1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows XP uploading incessantly

Discussion in 'Virus & Other Malware Removal' started by dbuzz, Sep 11, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. dbuzz

    dbuzz Thread Starter

    Joined:
    Sep 11, 2014
    Messages:
    5
    Hey there, and thanks in advance for any help.

    I am running a clean copy of Windows XP, well maintained and with quite high performance. I've fine tuned everything and it SEEMS to be running very well - and fast. Everything was running beautifully until my house mate mentioned that I was hogging the upload bandwidth ... Upon opening the "Wireless network connection status", it seems that my computer is uploading about 12 packets every second, even when no applications are running, all browsers are closed etc, and after a fresh reboot. This is still the case after having closed all possible processes. I have run NOD32, Spybots SD and Malware bytes, and all deep scans come back squeaky clean.

    When I open task manager, I can see the prime suspect at the moment is lsass.exe which is one of the running system processes. It seems to be the only running process with a I/O writes rate of 3 Bytes/sec, and it never stops. So I did a search on all drives for LSASS.exe and found two of them, one is in C:/Windows/System32 and the other one is in C:/Windows/System32/dllcache.

    I also downloaded a program called Netlimiter, to try to see - and limit - whatever is being uploaded. But the results are nonsense, the Netlimiter program tells me my upload rate is 0B/sec when Windows tells me the upload rate is 12 packets/sec incessantly. But it seems to know when I am uploading/downloading something I actually am aware of... I think it could be a virus, or the FBI, or worse.... Aliens?

    Can you help???


    Dan
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    Ho dbuzz,
    A clean copy of XP won't necessarily do you any good.
    If you hit a Zero Day Infection, it will be toast. (Google it if you need to)
    Don't have any illusions. It cannot be protected.
    We are competent and will do the best we can -- but no guarantees, whatever happens.
    Reading material: My post concentrates on software options for saving the machine: Windows XP - The Elephant In The Room

    The request at hand:
    -----------------------------------------------
    Please download MiniToolBox and run it.
    Double click MiniToolBox.exe to launch the program.
    Checkmark the following box, or boxes, in the list:
    • List Installed Programs
    • List Users, Partitions and Memory size
    Click Go to start the scan.
    When finished a log Result.txt will open.
    Please post the contents of that log in your next reply.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator".
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
      When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
    ---------------------------------------------------
    So, In Your Replies, we will be looking for the following :
    The contents of:
    • Result.txt from MiniToolbox
    • OTL.txt
    • Extras.txt
    Please feel free to use separate replies.

    askey127
     
  3. dbuzz

    dbuzz Thread Starter

    Joined:
    Sep 11, 2014
    Messages:
    5
    Thanks for your help, here is step 1: The report generated by MiniToolBox:



    MiniToolBox by Farbar Version: 21-07-2014
    Ran by Daniel (administrator) on 12-09-2014 at 16:42:40
    Running from "C:\Documents and Settings\Daniel\Desktop\New Downloads"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************


    =========================== Installed Programs ============================
    µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
    Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ares 2.3.0 (HKLM\...\Ares) (Version: 2.3.0-Build#3054 - Seekar Ltd)
    CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    ESET NOD32 Antivirus (HKLM\...\{006B8604-097D-47F5-9590-6F43F94B9279}) (Version: 7.0.317.4 - ESET, spol s r. o.)
    Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation)
    GARMIN 500 Series Trainer (HKLM\...\GARMIN 500 Series Trainer) (Version: - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
    iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
    Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
    Microsoft Flight Simulator X (Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
    Microsoft Flight Simulator X Service Pack 1 (HKLM\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Tool Web Package : EXCTRLST.EXE (HKLM\...\{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}) (Version: 1.00.0.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    NetLimiter 3 (HKLM\...\NetLimiter 3 3.0.0.11) (Version: 3.0.0.11 - Locktime Software)
    NetLimiter 3 (Version: 3.0.0.11 - Locktime Software) Hidden
    Nitro Pro 8 (HKLM\...\{8EEAF4C4-FCA7-4558-AF65-CCD3B9AD634D}) (Version: 8.0.10.7 - Nitro)
    O&O Defrag Professional Edition (HKLM\...\{53480370-6CA2-47EC-BC05-02B4B9271C31}) (Version: 8.5.1788 - O&O Software GmbH)
    PowerISO (HKLM\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.99 - Realtek Semiconductor Corp.)
    Registry Mechanic 6.0 (HKLM\...\Registry Mechanic_is1) (Version: 6.0 - PC Tools)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

    ========================= Memory info: ===================================

    Percentage of memory in use: 26%
    Total physical RAM: 3063.48 MB
    Available physical RAM: 2239.11 MB
    Total Pagefile: 5973.55 MB
    Available Pagefile: 5256.77 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1981.07 MB

    ========================= Partitions: =====================================

    1 Drive c: (Windows XP) (Fixed) (Total:186.3 GB) (Free:117.18 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\DANIELMATHILDE

    Administrator Daniel Guest
    HelpAssistant SUPPORT_388945a0


    **** End of log ****
     
  4. dbuzz

    dbuzz Thread Starter

    Joined:
    Sep 11, 2014
    Messages:
    5
    Step 2: OTL Logfile generated report:



    OTL logfile created on: 12/09/2014 4:51:27 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Daniel\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.99 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 83.80% Memory free
    5.83 Gb Paging File | 5.52 Gb Available in Paging File | 94.69% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 117.15 Gb Free Space | 62.88% Space Free | Partition Type: NTFS

    Computer Name: DANIELMATHILDE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/09/12 16:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe
    PRC - [2014/07/24 22:50:00 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
    PRC - [2014/07/24 22:49:57 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
    PRC - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) -- C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    PRC - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    PRC - [2014/02/24 16:26:50 | 005,075,104 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    PRC - [2013/10/10 22:42:42 | 001,132,160 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 3\nlsvc.exe
    PRC - [2012/12/13 11:47:42 | 000,196,616 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
    PRC - [2010/06/14 16:10:32 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    PRC - [2008/07/03 20:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/06/02 01:52:58 | 000,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/07/03 13:20:20 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/07/03 13:19:50 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/21 16:14:38 | 000,061,440 | ---- | M] () -- C:\Program Files\NetLimiter 3\nlsvcPS.dll


    ========== Services (SafeList) ==========

    SRV - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
    SRV - [2014/02/24 16:27:06 | 001,343,408 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2013/10/10 22:42:42 | 001,132,160 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
    SRV - [2012/12/13 11:47:42 | 000,196,616 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
    SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2006/06/02 01:52:58 | 000,339,456 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2014/07/24 22:49:59 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
    DRV - [2014/06/10 21:50:18 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2013/11/17 21:15:37 | 000,014,184 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
    DRV - [2013/11/17 21:15:37 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
    DRV - [2013/11/17 21:15:36 | 000,014,184 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
    DRV - [2013/09/17 14:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2013/09/17 14:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2013/09/17 14:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
    DRV - [2013/06/12 11:10:20 | 005,280,944 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
    DRV - [2013/06/12 11:10:20 | 005,229,360 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisPT)
    DRV - [2013/06/12 11:10:20 | 005,229,360 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nlndis.sys -- (NLNdisMP)
    DRV - [2011/06/15 18:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2010/04/27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2010/04/27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2010/04/27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2010/04/27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2007/03/27 13:27:02 | 000,543,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}






    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 68 21 4C 44 A7 CF 01 [binary data]
    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-682003330-838170752-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080



    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/09/09 23:18:47 | 000,000,000 | ---D | M]

    [2014/08/27 18:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/08/27 18:30:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2008/04/14 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-682003330-838170752-1644491937-1003..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
    O4 - HKU\S-1-5-21-682003330-838170752-1644491937-500..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-682003330-838170752-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-682003330-838170752-1644491937-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B959647B-C6B0-4104-B554-E01164AA2255}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 0
    O32 - AutoRun File - [2014/07/24 10:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk /r \??\E:)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (OODBS)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/09/11 18:47:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2014/09/11 18:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2014/09/11 18:47:22 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
    [2014/09/11 18:47:22 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
    [2014/09/11 18:47:22 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
    [2014/09/11 18:47:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
    [2014/09/11 18:47:21 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
    [2014/09/11 18:47:21 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
    [2014/09/11 18:47:21 | 000,000,000 | ---D | C] -- C:\b5b607357bc53914fcb7cdcbc5ba
    [2014/09/10 21:17:30 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
    [2014/09/10 21:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetLimiter 3
    [2014/09/10 21:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Locktime
    [2014/09/10 21:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 3
    [2014/09/10 10:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Foxit Software
    [2014/09/10 10:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
    [2014/09/09 23:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/09/09 23:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
    [2014/09/09 23:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2014/09/04 20:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GARMIN Trainer
    [2014/09/04 20:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\GARMIN
    [2014/09/04 20:19:05 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
    [2014/09/03 21:44:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2014/09/02 01:24:31 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/09/02 01:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
    [2014/09/02 01:23:12 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/09/02 01:23:12 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2014/09/02 01:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
    [2014/09/02 01:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2014/08/30 15:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
    [2014/08/30 15:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2014/08/30 15:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
    [2014/08/30 00:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Resource Kit
    [2014/08/29 23:47:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2014/08/29 23:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MSXML 4.0
    [2014/08/29 13:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Flight Simulator X
    [2014/08/28 16:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ares
    [2014/08/28 16:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
    [2014/08/28 16:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2014/08/27 18:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2014/08/27 18:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2014/08/27 18:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2014/08/26 22:13:23 | 000,027,144 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon2.dll
    [2014/08/26 22:13:23 | 000,018,440 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui2.dll
    [2014/08/26 22:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro
    [2014/08/26 22:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
    [2014/08/26 22:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro
    [2014/08/26 22:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
    [2014/08/26 22:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2014/08/22 00:30:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
    [2014/08/22 00:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2014/08/22 00:30:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2014/08/21 22:45:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
    [2014/08/21 22:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2014/08/21 22:44:32 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2014/08/21 22:39:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
    [2014/08/21 22:39:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
    [2014/08/21 22:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/09/12 16:44:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/09/12 16:44:44 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2014/09/12 15:57:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/09/12 15:57:33 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/09/12 15:57:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/09/12 15:57:22 | 000,025,899 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
    [2014/09/12 00:07:16 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2014/09/11 23:49:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/09/11 23:49:15 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2014/09/11 18:48:20 | 000,473,006 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2014/09/11 18:48:20 | 000,075,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2014/09/09 22:07:53 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/09/05 21:49:13 | 000,000,785 | ---- | M] () -- C:\WINDOWS\GARMINWT.INI
    [2014/08/30 01:21:52 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-682003330-838170752-1644491937-500.rrr
    [2014/08/30 00:49:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\exctrlst.INI
    [2014/08/29 13:09:07 | 000,001,889 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Flight Simulator X.lnk
    [2014/08/22 11:45:10 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/08/21 22:45:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/09/12 00:07:12 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2014/09/11 18:48:14 | 000,164,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2014/09/04 21:27:03 | 000,000,785 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
    [2014/08/30 01:21:52 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\Administrator\s-1-5-21-682003330-838170752-1644491937-500.rrr
    [2014/08/30 00:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
    [2014/08/29 13:09:07 | 000,001,889 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Flight Simulator X.lnk
    [2014/08/27 18:30:54 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2014/08/26 22:13:21 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Nitro Pro 8.lnk
    [2014/08/22 00:20:10 | 000,000,224 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2014/08/22 00:20:10 | 000,000,218 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2014/07/24 22:50:48 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2014/07/24 22:50:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2014/07/24 10:54:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2014/07/24 10:52:59 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2014/07/24 10:30:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2014/07/24 10:23:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/10/11 02:29:42 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

    ========== ZeroAccess Check ==========

    [2014/09/11 18:46:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/12 23:54:28 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 19:56:36 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 21:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/07/26 20:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2014/09/09 23:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2014/09/10 21:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
    [2014/08/26 22:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro
    [2014/08/30 01:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2014/07/24 23:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
    [2014/08/26 22:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Downloaded Installations
    [2014/08/06 15:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Foxit Software
    [2014/09/11 23:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Locktime
    [2014/08/26 22:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Nitro
    [2014/09/10 09:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\uTorrent
    [2014/07/26 21:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
    [2014/08/06 16:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Foxit Software

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
     
  5. dbuzz

    dbuzz Thread Starter

    Joined:
    Sep 11, 2014
    Messages:
    5
    Step 3: The OTL Extras.txt generated report...


    OTL Extras logfile created on: 12/09/2014 4:51:27 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Daniel\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.99 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 83.80% Memory free
    5.83 Gb Paging File | 5.52 Gb Available in Paging File | 94.69% Paging File free
    Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 117.15 Gb Free Space | 62.88% Space Free | Partition Type: NTFS

    Computer Name: DANIELMATHILDE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-682003330-838170752-1644491937-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 4

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Seekar Ltd)
    "C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{006B8604-097D-47F5-9590-6F43F94B9279}" = ESET NOD32 Antivirus
    "{0A37EE62-9A58-420D-90CC-4E52153112EE}" = iTunes
    "{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
    "{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
    "{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8EEAF4C4-FCA7-4558-AF65-CCD3B9AD634D}" = Nitro Pro 8
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
    "{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}" = Apple Mobile Device Support
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}" = Microsoft Tool Web Package : EXCTRLST.EXE
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Ares" = Ares 2.3.0
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.69.2
    "Foxit Reader_is1" = Foxit Reader
    "GARMIN 500 Series Trainer" = GARMIN 500 Series Trainer
    "Google Chrome" = Google Chrome
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
    "NetLimiter 3 3.0.0.11" = NetLimiter 3
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PowerISO" = PowerISO
    "Registry Mechanic_is1" = Registry Mechanic 6.0
    "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
    "VLC media player" = VLC media player 2.1.3
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WinRAR archiver" = WinRAR 4.00 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-682003330-838170752-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 15/08/2014 6:59:25 AM | Computer Name = DANIELMATHILDE | Source = MsiInstaller | ID = 11305
    Description = Product: Microsoft Flight Simulator X -- Error 1305.Error reading
    from file C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\Missions\Pilot
    for Hire\TokyoExec\sound\TokyoExec_096.wav. Verify that the file exists and that
    you can access it.

    Error - 15/08/2014 6:59:34 AM | Computer Name = DANIELMATHILDE | Source = MsiInstaller | ID = 11305
    Description = Product: Microsoft Flight Simulator X -- Error 1305.Error reading
    from file C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\Missions\Pilot
    for Hire\TokyoExec\sound\TokyoExec_096.wav. Verify that the file exists and that
    you can access it.

    Error - 26/08/2014 7:31:01 AM | Computer Name = DANIELMATHILDE | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
    module unknown, version 0.0.0.0, fault address 0x00000000.

    [ NetLimiter 3 Events ]
    Error - 10/09/2014 7:31:52 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    </nl-error-list>


    Error - 10/09/2014 7:31:52 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>


    </nl-error-list>


    Error - 10/09/2014 7:31:52 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>



    </nl-error-list>


    Error - 10/09/2014 7:31:58 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>
    </nl-error-list>


    Error - 10/09/2014 7:31:58 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    </nl-error-list>


    Error - 10/09/2014 7:31:58 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>


    </nl-error-list>


    Error - 10/09/2014 7:31:58 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>
    </nl-error-list>


    Error - 10/09/2014 7:31:58 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    <nl-error>
    <err-code>2030</err-code>
    <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>

    </nl-error-list>


    Error - 10/09/2014 7:31:59 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2030</err-code> <module>NetLimiter.FltParam.198</module>
    <desc>Failed
    to find rule.</desc> <param name='rule-id' value='11'/> <param name='flt-id' value='3'/>
    </nl-error>
    </nl-error-list>


    Error - 11/09/2014 4:34:14 AM | Computer Name = DANIELMATHILDE | Source = NetLimiter 3 Service | ID = 1000
    Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.2277</module>
    <desc>Failed
    to get user info.</desc> <param name='cnnIdHigh' value='30395802'/> <param name='cnnIdLow'
    value='3204308608'/> </nl-error> </nl-error-list>

    [ System Events ]
    Error - 10/09/2014 7:54:05 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7034
    Description = The SSDP Discovery Service service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 10/09/2014 7:54:21 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7031
    Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Reboot the machine.

    Error - 10/09/2014 7:59:44 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 10/09/2014 7:59:44 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 11/09/2014 9:50:59 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
    Center Service service to connect.

    Error - 11/09/2014 9:50:59 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Security Center Service service failed to start due
    to the following error: %%1053

    Error - 11/09/2014 10:07:42 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7034
    Description = The O&O Defrag service terminated unexpectedly. It has done this
    1 time(s).

    Error - 11/09/2014 10:09:08 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7034
    Description = The NitroPDFDriverCreatorReadSpool8 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 11/09/2014 10:09:52 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/09/2014 10:10:42 AM | Computer Name = DANIELMATHILDE | Source = Service Control Manager | ID = 7034
    Description = The Foxit Cloud Safe Update Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >




    Thanks again for your help, and I have considered installing Windows 7 instead. Windows 8 is awful in my opinion, I hate it. It's basically Microsoft's attempt at being a Mac. What do you think? Ha. Cheers & Thanks,



    Dan
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    dbuzz,
    You can get a new System Builder OEM disk of Windows 7, and install it.
    It will likely cost about $100-$120.

    Depending on your usage of MS Office, you may want to remove it and use the free Libre Office,

    lsass is only an intermediary, and is a normal part of Windows. It just depends on what calls it.
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Ares, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    -----------------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
    Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

    µTorrent
    Google Update Helper
    Registry Mechanic
    Ares 2.3.0

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Right click OTL on your desktop, and choose "Run as administrator" to open it.
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      [2014/09/10 09:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\uTorrent
      O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
      O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • That is the FIX log file. Copy the contents of that file and post it in your next reply.
      It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    -----------------------------------------------------------
    Comments
    Not much worong with the machine so far. ESET is excellent, by the way.
    I would install Winpatrol, and use it to control which items start up automatically at bootup.
    I'm not a bit sure you need the Logitech gaming profile loaded every time, for example.

    -----------------------------------------------------------
    Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com
    - WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

    About startups:
    If you right click the Winpatrol "ScottyDog" icon in the system tray, and choose "Startup Info", you will see the list of everything that starts automatically on your machine.
    If you highlight any one of them and choose "Disable", that program will no longer start automatically.
    The program is still on the machine, and still retained in the list, but now listed as "Disabled".
    If you change your mind, you can highlight the same program again and choose "Enable" so it will again start automatically.
    In this way you can exercise complete control over how many programs start, and how loaded down your machine is.
    Any program that has startup Disabled can still be used from Start > Programs.

    Let me know how it goes.

    askey127
     
  7. dbuzz

    dbuzz Thread Starter

    Joined:
    Sep 11, 2014
    Messages:
    5
    Hi Askey!

    I did everything you said, uninstalled my P2P programs, I uninstalled MS Office too because I like the idea of trying Libre Office - I've had it with MS. I've even toyed with switching to Linux. What are your thoughts on that? .. I am downloading and installing Winpatrol as we speak, so I'll let you know how that goes.

    I noticed you included a set restore point command, I have turned off a lot of services to speed up my PC (For Flightsim), including System restore, which is presumably the reason for the Error code 1077.

    The upload rate hasn't changed yet unfortunately ... Also I should note that I've been disabling my network connection when not in use (So my house mates can use the upload BW), when I re enable the network connection, the network connection status says that my computer has uploaded around 130 packets of data BEFORE my WiFi even registers as being "Connected". ... Also, why can't I see the upload bandwidth being used in programs like Net Limiter? Even MS Task Manager doesn't pick it up.


    I ran the fix you posted, and here are the results.



    All processes killed
    ========== COMMANDS ==========
    Unable to start System Restore Service. Error code 1077
    ========== OTL ==========
    Folder C:\Documents and Settings\Daniel\Application Data\uTorrent\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
    C:\WINDOWS\Alcmtr.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcWzrd deleted successfully.
    C:\WINDOWS\alcwzrd.exe moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Daniel\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Daniel\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Daniel

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Daniel
    ->Flash cache emptied: 506 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Daniel
    ->Temp folder emptied: 56845501 bytes
    ->Temporary Internet Files folder emptied: 4316816 bytes
    ->FireFox cache emptied: 64974820 bytes
    ->Google Chrome cache emptied: 355881094 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 518 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 7279 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 460.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 09132014_130541

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    I asked you to use Winpatrol so you could selectively disable some of your startups to see if you can identify which may be causing the trouble. I don't know of any reasonable way to tell for sure except by trial and error. You may have a program that is scheduling itself to update and the XP version of the update is not available.

    About Linux:
    I would suggest you get a couple blank DVD+R or DVD-R disks.
    Then download the .iso file for Linux Mint 17 Mate desktop from here: http://www.linuxmint.com/edition.php?id=159
    The James Madison Univ. server is a good one, but the download is large (1.2GB), and it may take little while.
    Then burn the .iso image to disc, and boot your machine with it. Be sure to tell your CD burner to Burn the image to disk.
    (If you just copy the file to disk it won't work.)
    It will be slow, because it's ALL running from the DVD, but it will show you the look and feel.
    If you decide to install it, you may need to install a few additional programs especially for your own computing habits, but Mint comes with a lot of stuff. If you install it use a hard wire to the router. After install, you can use WiFi.
    Read the instructions carefully in my post about the"XP The Elephant In The Room", so you install Thunderbird and save your e-mail profile first, along with any critical personal documents.
    Mint is pretty much trouble free and quite fast. It will be a learning experience however, to be expected.
    It can handle most printers, except Lexmark, which has never cooperated with Linux systems.

    I have two Linux Mint 17 systems now. A former XP desktop, and a netbook.
    .
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1133433

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice