptied: 97050237 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 10492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70525358 bytes
RecycleBin emptied: 1529618 bytes

Total Files Cleaned = 762.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07232013_215659

Files\Folders moved on Reboot...
C:\Users\shadbolt\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.6892.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.7800.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koan.6892.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koan.7800.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koanlight.6892.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\shadbolt\AppData\Local\Trusteer\Rapport\user\logs\koanlight.7800.log moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZOIQP52\xmlProxy[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDG1ILSU\skypeinoutlook-iframe[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDG1ILSU\xmlProxy[4].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PDG1ILSU\xmlProxy[5].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NI2AVW2X\skypedomaincheck[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MI5SNXGF\default[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MI5SNXGF\flextag[5].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MI5SNXGF\GFXHasherAjaxIFrame_e8u3OtQonFhEjc0Yi_3RCA2[8].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MI5SNXGF\GFXHasherVerification[3].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MI5SNXGF\resourcespreload[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKCWZ3EV\light[1].eot moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKCWZ3EV\Messenger[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKCWZ3EV\regular[1].eot moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKCWZ3EV\semibold[1].eot moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNEIE80\AjaxHistoryFrame[2].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DOL2UGHH\xmlProxy[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\332JIS13\LocalStorage[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\332JIS13\RteFrameResources[1].htm moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\shadbolt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Thanks Hellomut
  • 0

#89
Nutloaf
Posted 24 July 2013 - 02:15 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Hellomut, let's not give up yet :)

Although it may well be worthwhile looking for that disk! It's the lack of response from the Service Pack commands we tried that is bothering me.

Do you remember me asking about the Windows old folder? I think the Laptop had XP installed originally and has been upgraded to Vista by Fujitsu or previous owner. This may have gone smoothly or not I can't say. There is however something wrong with some system files and reinstalling the Service Pack would have solved these issues, hence the effort with all those commands we tried.

It may be a good idea to try a repair install which leaves your data intact or a complete install which means backing up your data.

Let's try this first:



1. Uninstall and Re-install Internet Explorer
  • Click Start then Control Panel and click Uninstall a Program or Programs and Features
  • In the left panel click Turn Windows Features on or off
  • Untick Internet Explorer 9 from the list of programs that loads and click O.K
  • Restart your computer
  • Repeat the process but this time check the Internet Explorer 9 box.

2. Internet Options
  • Click Start and type Internet Options in the search bar and press Enter
  • Select the Connections Tab and make sure Never Dial a Connection is checked.
  • Now click Lan Settings and make sure Automatically detect settings is checked and click O.K
  • Click Apply if able then O.K

Is IE working now?
  • 0

#90
hellomut
Posted 25 July 2013 - 02:04 AM

hellomut

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi there I tried the uninstall instructions for IE but it does not load anything in the box to check, now IE does not work at all it will not open when I try I can see the program in the programs and features. I will have a good look for the disc at the weekend, just hope this is not closed down as it will be three day or so.
Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP