Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Is Running Very Slowly. Repeated Malwarbytes Detection of Same

Started by RTG9100 , Oct 06 2012 05:26 PM

  • This topic is locked This topic is locked

#1
RTG9100
Posted 06 October 2012 - 05:26 PM

RTG9100

    New Member

  • Member
  • Pip
  • 6 posts
Hi. Laptop is an Inspiron 9100 which is operating very slowly. Simple internet use is very slow much less use of any software. Intent is to dedicate this PC to monitor 2 outdoor IP security cameras but this PC may not have the horsepower to operate the surveillance software and monitor the two feeds. Regardless, PC is struggling with even light use. Have run CCleaner, Malwarbytes (with updated database) in Safe Mode, run Flobo System Repair in Safe Mode, ran MemTest86 with no issues identified. Last year I installed a larger hard drive cloning data from the original hard drive to the new hard drive. Seemed to operate fine after this addition. Ran Registry Clean Expert Free Registry Defrag software. Ran defragment on the hard drive.

Have run Malwarbytes several times and repeatedly get the following:
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Any assistance to halp determine issues with this PC will be appreciated.

OTL Log:
OTL logfile created on: 10/6/2012 5:20:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roland\My Documents\Downloads\Oct12\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.48% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.92 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive E: | 24.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.53 Gb Total Space | 2.05 Gb Free Space | 27.20% Space Free | Partition Type: FAT32

Computer Name: ROLAND-NE19YKET | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Roland\My Documents\Downloads\Oct12\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\USBKVM Switcher\USBKVM.exe ()
PRC - C:\WINDOWS\system32\dlbtcoms.exe ( )
PRC - C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\SQLite3.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\Flipster.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\WindowsUserIdentity.dll ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\USBKVM Switcher\USBKVM.exe ()
MOD - C:\Program Files\USBKVM Switcher\KeyHook.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL ()


========== Services (SafeList) ==========

SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (Total Defense, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Total Defense, Inc.)
SRV - (CAAMSvc) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (UmxEngine) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (dlbt_device) -- C:\WINDOWS\system32\dlbtcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KmxAMRT) -- C:\WINDOWS\system32\drivers\KmxAMRT.sys (Total Defense)
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\system32\drivers\KmxStart.sys (CA)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (dc3d) -- C:\WINDOWS\system32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (WsAudio_DeviceS(5) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (fanio) -- C:\WINDOWS\system32\drivers\fanio.sys (Christian Diefer)
DRV - (CM1083264) -- C:\WINDOWS\system32\drivers\CM108.sys (C-Media Inc)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (ATIXPGAA) -- C:\DELL\drivers\R75495\atixpgaa.sys (ATI Technologies Inc.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 13 24 75 46 F3 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D926172-7593-4CB4-B79C-EC8E2BB3C5A0}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{424B0160-F7D0-CA84-A025-CF09261B12EE}: "URL" = http://www.ytdstart....eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/10/06 14:38:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: C:\Program Files\DataVault\DataVault.exe\..\npapi.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DataVault\DataVault.exe\..\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/17 07:32:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Ascendo DataVault (Enabled) = C:\Program Files\DataVault\DataVault.exe\..\npapi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2003/07/16 11:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files\DataVault\ie.dll (Ascendo Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {9B596622-FDDA-4e28-97F8-998C522FA58E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USBKVM Switcher.lnk = C:\Program Files\USBKVM Switcher\USBKVM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O8 - Extra context menu item: Save to DataVault - C:\Program Files\DataVault\DataVault.exe (Ascendo Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: live.com ([login] http in Trusted sites)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1349213794203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.1.11:.../DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C471BFF9-4403-4144-ACFB-5BC9D3B4F857}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/19 12:02:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 10:21:18 | 000,000,082 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{eafe8267-ea09-11df-990a-000f1f1e316e}\Shell - "" = AutoRun
O33 - MountPoints2\{eafe8267-ea09-11df-990a-000f1f1e316e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eafe8267-ea09-11df-990a-000f1f1e316e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 14:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2012/10/06 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/10/06 11:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2012/10/06 11:36:29 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012/10/05 16:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Flobo Scans
[2012/10/05 13:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/10/05 13:01:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2012/10/03 06:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetaGeek,_LLC
[2012/10/03 06:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MetaGeek
[2012/10/03 06:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2012/10/02 19:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/10/02 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/10/02 16:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iSpy
[2012/10/02 16:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iSpy
[2012/10/02 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\iSpy
[2012/09/25 17:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2012/09/25 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/09/25 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/09/17 18:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flobo System Repair
[2012/09/17 18:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Flobo System Repair
[2012/09/17 18:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/09/17 17:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Clean Expert
[2012/09/17 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2012/09/17 16:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/09/17 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/16 20:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/09/16 20:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/16 20:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/16 20:52:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/16 20:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/16 09:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/09/16 09:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/15 13:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/09/15 13:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/09/15 13:27:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 14:35:14 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2012/10/06 14:33:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/06 14:23:17 | 000,074,908 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2012/10/06 14:23:17 | 000,051,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2012/10/06 14:23:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2012/10/06 14:23:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2012/10/06 14:23:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2012/10/06 14:23:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2012/10/06 14:23:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2012/10/06 14:23:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2012/10/06 14:23:17 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2012/10/06 14:23:17 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2012/10/06 11:31:54 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google.url
[2012/10/06 07:41:21 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2012/10/05 09:24:02 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_092350.reg
[2012/10/05 08:22:33 | 000,006,630 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_082223.reg
[2012/10/05 07:17:35 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/04 21:27:11 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iSpy.lnk
[2012/10/04 19:21:04 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\inSSIDer.lnk
[2012/10/02 19:48:25 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/10/02 16:22:41 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/10/01 17:07:25 | 000,000,553 | ---- | M] () -- C:\WINDOWS\WebConfig.ini
[2012/09/22 21:01:44 | 000,076,816 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\DataVault.dat
[2012/09/22 06:56:05 | 000,019,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120922_065550.reg
[2012/09/21 12:05:08 | 000,015,544 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012/09/17 18:18:38 | 000,000,013 | ---- | M] () -- C:\Program Files\iar_dat.dte
[2012/09/17 18:18:34 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flobo System Repair.lnk
[2012/09/17 17:40:22 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Registry Defrag.lnk
[2012/09/17 17:30:31 | 000,025,226 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_173019.reg
[2012/09/17 16:33:36 | 000,288,334 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_163239.reg
[2012/09/16 20:52:09 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/15 15:21:58 | 000,506,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/15 15:21:58 | 000,089,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 14:35:14 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2012/10/05 09:23:55 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_092350.reg
[2012/10/05 08:22:26 | 000,006,630 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_082223.reg
[2012/10/03 06:35:52 | 000,002,339 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\inSSIDer.lnk
[2012/10/02 19:48:25 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/10/02 16:35:43 | 000,002,263 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iSpy.lnk
[2012/10/02 16:22:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/09/22 06:55:57 | 000,019,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120922_065550.reg
[2012/09/17 18:18:38 | 000,000,013 | ---- | C] () -- C:\Program Files\iar_dat.dte
[2012/09/17 18:18:34 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flobo System Repair.lnk
[2012/09/17 17:40:22 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Registry Defrag.lnk
[2012/09/17 17:30:25 | 000,025,226 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_173019.reg
[2012/09/17 16:32:48 | 000,288,334 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_163239.reg
[2012/09/17 16:17:31 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/16 20:52:09 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 17:17:20 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Administrator\.lmmsrc.xml
[2012/08/26 09:02:41 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2012/08/26 09:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.4.ini
[2012/08/13 22:10:11 | 000,000,553 | ---- | C] () -- C:\WINDOWS\WebConfig.ini
[2012/08/12 19:23:14 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\FCPlayer.dll
[2012/08/12 19:23:14 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FCPlayer.exe
[2012/08/12 19:23:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\FCNetLib.dll
[2012/08/12 19:23:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FCSDK.dll
[2012/04/13 15:53:56 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/02/16 07:17:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 10:54:22 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kodakpcd.ini
[2012/01/04 18:53:13 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
[2011/12/10 18:19:29 | 000,006,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml
[2011/02/11 10:21:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkserv.dll
[2011/02/11 10:21:56 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkusb1.dll
[2011/02/11 10:21:56 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkpmui.dll
[2011/02/11 10:21:56 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkinpa.dll
[2011/02/11 10:21:56 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkiesc.dll
[2011/02/11 10:21:55 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkhbn3.dll
[2011/02/11 10:21:55 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcomc.dll
[2011/02/11 10:21:55 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbklmpm.dll
[2011/02/11 10:21:55 | 000,538,096 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcoms.exe
[2011/02/11 10:21:55 | 000,386,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkih.exe
[2011/02/11 10:21:55 | 000,382,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcfg.exe
[2011/02/11 10:21:55 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkprox.dll
[2011/02/11 10:21:55 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkpplc.dll
[2011/02/11 10:21:54 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\dlbkjswr.dll
[2011/02/11 10:21:54 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlbkutil.dll
[2011/02/11 10:21:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dlbkcur.dll
[2011/02/11 10:21:54 | 000,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcu.dll
[2011/02/08 00:45:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2011/02/08 00:45:16 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2011/02/06 14:29:10 | 000,000,684 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011/01/30 19:16:18 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\CM108rm.dll
[2011/01/30 18:07:25 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 13:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2011/01/15 14:45:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/15 14:39:14 | 000,000,169 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/12/31 19:22:46 | 000,820,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:25:54 | 000,030,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/01 07:26:48 | 000,005,642 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/10/01 07:26:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\08C86811C7.sys
[2010/02/09 18:34:07 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml

========== ZeroAccess Check ==========

[2010/01/19 16:50:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/13 13:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AJC Software
[2012/01/13 13:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2012/01/13 13:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ascendo
[2012/07/26 21:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2012/07/23 19:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2012/02/29 18:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DDMSettings
[2012/01/13 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDFab
[2012/09/17 16:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2012/10/04 21:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iSpy
[2012/01/13 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2012/01/13 14:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2012/06/15 18:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2012/08/26 09:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\proDAD
[2012/09/25 17:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2012/01/14 10:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2012/10/06 14:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2012/01/13 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrueCrypt
[2012/09/15 13:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/01/13 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/01/13 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy pro
[2012/01/13 14:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AJC Software
[2012/01/13 14:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2012/07/23 19:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/07/23 19:12:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/16 21:07:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/07/27 08:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/09/16 21:07:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/07/23 19:24:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2012/07/26 20:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2012/07/23 19:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/01/13 14:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2012/01/13 14:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/01/13 14:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGSI
[2012/06/15 18:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/13 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/08/26 18:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\proDAD
[2012/01/13 14:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2012/01/13 15:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2012/08/26 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/09/17 16:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/09/16 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/08/31 14:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2012/01/13 15:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2012/08/17 23:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/01/13 15:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2012/03/31 12:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/08/24 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2012/06/16 09:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2012/09/15 13:27:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/13 15:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 08 October 2012 - 01:05 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello RTG9100,

Welcome to Geekstogo.

There should have been an Extras.txt generated at the same time as the OTL.txt. Would have been saved in the same location as OTL when you downloaded it. Please post the Extras.txt when you come back.

For now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9B596622-FDDA-4e28-97F8-998C522FA58E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)

:Commands
[emptyflash]
[emptyjava]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

Next

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • Extras.txt
  • OTL fix. txt
  • ComboFix.txt
  • 0

#3
RTG9100
Posted 08 October 2012 - 05:31 AM

RTG9100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you for your assistance. Here is the first Extra log from the initial OTL I posted. I will post the results of your other recommendations when complete.

Extra log:
OTL Extras logfile created on: 10/6/2012 5:20:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roland\My Documents\Downloads\Oct12\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.48% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.92 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive E: | 24.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.53 Gb Total Space | 2.05 Gb Free Space | 27.20% Space Free | Partition Type: FAT32

Computer Name: ROLAND-NE19YKET | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"8090:TCP" = 8090:TCP:*:Disabled:Blue Iris TCP Port 8090
"8091:TCP" = 8091:TCP:*:Disabled:Blue Iris TCP Port 8091
"5091:TCP" = 5091:TCP:*:Disabled:Blue Iris TCP Port 5091
"8091:UDP" = 8091:UDP:*:Disabled:Blue Iris UDP Port 8091
"5091:UDP" = 5091:UDP:*:Disabled:Blue Iris UDP Port 5091
"554:TCP" = 554:TCP:*:Disabled:Blue Iris TCP Port 554
"554:UDP" = 554:UDP:*:Disabled:Blue Iris TCP Port 554

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe:*:Enabled:Rosetta Stone TOTALe Application -- (Rosetta Stone Ltd.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Disabled:ooVoo
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
"C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe:*:Enabled:Rosetta Stone TOTALe Application -- (Rosetta Stone Ltd.)
"C:\WINDOWS\system32\dlbtcoms.exe" = C:\WINDOWS\system32\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server -- ( )
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\DataVault\DataVault.exe" = C:\Program Files\DataVault\DataVault.exe:*:Enabled:Ascendo DataVault -- (Ascendo Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\IPCamSetup\IPCamera.exe" = C:\Program Files\IPCamSetup\IPCamera.exe:*:Enabled:IPCamera -- ()
"C:\Program Files\H.264 Camera Client\H.264 Camera Client.exe" = C:\Program Files\H.264 Camera Client\H.264 Camera Client.exe:*:Enabled:IP Camera Client -- ()
"C:\Program Files\Blue Iris 3\blueiris.exe" = C:\Program Files\Blue Iris 3\blueiris.exe:*:Enabled:Blue Iris Video Security and WebCam Software -- (Perspective Software)
"D:\English\Search tool.exe" = D:\English\Search tool.exe:*:Enabled:Search tool
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Java\jre7\bin\java.exe" = C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\Program Files\iSpy\iSpy\iSpy.exe" = C:\Program Files\iSpy\iSpy\iSpy.exe:*:Enabled:iSpy -- (www.ispyconnect.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1A1BD41E-9854-4957-8959-F9559A8862A7}" = Corel VideoStudio Ultimate X5
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}" = IPCamSetup
"{02E12A07-1BB9-44D6-A480-4EA42DB9E122}" = Boris Graffiti for Corel
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series" = Canon MX890 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1A1BD41E-9854-4957-8959-F9559A8862A7}" = ICA
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1B3BB19D-DA42-4A25-A194-CBF9E98927B0}" = Corel VideoStudio Pro X3 Title Pack
"{21F342AD-E827-48AD-9D67-8D5183A5E639}" = FCClientPlus_Setup
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F6A9F00-2035-47F1-8EDB-921538DB366C}" = Corel VideoStudio Pro X3 Title Pack
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3212AA30-4503-4D30-ADF3-F0DA00C3FDCC}" = Rosetta Stone Ltd Services
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{38E5DF74-C1D8-46E9-A887-9494FA3D67EB}" = YTD Toolbar v6.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4010ADCB-1347-D570-FCF1-3002CABEBD2F}" = Rosetta Stone TOTALe
"{41BFE098-A218-40B3-BCA7-5302925B0FB7}" = Corel VideoStudio Pro X3 Title Pack
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46121EB4-EE5C-4418-8456-933972213673}" = H.264 Camera Client
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48A00644-2D97-43B5-A614-603DECF3E5F6}" = Boris Graffiti for Corel
"{499E1FB9-88A5-4CD9-91C7-430CDA639624}" = QifConverterSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5923C82E-6BB6-4186-AF14-3066D1F29323}" = Blue Iris 3
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{66C70B5F-730F-4C5D-9FC5-8E56D0FE7D53}" = IPM_VS_Pro
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68BDF2DB-8CEB-4A17-8A75-618AB63B8B1C}_is1" = Flobo System Repair 2.1
"{6A6F7B28-E178-47AC-8654-A654ADA6C777}" = VSHelp
"{7106E079-28CA-4FEC-A083-6577EB674526}" = Blue Iris ActiveX Control
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8AA4F966-EF4B-44D8-99AA-C4EA93B46863}" = VSClassic
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9D4B9F93-A0DA-4FDF-B75C-0C43E68B5598}" = iSpy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A8887C7B-0BCC-4FBF-BCEB-9BB4D4B14999}" = Setup
"{AA104491-924C-4799-8E76-AB8346EAD775}" = Corel VideoStudio Pro X3 Title Pack
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C717B4D4-2EFA-4DC3-8EDB-79543E43666C}" = VSUltimate
"{CA486743-5F44-40D5-A38B-77911FB27579}" = Contents
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D56D4A9A-B94D-4055-9FC1-B4E33A26C2B8}" = Rosetta Stone TOTALe
"{D6FEC82B-4751-41D9-875C-03E7F55CF8AF}" = BounceBack Transfer
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DCDC6934-7428-489E-8651-90B53191488B}" = ISCOM
"{E176EEDB-3E4A-4D94-93EB-16EFA5C0B778}" = WD Software Upgrader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E48995AF-B140-44F5-9A20-A3E4E627F2C2}" = WD SmartWare
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEBEF66A-70FD-4DF6-B173-82D07E61853E}" = Share
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.2.7.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Akamai" = Akamai NetSession Interface Service
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.14
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"Canon MX890 series On-screen Manual" = Canon MX890 series On-screen Manual
"Canon MX890 series User Registration" = Canon MX890 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"cciss_am" = CA Anti-Virus Plus
"CCleaner" = CCleaner
"com.rosettastone.rosettastonetotale.8F5798B43604FA41C65B6F3DA7D3E38B6B065643.1" = Rosetta Stone TOTALe
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.5
"DataVault" = Ascendo DataVault 4.8.32
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint EX - PC_GL0121" = Canon Easy-PhotoPrint EX - PREMIUM Contents GL0121
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free Registry Defrag_is1" = Free Registry Defrag
"FrostWire" = FrostWire 4.21.3
"Generic USB 108 Sound" = C-Media USB 108 Sound
"I8kfanGUI" = I8kfanGUI V3.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{5923C82E-6BB6-4186-AF14-3066D1F29323}" = Blue Iris 3
"InstallShield_{7106E079-28CA-4FEC-A083-6577EB674526}" = Blue Iris ActiveX Control
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"lmms" = LMMS 0.4.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Money2008b" = Microsoft Money Plus
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"proDAD-HeroglyphRoute-4.0" = proDAD Route 4.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"RealPlayer 6.0" = RealOne Player
"ScanSoft PaperPort Viewer 7.0" = ScanSoft PaperPort Viewer 7.0
"Speed Dial Utility" = Canon Speed Dial Utility
"TrueCrypt" = TrueCrypt
"USBKVM Switcher_is1" = USBKVM Switcher 2.12
"VLC media player" = VLC media player 2.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"55559b77384385c5" = MOG
"Akamai" = Akamai NetSession Interface
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2012 6:34:26 PM | Computer Name = ROLAND-NE19YKET | Source = Application Hang | ID = 1002
Description = Hanging application lmms.exe, version 0.4.12.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2012 6:34:42 PM | Computer Name = ROLAND-NE19YKET | Source = Application Hang | ID = 1002
Description = Hanging application lmms.exe, version 0.4.12.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2012 6:34:53 PM | Computer Name = ROLAND-NE19YKET | Source = Application Hang | ID = 1002
Description = Hanging application lmms.exe, version 0.4.12.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2012 6:35:01 PM | Computer Name = ROLAND-NE19YKET | Source = Application Hang | ID = 1002
Description = Hanging application lmms.exe, version 0.4.12.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2012 6:35:17 PM | Computer Name = ROLAND-NE19YKET | Source = Application Hang | ID = 1002
Description = Hanging application lmms.exe, version 0.4.12.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2012 6:52:07 PM | Computer Name = ROLAND-NE19YKET | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 8/30/2012 7:47:04 AM | Computer Name = ROLAND-NE19YKET | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 8/31/2012 7:14:26 PM | Computer Name = ROLAND-NE19YKET | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

Error - 9/1/2012 9:41:38 AM | Computer Name = ROLAND-NE19YKET | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 9/7/2012 5:44:18 PM | Computer Name = ROLAND-NE19YKET | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
registration timeout

[ System Events ]
Error - 10/5/2012 7:08:16 PM | Computer Name = ROLAND-NE19YKET | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec KmxAgent KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip truecrypt

Error - 10/5/2012 7:08:37 PM | Computer Name = ROLAND-NE19YKET | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/6/2012 8:41:03 AM | Computer Name = ROLAND-NE19YKET | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/6/2012 8:41:28 AM | Computer Name = ROLAND-NE19YKET | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/6/2012 11:21:21 AM | Computer Name = ROLAND-NE19YKET | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 10/6/2012 3:09:59 PM | Computer Name = ROLAND-NE19YKET | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WD Rules service to connect.

Error - 10/6/2012 3:09:59 PM | Computer Name = ROLAND-NE19YKET | Source = Service Control Manager | ID = 7000
Description = The WD Rules service failed to start due to the following error: %%1053

Error - 10/6/2012 3:09:59 PM | Computer Name = ROLAND-NE19YKET | Source = Service Control Manager | ID = 7001
Description = The WD Backup service depends on the WD Rules service which failed
to start because of the following error: %%1053

Error - 10/6/2012 3:11:51 PM | Computer Name = ROLAND-NE19YKET | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 10/6/2012 3:32:39 PM | Computer Name = ROLAND-NE19YKET | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.


< End of report >
  • 0

#4
emeraldnzl
Posted 08 October 2012 - 01:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Thank you. :thumbsup:

Look forward to seeing the other logs.
  • 0

#5
RTG9100
Posted 08 October 2012 - 08:42 PM

RTG9100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ran the OTL fix as recommended but did not result in a log file being generated. It did result in a reboot. Upon restart, I ran the same OTL scan fix with code your recommended as previous by the OTL fix ended rapidly again with no log file. Rebooted at OTL's recommendation. Upon start ran OTL again as originally and generated OTL.txt (no Extra.txt file was generated) which is attached below. Ran ComboFix as recommended but Combofix did not agree with the AV software CA Associates which resulted in the following error: "ComboFix cannot run when CA Anti-Virus is installed. It would be dangerous to continue. Please uninstall CA Anti-Virus or use another tool." I uninstalled CA Antivirus and rebooted. On start up, a window kept opening which would not clear: "This application has failed to start because MFC71.dll was not found. Reinstalling the application may fix this problem." The following file name was listed in the re-occurrig window: bcmwltry.exe. I suspect the removal of the AV software didn't clear associated files so I ran CCleaner to fix the registry. Rebooted then ran Combofix again which then ran to completion. After running ComboFix, the re-occurring error dialog box listed above did not re-appear. I turned off access to the internet while running Combofix. Attached with the OTL.txt file is the ComboFix log. I have not reinstalled the Antivirus software nor have I reconnected to the internet (only to attached this response and log files into the post).

OTL.txt:
OTL logfile created on: 10/8/2012 5:20:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roland\My Documents\Downloads\Oct12\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.16% Memory free
3.85 Gb Paging File | 3.27 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 97.85 Gb Free Space | 65.66% Space Free | Partition Type: NTFS
Drive E: | 24.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.53 Gb Total Space | 2.04 Gb Free Space | 27.14% Space Free | Partition Type: FAT32

Computer Name: ROLAND-NE19YKET | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Roland\My Documents\Downloads\Oct12\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Total Defense, Inc.)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
PRC - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\USBKVM Switcher\USBKVM.exe ()
PRC - C:\WINDOWS\system32\dlbtcoms.exe ( )
PRC - C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\46f273930666397a8cb538ffe9190eef\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\SQLite3.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll ()
MOD - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\Flipster.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\WindowsUserIdentity.dll ()
MOD - C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\USBKVM Switcher\USBKVM.exe ()
MOD - C:\Program Files\USBKVM Switcher\KeyHook.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (Total Defense, Inc.)
SRV - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Total Defense, Inc.)
SRV - (CAAMSvc) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe (CA)
SRV - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV - (UmxEngine) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe (CA)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (dlbt_device) -- C:\WINDOWS\system32\dlbtcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KmxAMRT) -- C:\WINDOWS\system32\drivers\KmxAMRT.sys (Total Defense)
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\system32\drivers\KmxStart.sys (CA)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (dc3d) -- C:\WINDOWS\system32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (WsAudio_DeviceS(5) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (fanio) -- C:\WINDOWS\system32\drivers\fanio.sys (Christian Diefer)
DRV - (CM1083264) -- C:\WINDOWS\system32\drivers\CM108.sys (C-Media Inc)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (ATIXPGAA) -- C:\DELL\drivers\R75495\atixpgaa.sys (ATI Technologies Inc.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 13 24 75 46 F3 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D926172-7593-4CB4-B79C-EC8E2BB3C5A0}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{424B0160-F7D0-CA84-A025-CF09261B12EE}: "URL" = http://www.ytdstart....eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/10/08 17:20:16 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: C:\Program Files\DataVault\DataVault.exe\..\npapi.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DataVault\DataVault.exe\..\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/17 07:32:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Ascendo DataVault (Enabled) = C:\Program Files\DataVault\DataVault.exe\..\npapi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/08 17:07:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (DataVault Bar) - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files\DataVault\ie.dll (Ascendo Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USBKVM Switcher.lnk = C:\Program Files\USBKVM Switcher\USBKVM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O8 - Extra context menu item: Save to DataVault - C:\Program Files\DataVault\DataVault.exe (Ascendo Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: live.com ([login] http in Trusted sites)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1349213794203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.1.11:.../DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C471BFF9-4403-4144-ACFB-5BC9D3B4F857}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/19 12:02:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 10:21:18 | 000,000,082 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{eafe8267-ea09-11df-990a-000f1f1e316e}\Shell - "" = AutoRun
O33 - MountPoints2\{eafe8267-ea09-11df-990a-000f1f1e316e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eafe8267-ea09-11df-990a-000f1f1e316e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 16:57:54 | 004,762,763 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/10/08 06:37:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/06 14:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2012/10/06 14:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/10/06 11:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2012/10/06 11:36:29 | 000,015,544 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012/10/05 16:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Flobo Scans
[2012/10/05 13:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/10/05 13:01:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2012/10/03 06:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetaGeek,_LLC
[2012/10/03 06:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MetaGeek
[2012/10/03 06:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2012/10/02 19:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/10/02 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/10/02 16:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iSpy
[2012/10/02 16:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iSpy
[2012/10/02 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\iSpy
[2012/09/25 17:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2012/09/25 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/09/25 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/09/17 18:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flobo System Repair
[2012/09/17 18:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Flobo System Repair
[2012/09/17 18:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/09/17 17:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Clean Expert
[2012/09/17 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2012/09/17 16:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/09/17 16:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/16 20:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/09/16 20:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/16 20:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/16 20:52:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/16 20:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/16 09:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/09/16 09:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/15 13:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/09/15 13:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/09/15 13:27:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 17:14:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/08 17:08:13 | 000,075,004 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2012/10/08 17:08:13 | 000,051,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2012/10/08 17:08:13 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2012/10/08 17:08:13 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2012/10/08 17:08:13 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2012/10/08 17:08:13 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2012/10/08 17:08:13 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2012/10/08 17:08:13 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2012/10/08 17:08:13 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2012/10/08 17:08:13 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2012/10/08 17:07:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/10/08 07:49:34 | 004,762,763 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/10/06 14:35:14 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2012/10/06 11:31:54 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google.url
[2012/10/06 07:41:21 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2012/10/05 09:24:02 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_092350.reg
[2012/10/05 08:22:33 | 000,006,630 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_082223.reg
[2012/10/05 07:17:35 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/04 21:27:11 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iSpy.lnk
[2012/10/04 19:21:04 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\inSSIDer.lnk
[2012/10/02 19:48:25 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/10/02 16:22:41 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/10/01 17:07:25 | 000,000,553 | ---- | M] () -- C:\WINDOWS\WebConfig.ini
[2012/09/22 21:01:44 | 000,076,816 | R--- | M] () -- C:\Documents and Settings\Administrator\My Documents\DataVault.dat
[2012/09/22 06:56:05 | 000,019,860 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120922_065550.reg
[2012/09/21 12:05:08 | 000,015,544 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012/09/17 18:18:38 | 000,000,013 | ---- | M] () -- C:\Program Files\iar_dat.dte
[2012/09/17 18:18:34 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Flobo System Repair.lnk
[2012/09/17 17:40:22 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Registry Defrag.lnk
[2012/09/17 17:30:31 | 000,025,226 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_173019.reg
[2012/09/17 16:33:36 | 000,288,334 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_163239.reg
[2012/09/16 20:52:09 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/15 15:21:58 | 000,506,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/15 15:21:58 | 000,089,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 14:35:14 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2012/10/05 09:23:55 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_092350.reg
[2012/10/05 08:22:26 | 000,006,630 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20121005_082223.reg
[2012/10/03 06:35:52 | 000,002,339 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\inSSIDer.lnk
[2012/10/02 19:48:25 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/10/02 16:35:43 | 000,002,263 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iSpy.lnk
[2012/10/02 16:22:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2012/09/22 06:55:57 | 000,019,860 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120922_065550.reg
[2012/09/17 18:18:38 | 000,000,013 | ---- | C] () -- C:\Program Files\iar_dat.dte
[2012/09/17 18:18:34 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Flobo System Repair.lnk
[2012/09/17 17:40:22 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Registry Defrag.lnk
[2012/09/17 17:30:25 | 000,025,226 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_173019.reg
[2012/09/17 16:32:48 | 000,288,334 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20120917_163239.reg
[2012/09/17 16:17:31 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/09/16 20:52:09 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 17:17:20 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Administrator\.lmmsrc.xml
[2012/08/26 09:02:41 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2012/08/26 09:02:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.4.ini
[2012/08/13 22:10:11 | 000,000,553 | ---- | C] () -- C:\WINDOWS\WebConfig.ini
[2012/08/12 19:23:14 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\FCPlayer.dll
[2012/08/12 19:23:14 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FCPlayer.exe
[2012/08/12 19:23:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\FCNetLib.dll
[2012/08/12 19:23:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FCSDK.dll
[2012/04/13 15:53:56 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/02/16 07:17:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 10:54:22 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kodakpcd.ini
[2012/01/04 18:53:13 | 000,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
[2011/12/10 18:19:29 | 000,006,840 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml
[2011/02/11 10:21:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkserv.dll
[2011/02/11 10:21:56 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkusb1.dll
[2011/02/11 10:21:56 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkpmui.dll
[2011/02/11 10:21:56 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkinpa.dll
[2011/02/11 10:21:56 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkiesc.dll
[2011/02/11 10:21:55 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkhbn3.dll
[2011/02/11 10:21:55 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcomc.dll
[2011/02/11 10:21:55 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbklmpm.dll
[2011/02/11 10:21:55 | 000,538,096 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcoms.exe
[2011/02/11 10:21:55 | 000,386,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkih.exe
[2011/02/11 10:21:55 | 000,382,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcfg.exe
[2011/02/11 10:21:55 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkprox.dll
[2011/02/11 10:21:55 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkpplc.dll
[2011/02/11 10:21:54 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\dlbkjswr.dll
[2011/02/11 10:21:54 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlbkutil.dll
[2011/02/11 10:21:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dlbkcur.dll
[2011/02/11 10:21:54 | 000,073,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbkcu.dll
[2011/02/08 00:45:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2011/02/08 00:45:16 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2011/02/06 14:29:10 | 000,000,684 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011/01/30 19:16:18 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\CM108rm.dll
[2011/01/30 18:07:25 | 000,098,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 13:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PPViewer.INI
[2011/01/15 14:45:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/15 14:39:14 | 000,000,169 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/12/31 19:22:46 | 000,820,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:25:54 | 000,030,728 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/01 07:26:48 | 000,005,642 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/10/01 07:26:48 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\08C86811C7.sys
[2010/02/09 18:34:07 | 000,000,327 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml

========== ZeroAccess Check ==========

[2010/01/19 16:50:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/13 13:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AJC Software
[2012/01/13 13:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2012/01/13 13:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ascendo
[2012/07/26 21:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2012/07/23 19:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2012/02/29 18:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DDMSettings
[2012/01/13 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDFab
[2012/09/17 16:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2012/10/06 19:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iSpy
[2012/01/13 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2012/01/13 14:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2012/06/15 18:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2012/08/26 09:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\proDAD
[2012/09/25 17:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Search Settings
[2012/01/14 10:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2012/10/06 14:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Systweak
[2012/01/13 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TrueCrypt
[2012/09/15 13:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2012/01/13 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2012/01/13 14:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy pro
[2012/01/13 14:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AJC Software
[2012/01/13 14:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2012/07/23 19:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/07/23 19:12:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/16 21:07:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/07/27 08:01:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/09/16 21:07:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/07/23 19:24:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2012/07/26 20:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2012/07/23 19:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/01/13 14:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2012/01/13 14:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/01/13 14:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGSI
[2012/06/15 18:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/13 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/08/26 18:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\proDAD
[2012/01/13 14:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2012/01/13 15:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2012/08/26 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/09/17 16:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/09/16 16:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2012/08/31 14:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2012/01/13 15:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2012/08/17 23:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/01/13 15:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2012/03/31 12:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/08/24 14:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2012/06/16 09:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2012/09/15 13:27:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/01/13 15:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >


Combofix log:
ComboFix 12-10-08.01 - Administrator 10/08/2012 19:44:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1619 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
C:\Install.exe
c:\windows\system32\aosmtp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-09-25 22:11 . 2012-09-25 22:11 -------- d-----w- c:\program files\Common Files\Spigot
2012-09-17 23:18 . 2012-09-17 23:18 -------- d-----w- c:\program files\Flobo System Repair
2012-09-17 22:40 . 2012-09-17 22:40 -------- d-----w- c:\program files\Registry Clean Expert
2012-09-17 21:17 . 2012-10-05 12:17 -------- d-----w- c:\program files\CCleaner
2012-09-17 01:52 . 2012-09-17 01:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-09-17 01:52 . 2012-09-17 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-09-17 01:52 . 2012-09-17 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 01:52 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 14:44 . 2012-09-16 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-09-16 14:36 . 2012-09-16 14:36 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Apple Computer
2012-09-16 14:35 . 2012-09-16 14:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-16 14:34 . 2012-09-16 14:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-16 14:31 . 2012-09-16 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-09-15 18:29 . 2012-09-15 18:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2012-09-15 18:28 . 2012-09-16 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2012-09-15 18:27 . 2012-09-15 18:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-16 14:41 . 2012-04-23 11:21 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-16 14:41 . 2011-07-05 19:09 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 14:33 . 2010-01-23 03:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-16 14:33 . 2010-04-21 11:31 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2003-07-16 16:26 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2010-01-19 17:33 385024 ------w- c:\windows\system32\html.iec
2012-07-23 15:19 . 2012-08-13 00:23 179304 ----a-w- c:\windows\system32\FCWebClientPlus.ocx
2012-07-17 19:27 . 2012-08-13 00:23 53248 ----a-w- c:\windows\system32\FCSDK.dll
2012-07-17 19:21 . 2012-08-13 00:23 798720 ----a-w- c:\windows\system32\FCPlayer.dll
2012-07-17 19:20 . 2012-08-13 00:23 180224 ----a-w- c:\windows\system32\FCNetLib.dll
2012-07-13 20:12 . 2010-10-01 12:26 5642 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
USBKVM Switcher.lnk - c:\program files\USBKVM Switcher\USBKVM.exe [2011-1-29 188416]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run]
2012-08-30 02:58 1229848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-07-19 13:23 2567272 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 19:41 1637496 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Detective]
2012-08-31 19:46 3518944 ----a-w- c:\program files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 17:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-27 14:41 116648 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2011-07-25 16:10 468112 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2012-09-19 21:27 1100680 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-06-26 16:54 105632 ------w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Quick View]
2012-06-14 15:58 5235128 ----a-r- c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"dla"=c:\windows\system32\dla\tfswctrl.exe
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DataVault\\DataVault.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IPCamSetup\\IPCamera.exe"=
"c:\\Program Files\\H.264 Camera Client\\H.264 Camera Client.exe"=
"c:\\Program Files\\Blue Iris 3\\blueiris.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Program Files\\iSpy\\iSpy\\iSpy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"8090:TCP"= 8090:TCP:*:Disabled:Blue Iris TCP Port 8090
"8091:TCP"= 8091:TCP:*:Disabled:Blue Iris TCP Port 8091
"5091:TCP"= 5091:TCP:*:Disabled:Blue Iris TCP Port 5091
"8091:UDP"= 8091:UDP:*:Disabled:Blue Iris UDP Port 8091
"5091:UDP"= 5091:UDP:*:Disabled:Blue Iris UDP Port 5091
"554:TCP"= 554:TCP:*:Disabled:Blue Iris TCP Port 554
"554:UDP"= 554:UDP:*:Disabled:Blue Iris TCP Port 554
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2/12/2010 6:54 PM 14464]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/16/2003 11:41 AM 14336]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [5/17/2010 3:45 PM 1615176]
R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [6/14/2012 11:04 AM 1151424]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [6/14/2012 10:57 AM 248248]
R2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [6/14/2012 11:04 AM 1177536]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [4/13/2012 5:54 PM 45288]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/13/2012 9:59 AM 11520]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/23/2012 6:21 AM 250568]
S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\R75495\atixpgaa.sys [1/4/2012 8:16 PM 11648]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [1/30/2011 7:16 PM 1294336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/16/2012 8:52 PM 22856]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [4/25/2011 11:02 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [4/25/2011 11:03 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [4/25/2011 11:03 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [4/25/2011 11:03 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [4/25/2011 11:03 PM 25704]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/16/2012 8:52 PM 399432]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/16/2012 8:52 PM 676936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save to DataVault - file://c:\program files\DataVault\DataVault.exe/../iemenuext.htm
Trusted Zone: live.com\login
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.11:8090/codebase/DVM_IPCam2.ocx
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CM108Sound - CM108.cpl
AddRemove-Akamai - c:\documents and settings\Administrator\Local Settings\Application Data\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 20:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,6e,92,65,6e,bc,c3,47,ac,59,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,6e,92,65,6e,bc,c3,47,ac,59,2f,\
.
[HKEY_USERS\S-1-5-21-1844237615-1614895754-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,f0,83,69,a2,9c,ab,42,a7,dc,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,9c,26,89,25,a6,6f,4c,b6,48,83,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,f9,f8,84,55,21,f1,4c,be,1b,f0,\
.
[HKEY_USERS\S-1-5-21-1844237615-1614895754-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1564)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-10-08 20:24:30
ComboFix-quarantined-files.txt 2012-10-09 01:24
.
Pre-Run: 105,457,684,480 bytes free
Post-Run: 105,577,209,856 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3DA77BEAFA6A1A91EC154A63AE9F033A
  • 0

#6
emeraldnzl
Posted 08 October 2012 - 09:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Ran the OTL fix as recommended but did not result in a log file being generated.


If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL fix log is saved in a text file at C:\_OTL\MovedFiles

See if you can find it. :)

Now

Question: Do you know about the program iSpy on your machine? It can be there legitimately but it can also be used to spy on you. Tell me when you come back.

Next

Download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

When you come back please post
  • OTL log
  • AdwCleaner log
  • and tell me about the ispy program
  • 0

#7
RTG9100
Posted 08 October 2012 - 09:56 PM

RTG9100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ISPY is open source software to monitor the 2 IP securitry cameras I have installed. BlueIris surveillance software is my preference to use but apparently used excessive PC resources and would not operate properly (assuming something else on this PC was not causing problems). If Ispy is a problem I will remove from the system.

Also, the error dialog box has returned: "bcmwltry.ese - Unable to Locate Component. This application has failed to start because MFC71.DLL was not found. Re-installing the application may fix this problem."

I found the OTL log generated following the scan fix.

OTL log:

========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9B596622-FDDA-4e28-97F8-998C522FA58E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B596622-FDDA-4e28-97F8-998C522FA58E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Program Files\YTD Toolbar\IE\6.3\ytdToolbarIE.dll moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 1952 bytes

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Roland
->Flash cache emptied: 94202 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Roland
->Java cache emptied: 12612266 bytes

Total Java Files Cleaned = 12.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_063730



Here us the AdwCleaner log:
# AdwCleaner v2.004 - Logfile created 10/08/2012 at 22:51:42
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - ROLAND-NE19YKET
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Search Settings
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\spigot

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2496 octets] - [08/10/2012 22:49:17]
AdwCleaner[S1].txt - [2316 octets] - [08/10/2012 22:51:42]

########## EOF - C:\AdwCleaner[S1].txt - [2376 octets] ##########
  • 0

#8
emeraldnzl
Posted 08 October 2012 - 10:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

If Ispy is a problem I will remove from the system.


No just wanted to make sure you put it there.

Also, the error dialog box has returned: "bcmwltry.ese - Unable to Locate Component.


The link below has helpful information about this. If you don't use it just follow the guidance there.

http://www.ehow.com/...cmwltryexe.html

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
And tell me how your computer is now.
  • 0

#9
RTG9100
Posted 09 October 2012 - 07:48 PM

RTG9100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ran the ESET scan. Took ~12 hours to run. The ESET scan log is attached below. Quarantined about 24 items which I proceeded to clear upon exiting the ESET scan. I reloaded the Antivirus software (Total Defense Internet Suite which used to be CA Antivirus). I am currently running the first scan following loading the AV software - which seems to be taking a long time. Scan seems to hung @ 55%. I will let the scan continue overnight to see if it terminates.

The computer does appear to be behaving better but PC load is running @ 60% - 70% with the AV scan in progress, 2 IE windows open & the Windows Task Manager open. Not quite sure if this amount of load is normal for the horsepower the PC possesses. I wonder if something in the hardware regime is going bad. The PC hangs up before loading Windows about 1 out of every 3-4 start ups.

The issue with MFC71.dll/bcmwltry.exe went away after loading the Antivirus software. Removing the AV must have affected MFC71.dll.

At this point, I am satisfied with the improvement but wonder if further resources could be cleared up. If I had to make a choice between keeping what I have currently or reloading the operating system (if that was the only option), I would stop with what I have.

ESET log:
C:\Documents and Settings\Roland\Local Settings\Temp\bing.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\Local Settings\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Aug12\LMMS\lmms-0.4.13-win32.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Dec10\YouTubeDownloaderSetup264\YouTubeDownloaderSetup264.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Feb11\frostwire-4.21.3.windows\frostwire-4.21.3.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Jan10\Freeware_PrimoPDF\Freeware_PrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Jan11\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Jul11\YouTubeDownloaderSetup32\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Jun11\YouTubeDownloaderSetup272\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Jun11\YouTubeDownloaderSetup274\YouTubeDownloaderSetup274.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\Sep09\Freeware_PrimoPDF\Freeware_PrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Program Files\LMMS\Babylon9_setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files\Nitro PDF\PrimoPDF\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP134\A0021044.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP135\A0024236.rbf a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP135\A0024238.rbf a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP135\A0024256.dll Win32/Toolbar.Zugo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP135\A0024258.msi probably a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP135\A0025222.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP143\A0026965.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP143\A0026985.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{036A33F7-2AFE-480E-A749-3B383D4475A5}\RP143\A0026986.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\WINDOWS\Installer\e674546.msi probably a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\_OTL\MovedFiles\10082012_063730\C_Program Files\YTD Toolbar\IE\6.3\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
  • 0

#10
emeraldnzl
Posted 09 October 2012 - 09:20 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

The PC hangs up before loading Windows about 1 out of every 3-4 start ups.


Hmm... I think we should just make sure there is nothing hiding deep down.

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.

When you return please post
  • aswMBR log
  • Result.txt
  • 0

#11
RTG9100
Posted 10 October 2012 - 12:40 PM

RTG9100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Woke up this morning to find the laptop hung up on reboot. Looks like the Total Defense AV scan completed ~2:30AM and then rebooted the PC (looking for setup option to not reboot on scan completion but not found yet - will keep looking).

Attached are the results of the aswMBR and ListParts scans as requested. At the time of the ListParts scan I had a 2TB external hard drive attached (always attached to this PC) as well as a 16Gb flash drive I used to transfer the ListParts executable to the PC (downloaded while at work).

aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-10 13:12:36
-----------------------------
13:12:36.734 OS Version: Windows 5.1.2600 Service Pack 3
13:12:36.750 Number of processors: 2 586 0x304
13:12:36.750 ComputerName: ROLAND-NE19YKET UserName: Administrator
13:12:39.203 Initialize success
13:21:47.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:21:47.250 Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
13:21:47.281 Disk 0 MBR read successfully
13:21:47.281 Disk 0 MBR scan
13:21:47.296 Disk 0 Windows XP default MBR code
13:21:47.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
13:21:47.312 Disk 0 scanning sectors +312560639
13:21:47.421 Disk 0 scanning C:\WINDOWS\system32\drivers
13:22:06.890 Service scanning
13:22:35.578 Modules scanning
13:23:07.593 Disk 0 trace - called modules:
13:23:07.640 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:23:07.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6ccab8]
13:23:07.656 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6cfb00]
13:23:07.671 Scan finished successfully
13:27:20.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
13:27:20.140 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\10-10-12 aswMBR.txt"


ListParts scan log:
ListParts by Farbar Version: 02-10-2012
Ran by Administrator (administrator) on 10-10-2012 at 13:32:34
Windows XP (X86)
Running From: C:\Documents and Settings\Roland\My Documents\Downloads\Oct12\ListParts
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 2047.21 MB
Available physical RAM: 1284.52 MB
Total Pagefile: 3944.26 MB
Available Pagefile: 3340.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.08 MB

======================= Partitions =========================

1 Drive c: (BB) (Fixed) (Total:149.04 GB) (Free:97.54 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive e: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
4 Drive g: (HP USB FD) (Removable) (Total:7.53 GB) (Free:2.04 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 8033 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C BB NTFS Partition 149 GB Healthy System (partition with boot components)
======================================================================================================

****** End Of Log ******
  • 0

#12
emeraldnzl
Posted 10 October 2012 - 01:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello RTG9100,

Nothing showing up there.

I think there may be other issues, either software or hardware.

Sometimes there can be overheating... maybe something to check.

Try running chkdsk.

Chkdsk is a valuable tool in dealing with a system that does not boot properly.

Go to Windows XP chkdsk for some helpful instructions.

Also might be worth defraging your machine if it hasn't been done for a while.

Go to Running XP defrag in Safe Mode for some helpful instructions.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* If you are considering an alternative browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Chrome may be downloaded from here . One of the most used nowadays.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

NoSript by Giorgio Maone is another one to add to your protection.

No scripts is an excellant security device. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

Further, sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
emeraldnzl
Posted 12 October 2012 - 01:04 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP