Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dbi green dot virus 2


  • This topic is locked This topic is locked
2 replies to this topic

#1 jb516443

jb516443

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 31 July 2012 - 02:43 PM

Im getting this fbi virus popping up everytime I boot up my computer. Ive managed to boot up in safe mode and delete the 0PXnnEUH.exe file and stop it from starting up for about 48 hours. after that the virus finds its way back in the system and im back at square one. I read another post someone made and you told them to run OTL so I've already done that and here are my logs. The Virus has been removed before I ran these logs. Im not sure if you need the virus to be present or not but here are my logs from OTL.

OTL logfile created on: 7/31/2012 2:04:43 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\JamesBond\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 30.23% Memory free
3.98 Gb Paging File | 2.84 Gb Available in Paging File | 71.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.18 Gb Total Space | 360.88 Gb Free Space | 79.11% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.12 Gb Free Space | 11.69% Space Free | Partition Type: NTFS

Computer Name: M1 | User Name: JamesBond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 14:01:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\JamesBond\Downloads\OTL.exe
PRC - [2012/07/11 09:14:33 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/11 09:14:12 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/07/09 18:09:53 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/30 01:25:12 | 005,160,192 | ---- | M] () -- C:\Program Files\BellCommander\bcappservice.exe
PRC - [2011/01/06 18:59:24 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/16 19:14:06 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/03/22 12:56:40 | 000,097,448 | ---- | M] (Kronos Incorporated) -- C:\Program Files\ADP\TimeclockMgr\Dcm\EventMgr.exe
PRC - [2009/06/13 09:12:02 | 003,457,024 | ---- | M] (Keyscan Inc.) -- C:\Program Files\Keyscan7\Keyscan7CommWindow.exe
PRC - [2009/04/11 01:28:11 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/24 18:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/18 11:42:34 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/18 11:42:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/18 11:42:32 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/04/18 11:42:32 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/18 11:42:32 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/18 11:42:30 | 000,157,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/23 20:08:06 | 000,876,544 | ---- | M] () -- C:\Program Files\ADP\TimeclockMgr\kronoscm\dcm\libeay32.dll
MOD - [2009/11/23 20:08:06 | 000,159,744 | ---- | M] () -- C:\Program Files\ADP\TimeclockMgr\kronoscm\dcm\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/07/26 16:28:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 09:14:33 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/11 09:14:12 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/09 18:09:53 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/30 01:25:12 | 005,160,192 | ---- | M] () [Auto | Running] -- C:\Program Files\BellCommander\bcappservice.exe -- (BellCommanderApplicationService)
SRV - [2010/12/16 19:14:06 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/18 11:42:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/04/18 11:42:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/04/18 11:42:32 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/18 11:42:32 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/04/18 11:42:32 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/11 09:14:13 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/04 13:36:53 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120731.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/04 13:36:53 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120731.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/30 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/06/09 15:02:25 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\radpms.sys -- (radpms)
DRV - [2009/08/11 09:11:56 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/08/11 09:08:22 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/04/30 23:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/04/30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/04/18 11:42:34 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/04/18 11:42:34 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/04/18 11:42:34 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/04/18 11:42:30 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/04/18 11:42:30 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/04/18 11:42:28 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/01/18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..\SearchScopes\{5436A698-61DF-4ED0-9389-C3FD4E55DA0F}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120415,18758,0,8,0
IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F49E54A1-1C23-4BE2-8669-FB032E5C15F9}&mid=dc0f2632bbcd47d091c2d157ca7c3a28-3fbb5077d58725a166dc22f286ee404289a3d188&lang=en&ds=AVG&pr=fr&d=2012-04-20 14:24:02&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.2191
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledItems: {CA198387-A9B7-11E1-8270-B8AC6F996F26}:2.0.14
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/07/02 09:46:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/17 08:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:46:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 18:10:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/06 18:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/30 16:06:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CA198387-A9B7-11E1-8270-B8AC6F996F26}: C:\Users\JamesBond\AppData\Local\{CA198387-A9B7-11E1-8270-B8AC6F996F26}\ [2012/05/29 12:57:58 | 000,000,000 | ---D | M]

[2009/08/10 19:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JamesBond\AppData\Roaming\Mozilla\Extensions
[2012/07/31 14:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JamesBond\AppData\Roaming\Mozilla\Firefox\Profiles\j5pj8nct.default\extensions
[2011/01/10 18:22:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\JamesBond\AppData\Roaming\Mozilla\Firefox\Profiles\j5pj8nct.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/12 19:50:59 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\JamesBond\AppData\Roaming\Mozilla\Firefox\Profiles\j5pj8nct.default\extensions\LogMeInClient@logmein.com
[2012/07/27 11:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 08:26:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/30 08:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/07/27 11:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/05/30 16:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/07/02 09:46:15 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX
[2012/07/02 09:46:14 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/05/29 12:57:58 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JAMESBOND\APPDATA\LOCAL\{CA198387-A9B7-11E1-8270-B8AC6F996F26}
[2012/07/09 18:10:09 | 000,003,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/07/19 08:55:43 | 000,249,908 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 8711 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KeyscanAutoRun] C:\Program Files\Keyscan7\Keyscan7CommWindow.exe (Keyscan Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..Trusted Domains: adp.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..Trusted Domains: elabor.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://172.17.2.124:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://172.17.2.124:100/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} http://172.17.2.124/MP4DVR.cab (ERViewerOCX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83377E04-007E-4FDA-AB8A-AC168B2C0ED8}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB41BA26-7C8D-44D0-9FC9-FE67F5CFC338}: DhcpNameServer = 172.17.2.10 172.17.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3214209781-3527764018-2259562211-1000 Winlogon: Shell - (C:\Users\JamesBond\AppData\Roaming\0PXnnEUH.exe) - File not found
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7d8b94ac-04e3-11e1-9aeb-001e8c98d3db}\Shell - "" = AutoRun
O33 - MountPoints2\{7d8b94ac-04e3-11e1-9aeb-001e8c98d3db}\Shell\AutoRun\command - "" = J:\PcOptions.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.ultimatebootcd.com/
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 12:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/07/19 12:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/07/19 09:51:16 | 000,000,000 | ---D | C] -- C:\Users\JamesBond\AppData\Local\MigWiz
[2012/07/19 09:20:25 | 000,000,000 | ---D | C] -- C:\Users\JamesBond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/07/19 09:19:46 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/19 09:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/19 08:52:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/19 08:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/19 08:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/19 08:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/17 08:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2012/07/16 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/07/16 15:28:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/16 12:14:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/16 12:14:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/16 12:14:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/16 12:12:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 12:10:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/16 07:53:33 | 000,000,000 | ---D | C] -- C:\Users\JamesBond\AppData\Roaming\Roaming
[2012/07/11 03:05:49 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 16:12:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/31 14:13:09 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F9D8B0EB-23D7-4571-BC6A-7780D950CD8E}.job
[2012/07/31 13:51:10 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 13:51:10 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 13:50:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 13:50:29 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 13:31:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 03:26:32 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/30 09:22:04 | 000,001,356 | ---- | M] () -- C:\Users\JamesBond\AppData\Local\d3d9caps.dat
[2012/07/26 16:28:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/26 16:28:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/26 16:28:10 | 009,230,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/07/23 08:59:43 | 000,281,088 | ---- | M] () -- C:\Users\JamesBond\AppData\Roaming\VZGYMYZh.exe
[2012/07/19 15:03:52 | 000,259,584 | ---- | M] () -- C:\Users\JamesBond\AppData\Roaming\PsWBNYOn.exe
[2012/07/19 13:07:42 | 000,711,064 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/19 13:07:42 | 000,144,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/19 09:20:27 | 000,002,085 | ---- | M] () -- C:\Users\JamesBond\Desktop\SpyHunter.lnk
[2012/07/19 08:55:43 | 000,249,908 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/19 08:35:43 | 000,001,079 | ---- | M] () -- C:\Users\JamesBond\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/19 08:35:43 | 000,001,055 | ---- | M] () -- C:\Users\JamesBond\Desktop\Spybot - Search & Destroy.lnk
[2012/07/17 08:25:10 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/16 15:44:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 07:51:45 | 000,027,520 | ---- | M] () -- C:\Users\JamesBond\AppData\Local\dt.dat
[2012/07/11 09:14:13 | 000,083,392 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/07/11 09:14:12 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/07/11 09:14:12 | 000,030,624 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/31 13:50:29 | 2011,750,400 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/23 08:59:47 | 000,281,088 | ---- | C] () -- C:\Users\JamesBond\AppData\Roaming\VZGYMYZh.exe
[2012/07/19 15:03:55 | 000,259,584 | ---- | C] () -- C:\Users\JamesBond\AppData\Roaming\PsWBNYOn.exe
[2012/07/19 09:20:27 | 000,002,085 | ---- | C] () -- C:\Users\JamesBond\Desktop\SpyHunter.lnk
[2012/07/19 08:35:43 | 000,001,079 | ---- | C] () -- C:\Users\JamesBond\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/19 08:35:43 | 000,001,055 | ---- | C] () -- C:\Users\JamesBond\Desktop\Spybot - Search & Destroy.lnk
[2012/07/16 12:14:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/16 12:14:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/16 12:14:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/16 12:14:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/16 12:14:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/16 07:51:45 | 000,027,520 | ---- | C] () -- C:\Users\JamesBond\AppData\Local\dt.dat
[2012/04/16 12:31:15 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/11 08:19:33 | 000,002,048 | -HS- | C] () -- C:\Users\JamesBond\AppData\Local\{c9b0ec69-9198-6688-bb3b-877d99cb18a1}\@
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/04/21 17:47:15 | 000,000,000 | ---- | C] () -- C:\Windows\QuickPunchMgr.INI
[2011/02/04 09:58:00 | 000,000,000 | ---- | C] () -- C:\Windows\DevMaint.INI
[2010/04/19 19:54:08 | 000,001,356 | ---- | C] () -- C:\Users\JamesBond\AppData\Local\d3d9caps.dat
[2010/03/05 09:34:23 | 000,005,120 | ---- | C] () -- C:\Users\JamesBond\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >


OTL Extras logfile created on: 7/31/2012 2:04:43 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\JamesBond\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 30.23% Memory free
3.98 Gb Paging File | 2.84 Gb Available in Paging File | 71.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.18 Gb Total Space | 360.88 Gb Free Space | 79.11% Space Free | Partition Type: NTFS
Drive D: | 9.57 Gb Total Space | 1.12 Gb Free Space | 11.69% Space Free | Partition Type: NTFS

Computer Name: M1 | User Name: JamesBond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AC85C05-E9D5-4D93-9667-6C83AA2B0FB2}" = rport=138 | protocol=17 | dir=out | app=system |
"{41DD48CA-1972-4C8F-8923-F917D57391C5}" = lport=139 | protocol=6 | dir=in | app=system |
"{89DB5558-8520-4B34-9012-E864B2D91675}" = lport=3389 | protocol=6 | dir=in | app=system |
"{93AD6653-1FBD-4437-B43C-AC2C3CDF0CB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A535E12C-A338-4C06-B64A-04B4E192734B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C9B33909-B0F1-4600-A383-8F6BABD3C86D}" = rport=445 | protocol=6 | dir=out | app=system |
"{CEB5888B-E1DF-4B4B-8D3F-C1632A71F2F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{D31A8654-E015-442F-9B53-3353161509EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{D63F3636-87A5-4426-A271-73E1BF4E7255}" = rport=139 | protocol=6 | dir=out | app=system |
"{E128D40A-CA5F-45A8-B9A0-65A4B5B7C447}" = lport=138 | protocol=17 | dir=in | app=system |
"{F2B562AD-8844-485F-9FB4-FCCFBA00C85F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046DC2FF-2E02-4EF7-91C3-E673791499B4}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{12AA1427-FEED-4502-A1F6-187AB164BFE7}" = protocol=6 | dir=in | app=c:\program files\acroprint\attendance rx\arxtq100s.exe |
"{1459F03F-CD45-44AD-AD4D-6D35BF675ECC}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{152526D5-6A77-4D58-B642-A4D8484D9F8D}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\atmcontroller.exe |
"{1AEFF4A9-D436-4451-A13F-92D062364592}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\appclnt.exe |
"{20E821BB-EDD2-4D31-B062-259504F9766E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{24755D81-982F-4B23-BB27-D7AAC99AEE24}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2946E47A-CFB4-4EE2-A81F-EACD4667BD8F}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\atmcontroller.exe |
"{2D3D2EBD-1087-479A-9806-E8CF86E502D0}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{43C8CCFD-9D39-4725-B000-95C5895D49B6}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{4520C0F0-1434-4695-B8FB-42AB0829522D}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\sentinel.exe |
"{479AE518-B274-418C-BE27-F915B3EC51B5}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\commclnt2.exe |
"{4E329DE1-5F63-408D-A6BE-383478EEAD45}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\commclnt2.exe |
"{4FAC0EEC-81B0-42F0-8227-B285D3077A33}" = protocol=17 | dir=in | app=c:\program files\bellcommander\bcappservice.exe |
"{50F61320-0247-43F5-BDA3-6DB37F4F36AD}" = protocol=17 | dir=in | app=c:\program files\acroprint\attendance rx\attendancerx.exe |
"{5A7938C6-8D2F-41E9-BA28-697782AB2AA2}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{5A7A08E7-BA8C-4F96-B8B5-E4C269A6A910}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{601CF124-3F16-48A8-9496-3BB99DF52ED1}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\appclnt.exe |
"{62D14E67-149D-4F8A-B05E-49B76983A775}" = protocol=6 | dir=in | app=c:\program files\bellcommander\bcappservice.exe |
"{768C4DA3-65A7-4C78-83BC-DD66C159A450}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\devmaint.exe |
"{79698C11-E158-4264-BF67-440B99979D14}" = protocol=6 | dir=in | app=c:\program files\acroprint\attendance rx\attendancerx.exe |
"{82318308-2587-4E19-A954-95B17C7B9A47}" = protocol=6 | dir=in | app=c:\program files\bellcommander\bellcmd.exe |
"{8318922A-5B86-4C03-B4DF-D106092A26A2}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{85B26D3D-093F-412C-A99E-CCE9B2C42F26}" = protocol=6 | dir=in | app=c:\program files\bellcommander\bellcmd.exe |
"{88E98B91-9A17-4008-BB4D-4ACCFDBBE7B4}" = protocol=17 | dir=in | app=c:\program files\bellcommander\bellcmd.exe |
"{9229AD1C-E8E3-4C42-91F3-76929BC48E01}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{94FCBF77-E026-49FA-8CD5-77B276894C2D}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\sentinel.exe |
"{95E97B8A-75B5-4871-B6ED-66A643C50060}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\commclnt.exe |
"{9B801DA8-BE8A-4608-A871-60A098988AB2}" = protocol=17 | dir=in | app=c:\program files\bellcommander\bellcmd.exe |
"{9DAA8475-67DB-497B-A431-0BC5CD7BEAC3}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{9E144AAC-D725-4E3A-83C1-1D07BD9AAAFC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{A1DF1DB3-C946-4BE5-91DE-7C5CBC907B10}" = protocol=17 | dir=in | app=c:\program files\bellcommander\bellcmd.exe |
"{A238636A-D701-41E6-9E37-BEDC5D46482C}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\dcmstatemngr.exe |
"{A2E51198-E89F-4A09-A9BB-54DA529B55A9}" = protocol=6 | dir=in | app=c:\program files\bellcommander\bellcmd.exe |
"{A753D361-1E8D-468E-AA5B-91FB258D0760}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A7ED838F-4451-43E9-A38B-B6E29E193BE3}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\dcmstatemngr.exe |
"{B520A4D5-67EB-465A-B91B-1F36D94012E8}" = protocol=6 | dir=in | app=c:\program files\priority time\priotime.exe |
"{BAA3EC91-D524-4C4E-A670-3FDA8D544ABD}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{BB8971D4-C692-4B4E-B35B-CB61629F2919}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{D3E4E5B6-C0C6-4E2F-B527-4F80A3BCB4C6}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\commclnt.exe |
"{DE08C7F4-353B-4F0F-AFE9-9A823920CDDA}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\commmntr.exe |
"{E3613999-0597-4CAB-AD43-1160091E7043}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\atmprogress.exe |
"{EA6CCD12-5EA0-4B75-BF89-B60A51BE7573}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\atmprogress.exe |
"{EBA9861D-9AA3-4E99-8FBA-101A096B4F6D}" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\commmntr.exe |
"{EF11596B-2DD7-45D4-A857-394BC8A068C6}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{F04167BA-20F0-470B-9CB0-64F5FC30FA57}" = protocol=17 | dir=in | app=c:\program files\acroprint\attendance rx\arxtq100s.exe |
"{FD285835-EE10-4596-B52D-87DB371B4D34}" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\devmaint.exe |
"{FD4E9F71-3689-4017-BC36-7C6866718D67}" = protocol=17 | dir=in | app=c:\program files\priority time\priotime.exe |
"TCP Query User{4A272ED5-FE46-440D-8933-CD9F1790BF6F}C:\program files\adp\timeclockmgr\dcm\httpsvr.exe" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\httpsvr.exe |
"TCP Query User{DFF4A0DC-F113-4EA1-85BA-D4864CDC8A4C}C:\program files\adp\timeclockmgr\dcm\httpsvr.exe" = protocol=6 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\httpsvr.exe |
"TCP Query User{F51A9BE2-217D-4D13-9064-5994D47332CD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{502B93B0-8151-43F2-968E-F7C5FBD6B76E}C:\program files\adp\timeclockmgr\dcm\httpsvr.exe" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\httpsvr.exe |
"UDP Query User{B5E202E7-45CA-4A8A-9F7A-1D28670138CF}C:\program files\adp\timeclockmgr\dcm\httpsvr.exe" = protocol=17 | dir=in | app=c:\program files\adp\timeclockmgr\dcm\httpsvr.exe |
"UDP Query User{DCEA6F96-D8E2-4302-B3F9-54374EB002C9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{1C2D030F-AECD-4E72-A8FD-AB4242BDA7C6}" = Keyscan System VII Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (KEYSCAN7)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43F6E233-781C-4C92-B77C-27CFA49F32F4}" = Keyscan System VII Communications
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (ATMSQLSERVER)
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{8ABDF883-6DAE-4EFD-85B6-171896342D0C}" = Keyscan System VII Photo Badging & Mapping Editor
"{967204A8-8CE2-40F5-AD6A-21D8D63DB3A8}" = Attendance Rx
"{9917F2BE-5086-4DA4-8FAF-21959B11203E}" = Keyscan System VII Control Module
"{9BCA4556-A960-469E-BBBC-F336716CE3F9}" = ADP Timeclock Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA87CB3F-0F43-4B86-BAE1-5C545B155EDA}" = Keyscan System VII Database
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{CC1F6DA0-21D2-425A-B1B6-5B164A598450}" = SpyHunter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EA90F101-F332-4841-900A-320F517ABF27}" = QBFC 5.0
"{EBAE7044-5EB0-4220-AC83-F4743F1DF775}" = ADP File Upload
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBDB5A03-AD33-4258-B016-3BED11719694}" = Keyscan NETCOM Program Tool
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"BellCommander Application Service_is1" = BellCommander 5.00 Sound Card Application Service - Build 1
"BellCommander_is1" = BellCommander 5.00 Evaluation Version
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIA Drivers" = NVIDIA Drivers
"VLC media player" = VLC media player 1.0.5
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3214209781-3527764018-2259562211-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2012 4:24:36 AM | Computer Name = M1 | Source = SQLBrowser | ID = 5111809
Description = The SQL configuration for SQL is inaccessible or invalid.

Error - 7/31/2012 4:27:15 AM | Computer Name = M1 | Source = SQLBrowser | ID = 5111809
Description = The SQL configuration for SQL is inaccessible or invalid.

Error - 7/31/2012 1:13:52 PM | Computer Name = M1 | Source = EventSystem | ID = 4609
Description =

Error - 7/31/2012 2:17:53 PM | Computer Name = M1 | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 7/31/2012 2:20:13 PM | Computer Name = M1 | Source = SQLBrowser | ID = 5111809
Description = The SQL configuration for SQL is inaccessible or invalid.

Error - 7/31/2012 2:31:23 PM | Computer Name = M1 | Source = SQLBrowser | ID = 5111809
Description = The SQL configuration for SQL is inaccessible or invalid.

Error - 7/31/2012 2:35:48 PM | Computer Name = M1 | Source = EventSystem | ID = 4609
Description =

Error - 7/31/2012 2:40:55 PM | Computer Name = M1 | Source = SQLBrowser | ID = 5111809
Description = The SQL configuration for SQL is inaccessible or invalid.

Error - 7/31/2012 2:45:05 PM | Computer Name = M1 | Source = EventSystem | ID = 4609
Description =

Error - 7/31/2012 2:51:43 PM | Computer Name = M1 | Source = SQLBrowser | ID = 5111809
Description = The SQL configuration for SQL is inaccessible or invalid.

[ System Events ]
Error - 7/31/2012 2:45:39 PM | Computer Name = M1 | Source = Service Control Manager | ID = 7001
Description =

Error - 7/31/2012 2:45:40 PM | Computer Name = M1 | Source = DCOM | ID = 10005
Description =

Error - 7/31/2012 2:45:40 PM | Computer Name = M1 | Source = DCOM | ID = 10005
Description =

Error - 7/31/2012 2:45:40 PM | Computer Name = M1 | Source = Service Control Manager | ID = 7001
Description =

Error - 7/31/2012 2:52:07 PM | Computer Name = M1 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/31/2012 2:52:47 PM | Computer Name = M1 | Source = DCOM | ID = 10016
Description =

Error - 7/31/2012 2:52:59 PM | Computer Name = M1 | Source = DCOM | ID = 10016
Description =

Error - 7/31/2012 2:53:08 PM | Computer Name = M1 | Source = Service Control Manager | ID = 7011
Description =

Error - 7/31/2012 2:56:32 PM | Computer Name = M1 | Source = Service Control Manager | ID = 7000
Description =

Error - 7/31/2012 2:56:32 PM | Computer Name = M1 | Source = Service Control Manager | ID = 7001
Description =


< End of report >

Is there a way to remove this from the registry?

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 05 August 2012 - 02:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463284 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 10 August 2012 - 02:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users