WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Something Is Not Right! [Closed]
Started by
Lewg
, Feb 22 2012 08:14 AM
This topic is locked
53 replies to this topic
#16
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 24 February 2012 - 09:06 AM
Register to Remove
#17
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 24 February 2012 - 09:10 AM
It's my Home Desktop PC.
#18
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 24 February 2012 - 09:32 AM
Hi Lewg,
Ok thanks. I just needed to know.
-----------
Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------
Run OTL.exe
Ok thanks. I just needed to know.
-----------
Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 86 02 AA 3E C7 CC 01 [binary data] FF - prefs.js..browser.startup.homepage: "about:home" FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found. O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\WKCALREM.LNK.disabled () O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PUTTY.RND :Files C:\Documents and Settings\Compaq_Administrator\Application Data\IObit ipconfig /fluschdns /c :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"=- "2869:TCP"=- "139:TCP"=- "445:TCP"=- "137:UDP"=- "138:UDP"=- :Commands [purity] [resethosts] [emptytemp] [start explorer] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
#19
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 24 February 2012 - 11:34 AM
OTL logfile created on: 02/24/2012 12:24:22 PM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
958.48 Mb Total Physical Memory | 327.76 Mb Available Physical Memory | 34.20% Memory free
2.26 Gb Paging File | 1.77 Gb Available in Paging File | 78.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 186.41 Gb Free Space | 82.97% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.54 Gb Free Space | 6.63% Space Free | Partition Type: FAT32
Drive F: | 93.37 Gb Total Space | 56.02 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
Computer Name: COMPAQ-PRESARIO | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Windows ® Codename Longhorn DDK provider)
PRC - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\WOT\WOT.dll ()
MOD - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
========== Win32 Services (SafeList) ==========
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows ® Codename Longhorn DDK provider)
SRV - (CLDTVHNService) -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (MpKsl3cc1ba34) -- File not found
DRV - (MpKsl449812bc) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E0C1E08-D4A4-420E-9BC7-375F78EF1004}\MpKsl449812bc.sys (Microsoft Corporation)
DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (ntk_dtv) -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys (Cyberlink Corp.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{8A863ACB-F5F6CC6A-05010003}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/17 11:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/17 11:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/31 14:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 09:44:28 | 000,000,000 | ---D | M]
[2011/12/31 14:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2011/12/31 14:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/03 00:06:59 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/24 16:22:52 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/02/24 12:18:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/14 07:43:53 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Compaq_Administrator\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Compaq_Administrator\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7C78262-8D81-4086-BCD4-535ECA720CFA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (SDEarlyDelete \??)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/24 12:18:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/23 21:31:26 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2012/02/23 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/23 17:02:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/23 14:13:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/23 13:58:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/23 11:53:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/23 11:53:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/23 11:53:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/23 11:53:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/23 11:51:53 | 004,417,295 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2012/02/22 20:08:30 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2012/02/22 20:06:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.com
[2012/02/22 20:06:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2012/02/17 19:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Maritime Museum Sleeping Bear Point
========== Files - Modified Within 30 Days ==========
[2012/02/24 12:32:00 | 000,000,500 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC3AEFBE-E14D-4663-828F-914798DAD592}.job
[2012/02/24 12:25:26 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/24 12:21:36 | 000,049,362 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/02/24 12:20:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/24 12:18:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/24 11:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/24 08:53:33 | 000,047,638 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\My Wiring.JPG
[2012/02/24 02:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 23:24:31 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\List of Doc Martin episodes - Wikipedia, the free encyclopedia.url
[2012/02/23 21:31:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2012/02/23 21:22:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 12:28:06 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/02/23 12:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/23 11:52:51 | 004,417,295 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2012/02/23 10:52:55 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2012/02/23 06:58:14 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\The Five.url
[2012/02/23 03:01:27 | 000,458,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/23 03:01:27 | 000,078,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 22:45:59 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Yahoo!.url
[2012/02/22 20:20:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2012/02/22 20:08:38 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2012/02/22 20:06:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.com
[2012/02/22 20:06:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2012/02/22 11:51:35 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera.url
[2012/02/22 11:39:00 | 000,002,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Interactive User's Guide.lnk
[2012/02/22 11:35:44 | 000,047,807 | ---- | M] () -- C:\WINDOWS\hpiins01.dat.temp
[2012/02/22 11:27:40 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Manual Removal Guide for Moozy - Safer-Networking Forums.url
[2012/02/22 10:05:17 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google.url
[2012/02/21 18:14:02 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Photo Gallery - Winter Preview 2012 New TV Shows - TV Shows & TV Series Pictures & Photos TWoP.url
[2012/02/20 18:39:50 | 000,002,213 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Doc Martin Season.url
[2012/02/20 10:10:51 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Live Sports Events and ESPN Programs Online and on Mobile Applications - WatchESPN.url
[2012/02/20 09:35:26 | 000,000,302 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CBS Radio Mystery Theater CBSRMT - Old Time Radio Shows - OTR.url
[2012/02/19 14:57:42 | 000,001,135 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to bug_std_super_72 wiring diagrahm.lnk
[2012/02/18 23:44:24 | 006,849,352 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Microsoft PowerPointSTFWIRING.pdf
[2012/02/17 13:01:21 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 11:00:35 | 000,000,271 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Glynn County, GA - Official Website - Live Meeting Video.url
[2012/02/16 17:35:42 | 000,081,455 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Run-on-Trout.jpg
[2012/02/16 17:28:09 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\912-638-5778 - Pipl - People Search.url
[2012/02/16 08:52:49 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Walmart Toshiba Toshiba Black Trax 17.3 C675-S7308 Laptop PC with Intel Core i3-2330M Processor and Windows 7 Home Premium Questions, Answers, How To, FAQs, Tips, Advice, Answers, Buying Guide.url
[2012/02/16 03:02:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 22:38:19 | 000,014,798 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2012/02/15 22:38:19 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Internal Revenue Service.wps
[2012/02/15 22:36:33 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT11.ini
[2012/02/15 22:18:09 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Ga Dept Of Revenue.wps
[2012/02/14 22:47:39 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tom's Bug Gauges.url
[2012/02/14 14:03:36 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP Home & Home Office Store - Shopping Cart and Checkout.url
[2012/02/14 09:20:19 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WunderMap Interactive Radar & Weather Stations Weather Underground.url
[2012/02/12 14:31:34 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP INK ORDER.bmp
[2012/02/12 13:02:19 | 002,395,062 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Me and Carol at the Lake Mirror Classic in 2011.bmp
[2012/02/11 12:02:02 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\msxkwn.vxp
[2012/02/09 07:29:13 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera (2).url
[2012/02/08 16:07:37 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT10.ini
[2012/02/07 09:44:47 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\#player (2).url
[2012/02/04 14:03:01 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT09.ini
[2012/02/04 13:47:46 | 000,000,075 | ---- | M] () -- C:\WINDOWS\TaxACT08.ini
[2012/02/04 12:19:34 | 000,065,644 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\2011 Individual Tax Return File.ta1
[2012/02/01 09:23:11 | 000,000,074 | ---- | M] () -- C:\WINDOWS\TaxACT07.ini
[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/01/29 14:24:53 | 000,290,648 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 2.jpg
[2012/01/29 14:23:03 | 001,175,860 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 1.jpg
[2012/01/29 14:19:59 | 000,703,139 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Biddin Application for Mecum Auction.jpg
[2012/01/29 14:17:58 | 000,411,061 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL.jpg
========== Files Created - No Company Name ==========
[2012/02/24 08:53:33 | 000,047,638 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\My Wiring.JPG
[2012/02/23 23:24:31 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\List of Doc Martin episodes - Wikipedia, the free encyclopedia.url
[2012/02/23 12:28:06 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/02/23 11:53:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/23 11:53:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/23 11:53:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/23 11:53:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/23 11:53:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/23 10:52:52 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2012/02/22 20:20:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2012/02/22 11:39:00 | 000,002,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Interactive User's Guide.lnk
[2012/02/22 11:27:40 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Manual Removal Guide for Moozy - Safer-Networking Forums.url
[2012/02/20 10:10:51 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Live Sports Events and ESPN Programs Online and on Mobile Applications - WatchESPN.url
[2012/02/20 09:35:26 | 000,000,302 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CBS Radio Mystery Theater CBSRMT - Old Time Radio Shows - OTR.url
[2012/02/19 14:57:42 | 000,001,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to bug_std_super_72 wiring diagrahm.lnk
[2012/02/18 23:44:22 | 006,849,352 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Microsoft PowerPointSTFWIRING.pdf
[2012/02/16 17:32:40 | 000,081,455 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Run-on-Trout.jpg
[2012/02/16 17:17:37 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Glynn County, GA - Official Website - Live Meeting Video.url
[2012/02/15 22:13:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 22:13:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 22:47:39 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tom's Bug Gauges.url
[2012/02/12 14:31:33 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP INK ORDER.bmp
[2012/02/12 12:56:17 | 002,395,062 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Me and Carol at the Lake Mirror Classic in 2011.bmp
[2012/02/12 09:57:23 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\912-638-5778 - Pipl - People Search.url
[2012/02/10 19:25:30 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WunderMap Interactive Radar & Weather Stations Weather Underground.url
[2012/02/07 09:44:47 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\#player (2).url
[2012/02/06 09:26:08 | 000,002,213 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Doc Martin Season.url
[2012/02/04 15:33:12 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera (2).url
[2012/02/04 12:22:54 | 000,065,644 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\2011 Individual Tax Return File.ta1
[2012/02/02 14:05:03 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera.url
[2012/01/31 03:01:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/29 14:25:22 | 000,290,648 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 2.jpg
[2012/01/29 14:23:45 | 001,175,860 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 1.jpg
[2012/01/29 14:20:27 | 000,703,139 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Biddin Application for Mecum Auction.jpg
[2012/01/29 14:18:53 | 000,411,061 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL.jpg
[2012/01/28 13:12:38 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Walmart Toshiba Toshiba Black Trax 17.3 C675-S7308 Laptop PC with Intel Core i3-2330M Processor and Windows 7 Home Premium Questions, Answers, How To, FAQs, Tips, Advice, Answers, Buying Guide.url
[2012/01/06 17:08:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT11.ini
[2011/11/30 23:46:28 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/07/24 14:47:34 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/07/10 12:48:52 | 000,024,408 | ---- | C] () -- C:\WINDOWS\System32\ventmon.dll
[2011/07/03 00:10:37 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WebpageIcons.db
[2011/05/14 15:11:18 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/14 15:11:18 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/14 15:11:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/12 17:31:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PUTTY.RND
[2011/01/07 16:08:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/07/04 12:58:02 | 000,158,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
< End of report >
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
958.48 Mb Total Physical Memory | 327.76 Mb Available Physical Memory | 34.20% Memory free
2.26 Gb Paging File | 1.77 Gb Available in Paging File | 78.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 186.41 Gb Free Space | 82.97% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.54 Gb Free Space | 6.63% Space Free | Partition Type: FAT32
Drive F: | 93.37 Gb Total Space | 56.02 Gb Free Space | 60.00% Space Free | Partition Type: NTFS
Computer Name: COMPAQ-PRESARIO | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Windows ® Codename Longhorn DDK provider)
PRC - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\WOT\WOT.dll ()
MOD - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
========== Win32 Services (SafeList) ==========
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows ® Codename Longhorn DDK provider)
SRV - (CLDTVHNService) -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (MpKsl3cc1ba34) -- File not found
DRV - (MpKsl449812bc) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E0C1E08-D4A4-420E-9BC7-375F78EF1004}\MpKsl449812bc.sys (Microsoft Corporation)
DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (ntk_dtv) -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys (Cyberlink Corp.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{8A863ACB-F5F6CC6A-05010003}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/17 11:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/17 11:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/31 14:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 09:44:28 | 000,000,000 | ---D | M]
[2011/12/31 14:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2011/12/31 14:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/03 00:06:59 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/24 16:22:52 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/02/24 12:18:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/14 07:43:53 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Compaq_Administrator\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Compaq_Administrator\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7C78262-8D81-4086-BCD4-535ECA720CFA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (SDEarlyDelete \??)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/24 12:18:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/23 21:31:26 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2012/02/23 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/23 17:02:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/23 14:13:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/23 13:58:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/23 11:53:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/23 11:53:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/23 11:53:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/23 11:53:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/23 11:51:53 | 004,417,295 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2012/02/22 20:08:30 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2012/02/22 20:06:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.com
[2012/02/22 20:06:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2012/02/17 19:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Maritime Museum Sleeping Bear Point
========== Files - Modified Within 30 Days ==========
[2012/02/24 12:32:00 | 000,000,500 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC3AEFBE-E14D-4663-828F-914798DAD592}.job
[2012/02/24 12:25:26 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/24 12:21:36 | 000,049,362 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/02/24 12:20:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/24 12:18:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/24 11:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/24 08:53:33 | 000,047,638 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\My Wiring.JPG
[2012/02/24 02:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 23:24:31 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\List of Doc Martin episodes - Wikipedia, the free encyclopedia.url
[2012/02/23 21:31:40 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2012/02/23 21:22:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 12:28:06 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/02/23 12:21:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/23 11:52:51 | 004,417,295 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2012/02/23 10:52:55 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2012/02/23 06:58:14 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\The Five.url
[2012/02/23 03:01:27 | 000,458,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/23 03:01:27 | 000,078,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 22:45:59 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Yahoo!.url
[2012/02/22 20:20:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2012/02/22 20:08:38 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2012/02/22 20:06:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.com
[2012/02/22 20:06:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2012/02/22 11:51:35 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera.url
[2012/02/22 11:39:00 | 000,002,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Interactive User's Guide.lnk
[2012/02/22 11:35:44 | 000,047,807 | ---- | M] () -- C:\WINDOWS\hpiins01.dat.temp
[2012/02/22 11:27:40 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Manual Removal Guide for Moozy - Safer-Networking Forums.url
[2012/02/22 10:05:17 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google.url
[2012/02/21 18:14:02 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Photo Gallery - Winter Preview 2012 New TV Shows - TV Shows & TV Series Pictures & Photos TWoP.url
[2012/02/20 18:39:50 | 000,002,213 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Doc Martin Season.url
[2012/02/20 10:10:51 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Live Sports Events and ESPN Programs Online and on Mobile Applications - WatchESPN.url
[2012/02/20 09:35:26 | 000,000,302 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CBS Radio Mystery Theater CBSRMT - Old Time Radio Shows - OTR.url
[2012/02/19 14:57:42 | 000,001,135 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to bug_std_super_72 wiring diagrahm.lnk
[2012/02/18 23:44:24 | 006,849,352 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Microsoft PowerPointSTFWIRING.pdf
[2012/02/17 13:01:21 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 11:00:35 | 000,000,271 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Glynn County, GA - Official Website - Live Meeting Video.url
[2012/02/16 17:35:42 | 000,081,455 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Run-on-Trout.jpg
[2012/02/16 17:28:09 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\912-638-5778 - Pipl - People Search.url
[2012/02/16 08:52:49 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Walmart Toshiba Toshiba Black Trax 17.3 C675-S7308 Laptop PC with Intel Core i3-2330M Processor and Windows 7 Home Premium Questions, Answers, How To, FAQs, Tips, Advice, Answers, Buying Guide.url
[2012/02/16 03:02:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 22:38:19 | 000,014,798 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2012/02/15 22:38:19 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Internal Revenue Service.wps
[2012/02/15 22:36:33 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT11.ini
[2012/02/15 22:18:09 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Ga Dept Of Revenue.wps
[2012/02/14 22:47:39 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tom's Bug Gauges.url
[2012/02/14 14:03:36 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP Home & Home Office Store - Shopping Cart and Checkout.url
[2012/02/14 09:20:19 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WunderMap Interactive Radar & Weather Stations Weather Underground.url
[2012/02/12 14:31:34 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP INK ORDER.bmp
[2012/02/12 13:02:19 | 002,395,062 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Me and Carol at the Lake Mirror Classic in 2011.bmp
[2012/02/11 12:02:02 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\msxkwn.vxp
[2012/02/09 07:29:13 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera (2).url
[2012/02/08 16:07:37 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT10.ini
[2012/02/07 09:44:47 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\#player (2).url
[2012/02/04 14:03:01 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT09.ini
[2012/02/04 13:47:46 | 000,000,075 | ---- | M] () -- C:\WINDOWS\TaxACT08.ini
[2012/02/04 12:19:34 | 000,065,644 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\2011 Individual Tax Return File.ta1
[2012/02/01 09:23:11 | 000,000,074 | ---- | M] () -- C:\WINDOWS\TaxACT07.ini
[2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/01/29 14:24:53 | 000,290,648 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 2.jpg
[2012/01/29 14:23:03 | 001,175,860 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 1.jpg
[2012/01/29 14:19:59 | 000,703,139 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Biddin Application for Mecum Auction.jpg
[2012/01/29 14:17:58 | 000,411,061 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL.jpg
========== Files Created - No Company Name ==========
[2012/02/24 08:53:33 | 000,047,638 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\My Wiring.JPG
[2012/02/23 23:24:31 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\List of Doc Martin episodes - Wikipedia, the free encyclopedia.url
[2012/02/23 12:28:06 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/02/23 11:53:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/23 11:53:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/23 11:53:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/23 11:53:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/23 11:53:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/23 10:52:52 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2012/02/22 20:20:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2012/02/22 11:39:00 | 000,002,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Interactive User's Guide.lnk
[2012/02/22 11:27:40 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Manual Removal Guide for Moozy - Safer-Networking Forums.url
[2012/02/20 10:10:51 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Live Sports Events and ESPN Programs Online and on Mobile Applications - WatchESPN.url
[2012/02/20 09:35:26 | 000,000,302 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CBS Radio Mystery Theater CBSRMT - Old Time Radio Shows - OTR.url
[2012/02/19 14:57:42 | 000,001,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to bug_std_super_72 wiring diagrahm.lnk
[2012/02/18 23:44:22 | 006,849,352 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Microsoft PowerPointSTFWIRING.pdf
[2012/02/16 17:32:40 | 000,081,455 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Run-on-Trout.jpg
[2012/02/16 17:17:37 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Glynn County, GA - Official Website - Live Meeting Video.url
[2012/02/15 22:13:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 22:13:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 22:47:39 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tom's Bug Gauges.url
[2012/02/12 14:31:33 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP INK ORDER.bmp
[2012/02/12 12:56:17 | 002,395,062 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Me and Carol at the Lake Mirror Classic in 2011.bmp
[2012/02/12 09:57:23 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\912-638-5778 - Pipl - People Search.url
[2012/02/10 19:25:30 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WunderMap Interactive Radar & Weather Stations Weather Underground.url
[2012/02/07 09:44:47 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\#player (2).url
[2012/02/06 09:26:08 | 000,002,213 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Doc Martin Season.url
[2012/02/04 15:33:12 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera (2).url
[2012/02/04 12:22:54 | 000,065,644 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\2011 Individual Tax Return File.ta1
[2012/02/02 14:05:03 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera.url
[2012/01/31 03:01:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/29 14:25:22 | 000,290,648 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 2.jpg
[2012/01/29 14:23:45 | 001,175,860 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL 1.jpg
[2012/01/29 14:20:27 | 000,703,139 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Biddin Application for Mecum Auction.jpg
[2012/01/29 14:18:53 | 000,411,061 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Mecum Auction Layout in Kissimmee FL.jpg
[2012/01/28 13:12:38 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Walmart Toshiba Toshiba Black Trax 17.3 C675-S7308 Laptop PC with Intel Core i3-2330M Processor and Windows 7 Home Premium Questions, Answers, How To, FAQs, Tips, Advice, Answers, Buying Guide.url
[2012/01/06 17:08:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT11.ini
[2011/11/30 23:46:28 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/07/24 14:47:34 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/07/10 12:48:52 | 000,024,408 | ---- | C] () -- C:\WINDOWS\System32\ventmon.dll
[2011/07/03 00:10:37 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WebpageIcons.db
[2011/05/14 15:11:18 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/14 15:11:18 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/14 15:11:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/12 17:31:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PUTTY.RND
[2011/01/07 16:08:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/07/04 12:58:02 | 000,158,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
< End of report >
#20
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 24 February 2012 - 12:14 PM
When you ran the fix with OTL there should have been another log created as well. Could you post that please? 
How long have you had this system?
How long have you had this system?
#21
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 24 February 2012 - 01:10 PM
Several years. As for the other log, I didn't think you wanted it.....It's long gone, however It read all were Killed.
#22
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 24 February 2012 - 06:56 PM
Hi Lewg,
You mentioned that your hard drive is making a lot of noise? It possibly could be a hard drive failure if you are hearing noises from the hard drive.
Please download HD Tune (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren't green. It tests your hard drive for bad sectors.
You mentioned that your hard drive is making a lot of noise? It possibly could be a hard drive failure if you are hearing noises from the hard drive.
Please download HD Tune (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren't green. It tests your hard drive for bad sectors.
#23
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 25 February 2012 - 09:51 AM
All test OK, and HD test show all green.
#24
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 25 February 2012 - 01:53 PM
Hi Lewg,
Lets make sure something is not hiding deep in your system.
Let's get on offline MBR dump
You'll need a CD and a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.
You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.
If you have any problems with these steps please let me know. It may look complicated but it's fairly straight forward and for the most part automated.
Download GETxPUD.exe to your desktop
Using FireFox, please download and save dumpit to your usb device.
You may want to print out this part as you will not be able to view these instructions once booted with the CD you just made.
Once the computer has rebooted open the usb device and attach the MBR.zip file to your next reply.
----------
Lets make sure something is not hiding deep in your system.
Let's get on offline MBR dump
You'll need a CD and a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.
You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.
If you have any problems with these steps please let me know. It may look complicated but it's fairly straight forward and for the most part automated.
Download GETxPUD.exe to your desktop
- Run GETxPUD.exe by double clicking it.
- A new folder will appear on the desktop.
- Open the GETxPUD folder and click on the get&burn.bat
- The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
- Click on Start and follow the prompts to burn the image to your CD
Using FireFox, please download and save dumpit to your usb device.
You may want to print out this part as you will not be able to view these instructions once booted with the CD you just made.
- Leave the usb device attached to the computer
- Now boot your computer with the CD you just burned
- with the CD in the computer, restart the computer
- The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
- Once you have the computer set to boot from the CD allow it to boot
- A Welcome to xPUD screen will appear
- Click on File
- Expand mnt
- sda1,or sda2...usually corresponds to your HDD
- sdb1 is likely your USB
- Click on the folder that represents your USB drive (sdb1 ?)
(you will be able to tell if it the right one as the screen will populate with your files) - Locate the file you downloaded and saved earlier, dumpit
- double click it to run it
- a black window will open, follow the instructions to close the window when it's finished
- a file called MBR.zip should now be placed in the right hand panel
- Click the Home icon at top
- Remove the CD and click Power off
- Click restart
Once the computer has rebooted open the usb device and attach the MBR.zip file to your next reply.
----------
#25
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 25 February 2012 - 06:56 PM
I don't have a USB flash drive. How bout using my slave drive F: to d/load Dumpit.
Register to Remove
#26
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 26 February 2012 - 08:30 AM
Hi,
I have an Open House today to sell my house so my time is limited. Are you not able to borrow a USB drive from a friend by chance?
#27
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 26 February 2012 - 08:47 AM
Let's wait until I can pickup a USB drive. I been looking to get one, but just haven't got around to it. No need to rush, take care of the important business at hand. Thanks!
#28
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 26 February 2012 - 05:40 PM
Hi Lewg,
Just let me know when you get one. There is no rush.
#29
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 29 February 2012 - 03:02 PM
I picked up a Flash Drive today, and will start the next procedure later today.....
#30
Lewg
-
- Authentic Member
-
- 393 posts
Silver Member
Posted 29 February 2012 - 03:50 PM
If you have any problems with these steps please let me know. It may look complicated but it's fairly straight forward and for the most part automated.
OK, I get to the part where my PC boots from the CD I created and I expanded MNT without any problems. As for expanding SDB1, I don't see the G Drive (flashdrive) listed. I am not sure if I you want me to go to the G Drive and click on the DUMPIT file I d/loaded using Firefox. I just need a little more info as what am I supposed to see when expanding SDB1, there is no G Drive listed in SDB2 either....Jusl let me know what I need to do....
Thanks!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
