Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak and Google Redirects


  • Please log in to reply
9 replies to this topic

#1 AllYourBase

AllYourBase

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 10 December 2012 - 05:34 PM

Hello,

This is my second go around with the Google redirects and now I seemed to have picked up the FBI Money Pak virus that many others are having trouble with. I tried to get rid of it using this guide:

Link

After running the EMSISOFT scan there were several items that were quarantined, but that did not rid me of it. I also have scanned with MBAM which also did not help. The Google redirect problem happens with either Internet Explorer or Chrome. Thanks in advance for the help!

Here is my DDS log.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.19328
Run by Colin at 16:15:32 on 2012-12-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1259 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Apple] Rundll32.exe c:\users\colin\appdata\local\apple\mvboaobu.dll,ompd_get_thread_info
uRun: [Svc2dll] c:\users\colin\appdata\roaming\svcxdcl32.exe
uRun: [] c:\users\colin\wrhbkzfzcwpqlnmaxy.exe
uRun: [vopsinzylgad] c:\users\colin\vopsinzylgad.exe
uRunOnce: [18819AF62D5F870100001881827B8DE4] c:\programdata\18819af62d5f870100001881827b8de4\18819AF62D5F870100001881827B8DE4.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [upnpi] rundll32.exe "c:\users\colin\appdata\roaming\upnpi.dll",FBuildTempPath
mRun: [mcrtu] rundll32.exe "c:\users\colin\appdata\roaming\mcrtu.dll",write_flush
StartupFolder: c:\users\colin\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\users\colin\appdata\roaming\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\1006fix.lnk - c:\program files\common files\mitchell1\1006fix\startsomts.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2009\QBW32.EXE
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: medium-truck.net
Trusted Zone: ondemand5.com
Trusted Zone: repair-connect.net
Trusted Zone: shopkey5.com
Trusted Zone: tractor-trailer.net
Trusted Zone: vintage.mitchell1.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{27418590-0F5C-45BD-BD2F-A4774920694C} : DHCPNameServer = 68.94.156.1 68.94.157.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\colin\desktop\emsisoftemergencykit\run\a2ddax86.sys [2012-12-3 17904]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-24 21504]
S2 MachineTokenService;SOMTS;c:\mitchell1\ondemand5\Mitchell1.Security.MachineTokenService.exe [2012-3-27 57344]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-28 399432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 676936]
S2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-2-17 87176]
S2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-11-9 1248256]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-10-2 245760]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2011-3-31 258048]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22856]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-9-24 21504]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-11-10 174720]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2011-4-8 45608]
S3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [2009-5-19 75264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
.
=============== Created Last 30 ================
.
2012-12-10 21:48:20 -------- d-----w- c:\programdata\18819AF62D5F870100001881827B8DE4
2012-12-10 21:47:36 592896 ----a-w- c:\users\colin\appdata\roaming\mcrtu.dll
2012-12-10 21:47:30 61440 ---ha-w- c:\windows\system32\NETSaelv.dll
2012-12-10 21:47:06 36296 --sha-w- c:\users\colin\vopsinzylgad.exe
2012-12-10 21:46:40 158208 ----a-w- c:\users\colin\appdata\roaming\upnpi.dll
2012-12-10 21:46:31 65536 ----a-w- c:\users\colin\dvhbzqcghlfwhwdjhdohflx.exe
2012-12-10 21:46:29 89600 ----a-w- c:\users\colin\wrhbkzfzcwpqlnmaxy.exe
2012-12-10 21:42:51 123392 ----a-w- c:\users\colin\appdata\roaming\svcxdcl32.exe
2012-12-07 14:57:13 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{907db867-6c44-4f69-8873-e344f33872b9}\mpengine.dll
2012-12-04 15:04:26 130048 ----a-w- c:\users\colin\appdata\local\svcxdcl32.exe
2012-12-03 21:52:46 -------- d-----w- c:\users\colin\appdata\local\Google
2012-12-03 21:52:29 -------- d-----w- c:\users\colin\appdata\local\Deployment
2012-12-03 21:52:29 -------- d-----w- c:\users\colin\appdata\local\Apps
2012-12-03 15:14:37 130048 ----a-w- c:\users\colin\wgsdgsdgdsgsd.exe
2012-11-15 14:58:23 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 14:58:07 2047488 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-10-09 18:29:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:29:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 16:20:25.33 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:39 PM

Posted 10 December 2012 - 05:46 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

You'll more than likely need to stay booted in Safe Mode w/ Networking to run these two tools below.


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Running OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR.exe log file.
3. OTL.txt & Extras.txt log files.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 10 December 2012 - 06:25 PM

Sweet:

Thank you for helping me, I will begin performing the requested tasks ASAP. In addition to what I posted above, I wanted to mention that I restarted my computer normally after posting this and found I also have some kind of Rogue antivirus program that has installed itself also. It is called System Progressive Protection. Just figured you should know. Again thanks and as soon as I have completed the tasks you requested I will post back!

#4 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 11 December 2012 - 11:02 AM

Here is the aswMBR log:


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-11 09:03:37
-----------------------------
09:03:37.971 OS Version: Windows 6.0.6002 Service Pack 2
09:03:37.971 Number of processors: 2 586 0x6802
09:03:37.971 ComputerName: COLIN-LAPTOP UserName: Colin
09:04:21.754 Initialize success
09:14:29.700 AVAST engine defs: 12121101
09:19:03.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
09:19:03.246 Disk 0 Vendor: WDC_WD2500BEVS-60UST0 01.01A01 Size: 238475MB BusType: 3
09:19:03.262 Disk 0 MBR read successfully
09:19:03.262 Disk 0 MBR scan
09:19:03.278 Disk 0 unknown MBR code
09:19:03.278 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226274 MB offset 63
09:19:03.309 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12197 MB offset 463410990
09:19:03.324 Disk 0 scanning sectors +488392065
09:19:03.387 Disk 0 scanning C:\Windows\system32\drivers
09:19:20.817 Service scanning
09:19:47.914 Modules scanning
09:19:53.593 Disk 0 trace - called modules:
09:19:53.608 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:19:53.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8474f030]
09:19:53.608 3 CLASSPNP.SYS[87c068b3] -> nt!IofCallDriver -> [0x83c1c8d0]
09:19:53.608 5 acpi.sys[875d06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x83c0ca38]
09:19:57.181 AVAST engine scan C:\Windows
09:20:01.003 AVAST engine scan C:\Windows\system32
09:24:19.043 AVAST engine scan C:\Windows\system32\drivers
09:24:39.732 AVAST engine scan C:\Users\Colin
09:24:40.684 File: C:\Users\Colin\AppData\Local\Apple\mvboaobu.dll **INFECTED** Win32:Tracur-JK [Trj]
09:26:59.292 File: C:\Users\Colin\AppData\Local\temp\4.350763618558774E8.exe **INFECTED** Win32:Carberp-AMJ [Trj]
09:27:01.195 File: C:\Users\Colin\AppData\Local\temp\B0FY98A.exe **INFECTED** Win32:Rootkit-gen [Rtk]
09:27:33.970 File: C:\Users\Colin\AppData\Local\temp\~!#3433.tmp **INFECTED** Win32:Dropper-gen [Drp]
09:27:34.111 File: C:\Users\Colin\AppData\Local\temp\~!#7F19.tmp **INFECTED** Win32:Rootkit-gen [Rtk]
09:27:50.288 File: C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\32cc1717-4cb1fa9f **INFECTED** Win32:Rootkit-gen [Rtk]
09:27:50.584 File: C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\52d2da9c-7aba6e8e **INFECTED** Win32:Reveton-KJ [Trj]
09:27:51.973 File: C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\78fa57bf-4df5c4f2 **INFECTED** Win32:Malware-gen
09:28:29.850 File: C:\Users\Colin\AppData\Roaming\svcxdcl32.exe **INFECTED** Win32:Carberp-AMJ [Trj]
09:32:21.853 File: C:\Users\Colin\wgsdgsdgdsgsd.exe **INFECTED** Win32:Malware-gen
09:32:32.866 AVAST engine scan C:\ProgramData
09:32:33.397 File: C:\ProgramData\18819AF62D5F870100001881827B8DE4\18819AF62D5F870100001881827B8DE4.exe **INFECTED** Win32:Rootkit-gen [Rtk]
09:35:56.925 Scan finished successfully
09:37:43.108 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Documents\HS-4 Docs\MBR.dat"
09:37:43.124 The log file has been saved successfully to "C:\Users\Colin\Documents\HS-4 Docs\aswMBR.txt"

#5 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 11 December 2012 - 11:03 AM

Here is the OTL log

OTL logfile created on: 12/11/2012 9:40:41 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Colin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.55% Memory free
4.10 Gb Paging File | 3.20 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.97 Gb Total Space | 132.24 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 1.85 Gb Free Space | 15.52% Space Free | Partition Type: NTFS
Drive E: | 157.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 436.49 Gb Free Space | 93.72% Space Free | Partition Type: NTFS

Computer Name: COLIN-LAPTOP | User Name: Colin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Colin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Colin\Downloads\aswMBR.exe (AVAST Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\NETSaelv.dll ()


========== Services (SafeList) ==========

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (MachineTokenService) -- C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe ()
SRV - (Franson GpsGate 2.0) -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe ()
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Colin\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswMBR) -- C:\Users\Colin\AppData\Local\Temp\aswMBR.sys File not found
DRV - (A2DDA) -- C:\Users\Colin\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys (Emsi Software GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (qrkis) -- C:\Windows\System32\drivers\qrkis.sys (Tether)
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ubloxusb) -- C:\Windows\System32\drivers\ubloxusb.sys (u-blox AG)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (BVRP Software)
DRV - (bizVSerial) -- C:\Windows\System32\drivers\bizVSerialNT.sys (franson.biz)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.9.0.3
FF - prefs.js..extensions.enabledAddons: ytvdw@pgport.com:1.1.10
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/02/06 23:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Extensions
[2009/02/06 23:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/27 16:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\0p06yjdp.default\extensions
[2012/01/27 16:28:28 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\0p06yjdp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2012/01/27 16:30:10 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\0p06yjdp.default\extensions\ytvdw@pgport.com.xpi

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: ChromeUpdateManager = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\
CHR - Extension: Google Search = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/16 14:13:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcrtu] C:\Users\Colin\AppData\Roaming\mcrtu.dll ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [upnpi] C:\Users\Colin\AppData\Roaming\upnpi.dll (Donkey)
O4 - HKCU..\Run: [] C:\Users\Colin\wrhbkzfzcwpqlnmaxy.exe ()
O4 - HKCU..\Run: [Apple] C:\Users\Colin\AppData\Local\Apple\mvboaobu.dll (LEAD Technologies, Inc.)
O4 - HKCU..\Run: [Svc2dll] C:\Users\Colin\AppData\Roaming\svcxdcl32.exe ()
O4 - HKCU..\Run: [vopsinzylgad] C:\Users\Colin\vopsinzylgad.exe ()
O4 - HKCU..\RunOnce: [18819AF62D5F870100001881827B8DE4] C:\ProgramData\18819AF62D5F870100001881827B8DE4\18819AF62D5F870100001881827B8DE4.exe ()
O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Colin\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: medium-truck.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ondemand5.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: repair-connect.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: shopkey5.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tractor-trailer.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vintage.mitchell1.com ([]* in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27418590-0F5C-45BD-BD2F-A4774920694C}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/23 01:21:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: diskdosx - (C:\Windows\system32\NETSaelv.dll) - C:\Windows\System32\NETSaelv.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/10 16:55:15 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012/12/10 15:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\18819AF62D5F870100001881827B8DE4
[2012/12/10 15:46:40 | 000,158,208 | ---- | C] (Donkey) -- C:\Users\Colin\AppData\Roaming\upnpi.dll
[2012/12/03 15:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/03 15:52:46 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Google
[2012/12/03 15:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/12/03 15:52:29 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Deployment
[2012/12/03 15:52:29 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Local\Apps
[2012/12/03 10:27:05 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\EmsisoftEmergencyKit
[2012/11/30 09:39:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Colin\Desktop\tdsskiller.exe
[2012/11/15 08:58:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/15 08:58:07 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/12/11 08:59:40 | 000,000,829 | ---- | M] () -- C:\Users\Colin\Desktop\aswMBR - Shortcut.lnk
[2012/12/11 08:46:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/10 17:20:36 | 000,002,049 | ---- | M] () -- C:\Windows\Series10.ini
[2012/12/10 17:18:01 | 000,000,387 | ---- | M] () -- C:\Windows\picklist.ini
[2012/12/10 17:11:46 | 000,000,109 | ---- | M] () -- C:\Windows\mrid32
[2012/12/10 17:11:46 | 000,000,092 | ---- | M] () -- C:\Windows\crw.ini
[2012/12/10 16:55:18 | 000,166,945 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/12/10 16:55:16 | 000,000,063 | ---- | M] () -- C:\Users\Colin\AppData\Local\svcxdcl32.exe
[2012/12/10 16:55:15 | 000,002,012 | ---- | M] () -- C:\Users\Colin\Desktop\System Progressive Protection.lnk
[2012/12/10 16:55:07 | 000,002,433 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2012/12/10 16:55:07 | 000,000,319 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/12/10 16:55:04 | 000,006,524 | ---- | M] () -- C:\Users\Colin\AppData\Local\acda5476-4b45-42ea-9b47-8dc6423b3713.crx
[2012/12/10 16:54:42 | 000,166,945 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/12/10 16:54:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/10 16:45:26 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 16:45:26 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 15:48:43 | 038,096,896 | R--- | M] () -- C:\Users\Colin\Desktop\JMC Enterprises Inc312.QBW
[2012/12/10 15:48:43 | 002,949,120 | R--- | M] () -- C:\Users\Colin\Desktop\JMC Enterprises Inc312.QBW.TLG
[2012/12/10 15:48:21 | 000,592,896 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\mcrtu.dll
[2012/12/10 15:47:30 | 000,061,440 | -H-- | M] () -- C:\Windows\System32\NETSaelv.dll
[2012/12/10 15:46:40 | 000,158,208 | ---- | M] (Donkey) -- C:\Users\Colin\AppData\Roaming\upnpi.dll
[2012/12/10 15:46:36 | 000,036,296 | -HS- | M] () -- C:\Users\Colin\vopsinzylgad.exe
[2012/12/10 15:46:32 | 000,065,536 | ---- | M] () -- C:\Users\Colin\dvhbzqcghlfwhwdjhdohflx.exe
[2012/12/10 15:46:30 | 000,089,600 | ---- | M] () -- C:\Users\Colin\wrhbkzfzcwpqlnmaxy.exe
[2012/12/10 15:42:52 | 000,123,392 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\svcxdcl32.exe
[2012/12/10 15:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/10 14:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/10 12:58:03 | 000,000,350 | ---- | M] () -- C:\Windows\od5.ini
[2012/12/10 08:36:30 | 000,000,383 | ---- | M] () -- C:\Users\Colin\Desktop\JMC Enterprises Inc312.QBW.ND
[2012/12/10 08:31:02 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C30EDCB2-DE76-43C7-BB62-4946CB8CA181}.job
[2012/12/10 08:29:58 | 000,000,154 | ---- | M] () -- C:\Users\Colin\AppData\Local\svcxdcl32.dat
[2012/12/04 09:04:20 | 000,130,048 | ---- | M] () -- C:\Users\Colin\wgsdgsdgdsgsd.exe
[2012/12/03 15:57:40 | 000,001,931 | ---- | M] () -- C:\Users\Colin\Desktop\Google Chrome.lnk
[2012/12/03 15:57:40 | 000,001,915 | ---- | M] () -- C:\Users\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/03 10:26:45 | 246,453,320 | ---- | M] () -- C:\Users\Colin\Desktop\EmsisoftEmergencyKit.zip
[2012/12/03 09:32:44 | 000,007,620 | ---- | M] () -- C:\Users\Colin\AppData\Local\d3d9caps.dat
[2012/12/03 09:21:42 | 000,031,232 | ---- | M] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/30 09:38:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Colin\Desktop\tdsskiller.exe
[2012/11/21 10:34:49 | 000,013,405 | ---- | M] () -- C:\Users\Colin\Desktop\Chemtrol history.pdf
[2012/11/19 14:56:13 | 000,002,587 | ---- | M] () -- C:\Users\Colin\Desktop\Microsoft Office Word 2007.lnk
[2012/11/19 07:58:48 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/19 07:58:48 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/16 13:15:06 | 000,359,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/12/11 08:59:40 | 000,000,829 | ---- | C] () -- C:\Users\Colin\Desktop\aswMBR - Shortcut.lnk
[2012/12/10 16:55:15 | 000,002,012 | ---- | C] () -- C:\Users\Colin\Desktop\System Progressive Protection.lnk
[2012/12/10 15:48:22 | 000,006,524 | ---- | C] () -- C:\Users\Colin\AppData\Local\acda5476-4b45-42ea-9b47-8dc6423b3713.crx
[2012/12/10 15:47:36 | 000,592,896 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\mcrtu.dll
[2012/12/10 15:47:30 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\NETSaelv.dll
[2012/12/10 15:47:06 | 000,036,296 | -HS- | C] () -- C:\Users\Colin\vopsinzylgad.exe
[2012/12/10 15:46:31 | 000,065,536 | ---- | C] () -- C:\Users\Colin\dvhbzqcghlfwhwdjhdohflx.exe
[2012/12/10 15:46:29 | 000,089,600 | ---- | C] () -- C:\Users\Colin\wrhbkzfzcwpqlnmaxy.exe
[2012/12/10 15:42:51 | 000,123,392 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\svcxdcl32.exe
[2012/12/04 09:04:35 | 000,000,154 | ---- | C] () -- C:\Users\Colin\AppData\Local\svcxdcl32.dat
[2012/12/04 09:04:26 | 000,000,063 | ---- | C] () -- C:\Users\Colin\AppData\Local\svcxdcl32.exe
[2012/12/03 15:57:40 | 000,001,931 | ---- | C] () -- C:\Users\Colin\Desktop\Google Chrome.lnk
[2012/12/03 15:57:40 | 000,001,915 | ---- | C] () -- C:\Users\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/03 15:52:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/03 15:52:50 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/03 10:26:48 | 246,453,320 | ---- | C] () -- C:\Users\Colin\Desktop\EmsisoftEmergencyKit.zip
[2012/12/03 09:14:37 | 000,130,048 | ---- | C] () -- C:\Users\Colin\wgsdgsdgdsgsd.exe
[2012/11/21 10:34:48 | 000,013,405 | ---- | C] () -- C:\Users\Colin\Desktop\Chemtrol history.pdf
[2012/11/07 11:43:11 | 000,000,160 | ---- | C] () -- C:\ProgramData\-V01OnBhSLM0hzjr
[2012/11/07 11:43:11 | 000,000,144 | ---- | C] () -- C:\ProgramData\-V01OnBhSLM0hzj
[2012/11/07 11:43:02 | 000,000,368 | ---- | C] () -- C:\ProgramData\V01OnBhSLM0hzj
[2012/10/02 08:37:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/10/02 08:37:34 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/09/22 07:23:49 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/09/22 07:23:49 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/09/22 07:23:34 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/22 07:23:34 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2170W.DAT
[2011/09/22 07:23:15 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2011/09/22 07:23:13 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2011/09/22 07:18:45 | 000,000,319 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/09/21 13:03:37 | 000,000,350 | ---- | C] () -- C:\Windows\od5.ini
[2011/09/21 12:37:34 | 000,002,049 | ---- | C] () -- C:\Windows\Series10.ini
[2011/09/21 12:37:34 | 000,000,244 | ---- | C] () -- C:\Windows\CAS.INI
[2011/03/31 16:34:06 | 000,163,840 | ---- | C] () -- C:\Windows\System32\GpsGateComClient.dll
[2011/03/31 16:33:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\GateApiXP.dll
[2011/02/16 09:03:40 | 000,007,620 | ---- | C] () -- C:\Users\Colin\AppData\Local\d3d9caps.dat
[2011/01/17 19:49:05 | 000,001,940 | ---- | C] () -- C:\Users\Colin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/12 21:59:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/21 21:55:43 | 000,166,945 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/21 21:55:43 | 000,166,945 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/04/03 13:40:49 | 000,031,232 | ---- | C] () -- C:\Users\Colin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/01 20:09:17 | 000,000,522 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2008/03/24 13:57:52 | 000,131,481 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\nvModes.001
[2008/03/24 12:15:51 | 000,131,481 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2012/12/10 15:47:05 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@
[2012/12/10 15:47:05 | 000,049,152 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n
[2012/12/10 15:47:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L
[2012/12/10 15:47:10 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U
[2012/12/10 15:47:09 | 000,000,928 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\00000001.@
[2012/12/10 15:47:10 | 000,011,776 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\80000000.@
[2012/12/10 15:47:10 | 000,021,504 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\800000cb.@
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1063233734-48989649-2280981246-1000\$ff24043d55f85ce9a20a8337d9b4b888\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n. -- [2012/12/10 15:47:05 | 000,049,152 | -HS- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/04/12 19:43:08 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Acoustica
[2008/11/06 19:08:31 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\bppenu11
[2012/09/07 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\GRLevel3
[2012/06/19 12:31:36 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\IrfanView
[2010/04/11 18:58:56 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Leadertech
[2012/03/19 13:28:21 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Mitchell1
[2008/03/24 11:46:10 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\MSNInstaller
[2008/10/17 23:04:34 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\muvee Technologies
[2012/02/20 16:03:11 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\SpotterNetwork
[2011/09/21 13:47:18 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\TeamViewer
[2008/04/01 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/04/08 16:56:04 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Tether
[2011/03/13 18:01:26 | 000,000,000 | ---D | M] -- C:\Users\Colin\AppData\Roaming\Tific

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:53829683

< End of report >

#6 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 11 December 2012 - 11:05 AM

Here is the OTL Extras Log

OTL Extras logfile created on: 12/11/2012 9:40:41 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Colin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.55% Memory free
4.10 Gb Paging File | 3.20 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.97 Gb Total Space | 132.24 Gb Free Space | 59.84% Space Free | Partition Type: NTFS
Drive D: | 11.91 Gb Total Space | 1.85 Gb Free Space | 15.52% Space Free | Partition Type: NTFS
Drive E: | 157.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 436.49 Gb Free Space | 93.72% Space Free | Partition Type: NTFS

Computer Name: COLIN-LAPTOP | User Name: Colin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C43EAE7-22C0-4b33-ABFB-3757ECA5FD7B}" = HP Officejet All-In-One Series
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58BC59AD-6C2F-41E7-8C4B-38C12D5C500F}" = DPR Client Manager
"{59A443A7-FFBF-41F1-B033-51D7B9A4AF5C}" = Mobile Broadband Generic Drivers
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5F6F0FD0-0F0D-4434-A800-B0695C5DAEB9}" = MobiLink 3
"{5F7DFDFA-27B3-4E06-BCDE-B371424C0032}" = OnDemand5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7E0E01E6-8F0B-428B-9A06-668104DA6872}" = Business Plan Pro 11.0
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90C1B64E-C537-48D5-AC50-4477C67A898B}" = Link
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{924D0A6F-2E6B-414A-B90E-F8831D611977}" = Data Acquisition
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A0D96C55-2CF9-4368-93A0-D331C426ACAF}" = Franson GpsGate 2.6
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{CF5EEF01-03F0-4099-B004-DFF4ABACEA05}" = Brother HL-2170W
"{D1C74825-512A-4D05-8156-5CFB0AC048C7}_is1" = 1006 fix version 1.0
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2240
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"GRLevel3_is1" = GRLevel3 version 1.78
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HP Wireless Elite Keyboard_is1" = HP Wireless Elite Keyboard V1.2.3
"HPOCR" = HP OCR Software 8.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{58BC59AD-6C2F-41E7-8C4B-38C12D5C500F}" = DPR Client Manager
"IrfanView" = IrfanView (remove only)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MobiLink 3" = MobiLink 3
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory" = pdfFactory
"Spotter Network Client" = Spotter Network Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2012 6:10:34 PM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19328, time stamp
0x50388dcf, faulting module NETSaelv.dll, version 0.0.0.0, time stamp 0x50c61574,
exception code 0xc00000fd, fault offset 0x00001117, process id 0x4fc, application
start time 0x01cdd722a654e489.

Error - 12/10/2012 6:10:50 PM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19328, time stamp
0x50388dcf, faulting module NETSaelv.dll, version 0.0.0.0, time stamp 0x50c61574,
exception code 0xc00000fd, fault offset 0x00001114, process id 0x608, application
start time 0x01cdd72333033c69.

Error - 12/10/2012 6:55:13 PM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application wrhbkzfzcwpqlnmaxy.exe, version 0.0.0.0, time
stamp 0x503395ad, faulting module ntdll.dll, version 6.0.6002.18541, time stamp
0x4ec3e3d5, exception code 0xc0000409, fault offset 0x00009ae2, process id 0x410,
application start time 0x01cdd72966560d64.

Error - 12/10/2012 7:11:17 PM | Computer Name = Colin-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 12/11/2012 10:49:19 AM | Computer Name = Colin-Laptop | Source = EventSystem | ID = 4609
Description =

Error - 12/11/2012 10:53:19 AM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19328, time stamp
0x50388dcf, faulting module NETSaelv.dll, version 0.0.0.0, time stamp 0x50c61574,
exception code 0xc00000fd, fault offset 0x0000113f, process id 0x33c, application
start time 0x01cdd7aed251bc7b.

Error - 12/11/2012 10:53:34 AM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19328, time stamp
0x50388dcf, faulting module NETSaelv.dll, version 0.0.0.0, time stamp 0x50c61574,
exception code 0xc00000fd, fault offset 0x00001148, process id 0x6e4, application
start time 0x01cdd7af47c4341b.

Error - 12/11/2012 10:53:43 AM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19328, time stamp
0x50388dcf, faulting module NETSaelv.dll, version 0.0.0.0, time stamp 0x50c61574,
exception code 0xc00000fd, fault offset 0x00001142, process id 0x694, application
start time 0x01cdd7af50085a7b.

Error - 12/11/2012 10:53:53 AM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19328, time stamp
0x50388dcf, faulting module NETSaelv.dll, version 0.0.0.0, time stamp 0x50c61574,
exception code 0xc00000fd, fault offset 0x0000112e, process id 0x478, application
start time 0x01cdd7af560c741b.

Error - 12/11/2012 10:57:22 AM | Computer Name = Colin-Laptop | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 10.1.4.38, time stamp 0x5012ea69,
faulting module NETSaelv.dll, version 0.0.0.0, time stamp 0x50c61574, exception
code 0xc00000fd, fault offset 0x0000112f, process id 0x1dc, application start time
0x01cdd7afd1e3a3bb.

[ FTTLog Events ]
Error - 12/13/2011 10:43:33 AM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The request channel timed out attempting
to send after 00:01:00. Increase the timeout value passed to the call to Request
or increase the SendTimeout value on the Binding. The time allotted to this operation
may have been a portion of a longer timeout.

Error - 12/13/2011 1:31:40 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The request channel timed out attempting
to send after 00:01:00. Increase the timeout value passed to the call to Request
or increase the SendTimeout value on the Binding. The time allotted to this operation
may have been a portion of a longer timeout.

Error - 12/13/2011 3:34:10 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The request channel timed out attempting
to send after 00:01:00. Increase the timeout value passed to the call to Request
or increase the SendTimeout value on the Binding. The time allotted to this operation
may have been a portion of a longer timeout.

Error - 12/13/2011 5:07:33 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The request channel timed out attempting
to send after 00:01:00. Increase the timeout value passed to the call to Request
or increase the SendTimeout value on the Binding. The time allotted to this operation
may have been a portion of a longer timeout.

Error - 12/14/2011 10:38:21 AM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The request channel timed out attempting
to send after 00:01:00. Increase the timeout value passed to the call to Request
or increase the SendTimeout value on the Binding. The time allotted to this operation
may have been a portion of a longer timeout.

Error - 12/14/2011 3:02:28 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The request channel timed out attempting
to send after 00:01:00. Increase the timeout value passed to the call to Request
or increase the SendTimeout value on the Binding. The time allotted to this operation
may have been a portion of a longer timeout.

Error - 12/14/2011 10:14:35 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The request channel timed out attempting
to send after 00:01:00. Increase the timeout value passed to the call to Request
or increase the SendTimeout value on the Binding. The time allotted to this operation
may have been a portion of a longer timeout.

Error - 12/14/2011 10:27:10 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not find Local database

Error - 1/30/2012 4:26:04 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The process cannot access the file
'C:\Program Files\Mitchell 1\CRM\Data Acquisition\FTT.DataAcquisition.Personality.Common.dll'
because it is being used by another process.

Error - 1/30/2012 4:32:39 PM | Computer Name = Colin-Laptop | Source = FTTLog | ID = 0
Description = Could not connect to web service at https://daws.mitchell1.com/DataAcquisitionWebService.asmx.
Please check your connection to the internet.The process cannot access the file
'C:\Program Files\Mitchell 1\CRM\Data Acquisition\FTT.DataAcquisition.Personality.Common.dll'
because it is being used by another process.

[ Media Center Events ]
Error - 9/6/2008 7:40:53 PM | Computer Name = Colin-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/12/2008 8:36:12 PM | Computer Name = Colin-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/12/2009 4:44:18 PM | Computer Name = Colin-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 10:33:21 PM | Computer Name = Colin-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/10/2009 9:03:55 PM | Computer Name = Colin-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:06:05 PM | Computer Name = Colin-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2011 12:43:17 PM | Computer Name = Colin-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/11/2012 10:47:56 AM | Computer Name = Colin-Laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 12/11/2012 10:49:04 AM | Computer Name = Colin-Laptop | Source = DCOM | ID = 10005
Description =

Error - 12/11/2012 10:49:19 AM | Computer Name = Colin-Laptop | Source = DCOM | ID = 10005
Description =

Error - 12/11/2012 10:49:23 AM | Computer Name = Colin-Laptop | Source = DCOM | ID = 10005
Description =

Error - 12/11/2012 10:49:29 AM | Computer Name = Colin-Laptop | Source = DCOM | ID = 10005
Description =

Error - 12/11/2012 10:49:30 AM | Computer Name = Colin-Laptop | Source = DCOM | ID = 10005
Description =

Error - 12/11/2012 11:41:49 AM | Computer Name = Colin-Laptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 12/11/2012 11:41:53 AM | Computer Name = Colin-Laptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 12/11/2012 11:43:17 AM | Computer Name = Colin-Laptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 12/11/2012 11:43:21 AM | Computer Name = Colin-Laptop | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

#7 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 11 December 2012 - 11:09 AM

Just so you don't miss it from my last post, I also have a Rogue antivirus infection called System Progressive Protection. I can start my computer in safe mode with networking just fine. Internet explorer keeps crashing in safe mode, but Chrome seems to be working ok. If I start the computer normally, the System Progressive Protection thing starts immediately and then the FBI hijack screen appears after a few minutes or so. It locks the machine up and I have to fore shutdown. Thanks again and I will be awaiting your next set of instructions.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:39 PM

Posted 11 December 2012 - 06:52 PM

Hi AllYourBase!

Thank you for helping me, I will begin performing the requested tasks ASAP. In addition to what I posted above, I wanted to mention that I restarted my computer normally after posting this and found I also have some kind of Rogue antivirus program that has installed itself also. It is called System Progressive Protection. Just figured you should know. Again thanks and as soon as I have completed the tasks you requested I will post back!

Okay, thank you for making me aware of that.

You have some nasty infections going on with your computer.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:
Special thanks to quietman7 for providing the above information.


NEXT:



Please note the following warning:


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


You will need to proceed with these instructions below in Safe Mode.
NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    MOD - C:\Windows\System32\NETSaelv.dll ()
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
    O4 - HKLM..\Run: [mcrtu] C:\Users\Colin\AppData\Roaming\mcrtu.dll ()
    O4 - HKLM..\Run: [upnpi] C:\Users\Colin\AppData\Roaming\upnpi.dll (Donkey)
    O4 - HKCU..\Run: [] C:\Users\Colin\wrhbkzfzcwpqlnmaxy.exe ()
    O4 - HKCU..\Run: [Apple] C:\Users\Colin\AppData\Local\Apple\mvboaobu.dll (LEAD Technologies, Inc.)
    O4 - HKCU..\Run: [Svc2dll] C:\Users\Colin\AppData\Roaming\svcxdcl32.exe ()
    O4 - HKCU..\Run: [vopsinzylgad] C:\Users\Colin\vopsinzylgad.exe ()
    O4 - HKCU..\RunOnce: [18819AF62D5F870100001881827B8DE4] C:\ProgramData\18819AF62D5F870100001881827B8DE4\18819AF62D5F870100001881827B8DE4.exe ()
    O15 - HKCU\..Trusted Domains: medium-truck.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: ondemand5.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: repair-connect.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: shopkey5.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: tractor-trailer.net ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: vintage.mitchell1.com ([]* in Trusted sites)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O36 - AppCertDlls: diskdosx - (C:\Windows\system32\NETSaelv.dll) - C:\Windows\System32\NETSaelv.dll ()
    [2012/12/10 16:55:15 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
    [2012/12/10 15:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\18819AF62D5F870100001881827B8DE4
    [2012/12/10 15:46:40 | 000,158,208 | ---- | C] (Donkey) -- C:\Users\Colin\AppData\Roaming\upnpi.dll
    [2012/12/10 16:55:16 | 000,000,063 | ---- | M] () -- C:\Users\Colin\AppData\Local\svcxdcl32.exe
    [2012/12/10 16:55:15 | 000,002,012 | ---- | M] () -- C:\Users\Colin\Desktop\System Progressive Protection.lnk
    [2012/12/10 15:48:21 | 000,592,896 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\mcrtu.dll
    [2012/12/10 15:47:30 | 000,061,440 | -H-- | M] () -- C:\Windows\System32\NETSaelv.dll
    [2012/12/10 15:46:40 | 000,158,208 | ---- | M] (Donkey) -- C:\Users\Colin\AppData\Roaming\upnpi.dll
    [2012/12/10 15:46:36 | 000,036,296 | -HS- | M] () -- C:\Users\Colin\vopsinzylgad.exe
    [2012/12/10 15:46:32 | 000,065,536 | ---- | M] () -- C:\Users\Colin\dvhbzqcghlfwhwdjhdohflx.exe
    [2012/12/10 15:46:30 | 000,089,600 | ---- | M] () -- C:\Users\Colin\wrhbkzfzcwpqlnmaxy.exe
    [2012/12/10 15:42:52 | 000,123,392 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\svcxdcl32.exe
    [2012/12/10 08:29:58 | 000,000,154 | ---- | M] () -- C:\Users\Colin\AppData\Local\svcxdcl32.dat
    [2012/12/04 09:04:20 | 000,130,048 | ---- | M] () -- C:\Users\Colin\wgsdgsdgdsgsd.exe
    [2012/12/10 15:47:36 | 000,592,896 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\mcrtu.dll
    [2012/12/10 15:47:30 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\NETSaelv.dll
    [2012/12/10 15:47:06 | 000,036,296 | -HS- | C] () -- C:\Users\Colin\vopsinzylgad.exe
    [2012/12/10 15:46:31 | 000,065,536 | ---- | C] () -- C:\Users\Colin\dvhbzqcghlfwhwdjhdohflx.exe
    [2012/12/10 15:46:29 | 000,089,600 | ---- | C] () -- C:\Users\Colin\wrhbkzfzcwpqlnmaxy.exe
    [2012/12/10 15:42:51 | 000,123,392 | ---- | C] () -- C:\Users\Colin\AppData\Roaming\svcxdcl32.exe
    [2012/12/04 09:04:35 | 000,000,154 | ---- | C] () -- C:\Users\Colin\AppData\Local\svcxdcl32.dat
    [2012/12/04 09:04:26 | 000,000,063 | ---- | C] () -- C:\Users\Colin\AppData\Local\svcxdcl32.exe
    [2012/12/03 09:14:37 | 000,130,048 | ---- | C] () -- C:\Users\Colin\wgsdgsdgdsgsd.exe
    [2012/11/21 10:34:48 | 000,013,405 | ---- | C] () -- C:\Users\Colin\Desktop\Chemtrol history.pdf
    [2012/11/07 11:43:11 | 000,000,160 | ---- | C] () -- C:\ProgramData\-V01OnBhSLM0hzjr
    [2012/11/07 11:43:11 | 000,000,144 | ---- | C] () -- C:\ProgramData\-V01OnBhSLM0hzj
    [2012/11/07 11:43:02 | 000,000,368 | ---- | C] () -- C:\ProgramData\V01OnBhSLM0hzj
    2012/12/10 15:47:05 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@
    [2012/12/10 15:47:05 | 000,049,152 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n
    [2012/12/10 15:47:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L
    [2012/12/10 15:47:10 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U
    [2012/12/10 15:47:09 | 000,000,928 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\00000001.@
    [2012/12/10 15:47:10 | 000,011,776 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\80000000.@
    [2012/12/10 15:47:10 | 000,021,504 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\800000cb.@
    [2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    :Reg
    
    :Files
    C:\Users\Colin\AppData\Local\Apple\mvboaobu.dll
    C:\Users\Colin\AppData\Local\temp\4.350763618558774E8.exe
    C:\Users\Colin\AppData\Local\temp\B0FY98A.exe
    C:\Users\Colin\AppData\Local\temp\~!#3433.tmp
    C:\Users\Colin\AppData\Local\temp\~!#7F19.tmp
    C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\32cc1717-4cb1fa9f 
    C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\52d2da9c-7aba6e8e
    C:\Users\Colin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\78fa57bf-4df5c4f2
    C:\Users\Colin\AppData\Roaming\svcxdcl32.exe
    C:\Users\Colin\wgsdgsdgdsgsd.exe
    C:\ProgramData\18819AF62D5F870100001881827B8DE4\18819AF62D5F870100001881827B8DE4.exe
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log file
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 AllYourBase

AllYourBase
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 12 December 2012 - 04:08 PM

Thank you for the reply. After carefully considering what my options were, I decided not to pursue trying to clean this machine. Instead I went ahead and purchased Windows 8, backed up all my personal files and documents and did a reformat and clean install of Windows 8. I finished it up last night and the computer is fine again.
I want to thank you for your efforts in trying to help me remedy the problem, but after reading that the system may still be compromised after cleaning, convinced me to just wipe it and start fresh, as I did have sensitive information stored on the machine.

Thanks again and have a wonderful day!
AYB

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:39 PM

Posted 12 December 2012 - 04:46 PM

Not a problem! You made a great decision by reformatting and re-install your operating system. With this infection it's the safest option to take.

Please see my recommendations below for how to keep your system protected.

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users