Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Something Is Not Right! [Closed]

Started by Lewg , Feb 22 2012 08:14 AM

  • This topic is locked This topic is locked
53 replies to this topic

#31 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 March 2012 - 06:37 AM

Hi Lewg, Sorry about the delay last night as I had midterms going on and have more today. ---------- Yes go to the dumpit file that you had downloaded and just follow the instructions provided earlier. If you have any problems we can try another program to get the MBR dump. :)
Posted Image
 
 

    Advertisements

Register to Remove

#32 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 01 March 2012 - 09:03 AM

Let's make sure I am doing this right. I want this to work. When I boot from the CD and expand MNT, am I supposed to see a folder / USB (G Drive) in the SDB1 section? When you say locate the file you d/loaded and saved earlier, Dumpit. How am I suppposed to locate this Dumpit file when at the Xpud screen if it does not show in the SDB1 section? On d/loading using Firefox, it saves the file in a d/loading folder. From that folder I copied the Dumpit file to the Flashdrive (G). That's the only way I know how to do it, is that wrong. As I said earlier I want this procedure to work.....Using My Computer from the Start screen and when I open the flashdrive and click on Dumpit, a window pops up wanting to know which program do I want to use. I know this is not right. Thanks!

#33 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 March 2012 - 09:10 AM

Hi Lewg,

I am sorry about the problems you are having. Let's not worry about the Dumpit file. We will be using the same iso CD you created earlier in the next set of instructions. Try the following...

You may want to print out this part as you will not be able to view these instructions.

  • Attach the usb device attached to the computer
  • Boot the infected computer with the CD you just burned
    • with the CD in the computer, restart the computer
    • The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
  • Once you have the computer set to boot from the CD allow it to boot
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
    (you will be able to tell if it the right one as the screen will populate with your files)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

    (note there is a space after dd and a space after sda, a space after bin and after 512)
  • After it has finished a file will be located on your USB drive named mbr.bin

To exit out of Xpud
  • close the terminal window
  • click the Home icon
  • Remove the CD and click Power off
  • Click restart system

Once the computer has rebooted open the usb device and locate mbr.bin, zip it up and attach it to your next reply.
Posted Image
 
 

#34 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 01 March 2012 - 01:23 PM

Jeff, I did as you asked. With the flashdrive in the usb port, I booted from the CD and with the CD stil in the computer, I restarted the PC. With the XPUD screen up I opened and expanded MNT. I then selected sdb1 and it populated file folders. I pressed Tool and chose Open Terminal and typed dd if=/dev/sda of=mbr.bin bs=512 count=1. All the correct spaces were applied. When I hit enter all that showed up was 1 file in and under that 1 file out. After restarting without the CD in place, I opened the flashdrive and all that was listed was the dumpit.txt. file. I even did the process two times with he same result. I might mention when closing Xpud I notice a black screen that flashes quickly and I can make out a few words in this file. One word I can read is BIOS, etc. that's about it....It don't stay on the screen but a second. On the post where you asked me to d/load DUMPIT, when first clicked on it all that came up was a text file....Is that setup right on your end.

#35 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 March 2012 - 04:53 PM

Hi Lewg,

Let's try a different way that might be a little bit easier...

We'll use a CD that we will make bootable. We also need a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.

  • Save these files to your Desktop
  • Open BurnCDCC and Extract All files to to it's own folder
  • Double Click BurnCDCC
  • Click Browse and navigate to the Puppy Linux ISO file you just downloaded
  • click on it and click Open
  • IMPORTANT: Adjust the speed bar to CD: 4x DVD: 1x
  • Click Start
  • Your CD Burner Tray will open automatically
  • Insert a blank CD and close the tray
  • Click OK
The CD should eject when finished.

Download and save pldumpit.exe to your USB device.

To use the CD

  • Leave the usb device attached to the computer
  • Insert the CD and restart the computer
  • When the computer first starts please press the key indicated on the screen to enter the bios or setup.
  • Make the necessary changes to make the CD first in the boot order
  • Save the changes and exit the bios/setup
  • Your computer will restart and boot from the Puppy Linux Live CD

You can save these instructions to a notepad on your usb device. Once you have mounted the drives you should be able view them by clicking on them.

  • Set your language, time. etc preferences and continue
  • Click the Mount Icon located at the top left of your desktop (should be 3rd from the left top row)
  • A Window will open, click mount for each drive listed
  • if you have a USB Flash Drive connected it's usually automatically mounted upon boot, but click the "usbdrv" tab and make sure it is mounted.

In the lower left you will see some icons with a green light on them. Click on the one that represents your usb device.
  • locate pldumpit.exe
  • right click it and select rename
  • please remove only the .exe from the file path
  • click rename
  • click on pldumpit
  • a window will open please hit enter when told to to close the window
  • there should now be a file named mbr.zip in the list of files
  • close all windows
  • click menu
  • highlight shutdown
  • click reboot
  • use the arrow key to select Do not save
  • hit enter
  • remove the CD before the computer restarts and allow the computer to boot

Please attach MBR.zip to your next reply.
Posted Image
 
 

#36 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 02 March 2012 - 08:00 AM

This was easy, for you maybe. Anyway the MBR.zip is attached.

Attached Files

  • Attached File  mbr.zip   2.83KB   231 downloads

Edited by Lewg, 02 March 2012 - 08:01 AM.

#37 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2012 - 09:48 AM

Hi Lewg,

That looked good. Let's get a couple more looks and see what they show...
----------

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

Run a new scan with OTL
In the Custom Scans log please put the following:
netsvcs
/MD5start
consrv.dll
/MD5stop
createrestorepoint

In your next reply please post the logs made by TDSSKiller and OTL. :)
Posted Image
 
 

#38 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 02 March 2012 - 10:50 AM

Here are the files you requested.

OTL logfile created on: 03/02/2012 11:54:57 AM - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\Computer Tools
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

958.48 Mb Total Physical Memory | 358.86 Mb Available Physical Memory | 37.44% Memory free
2.26 Gb Paging File | 1.78 Gb Available in Paging File | 79.03% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 185.59 Gb Free Space | 82.60% Space Free | Partition Type: NTFS
Drive D: | 8.18 Gb Total Space | 0.54 Gb Free Space | 6.63% Space Free | Partition Type: FAT32
Drive F: | 93.37 Gb Total Space | 56.01 Gb Free Space | 59.98% Space Free | Partition Type: NTFS

Computer Name: COMPAQ-PRESARIO | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\Computer Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Windows ® Codename Longhorn DDK provider)
PRC - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\WOT\WOT.dll ()
MOD - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Windows ® Codename Longhorn DDK provider)
SRV - (CLDTVHNService) -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MpKsle593b766) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AAD01E6D-3E62-4027-8105-F93D1913B1FE}\MpKsle593b766.sys (Microsoft Corporation)
DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (ntk_dtv) -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys (Cyberlink Corp.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{8A863ACB-F5F6CC6A-05010003}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/17 11:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/17 11:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/31 14:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 09:44:28 | 000,000,000 | ---D | M]

[2011/12/31 14:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2011/12/31 14:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/03 00:06:59 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/24 16:22:52 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/24 12:18:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled [2010/09/14 07:43:53 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Compaq_Administrator\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Compaq_Administrator\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7C78262-8D81-4086-BCD4-535ECA720CFA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (SDEarlyDelete \??)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 11:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller
[2012/03/02 08:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\burncdcc
[2012/03/01 21:47:02 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/25 11:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\pdfforge
[2012/02/25 11:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
[2012/02/25 11:48:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2012/02/25 11:48:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2012/02/25 09:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2012/02/25 09:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HD Tune
[2012/02/24 12:18:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/23 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/23 17:02:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/23 14:13:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/23 13:58:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/23 11:53:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/23 11:53:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/23 11:53:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/23 11:53:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/23 11:51:53 | 004,417,295 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2012/02/22 20:06:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.com
[2012/02/22 20:06:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2012/02/17 19:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Maritime Museum Sleeping Bear Point

========== Files - Modified Within 30 Days ==========

[2012/03/02 11:57:00 | 000,000,500 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC3AEFBE-E14D-4663-828F-914798DAD592}.job
[2012/03/02 11:54:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 11:32:36 | 002,044,252 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip
[2012/03/02 11:31:16 | 000,049,362 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/03/02 09:00:44 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/02 08:55:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/02 08:35:25 | 000,089,741 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\burncdcc.zip
[2012/03/02 02:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 21:47:09 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/01 18:32:45 | 135,467,008 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lupu-528.iso
[2012/03/01 17:52:31 | 000,415,861 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Troy Built Pressure Washer Parts List.pdf
[2012/03/01 12:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/29 14:52:30 | 000,924,241 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\~PS37A.tmp.pdf
[2012/02/28 13:06:50 | 001,917,682 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Hot Rod Primer.pdf
[2012/02/28 13:06:41 | 001,917,682 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Hot Rod Primer.pdf
[2012/02/28 13:06:34 | 003,045,324 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Auto Painting Techniques.pdf
[2012/02/28 13:06:25 | 003,045,324 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Auto Painting Techniques.pdf
[2012/02/28 12:20:13 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\VW Diagnostic Plug.url
[2012/02/26 20:50:15 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Recyclebank.url
[2012/02/26 09:22:09 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\QuickOilDrainValve.com - the best way to change oil.url
[2012/02/26 00:58:59 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\http--www.chromeplatingshop.com-.url
[2012/02/25 11:48:31 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2012/02/25 10:59:39 | 000,144,769 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\St Simons Lighthouse.JPG
[2012/02/24 14:40:11 | 000,000,245 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Contact GPB.url
[2012/02/24 12:18:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/23 23:24:31 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\List of Doc Martin episodes - Wikipedia, the free encyclopedia.url
[2012/02/23 21:22:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 12:28:06 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/02/23 11:52:51 | 004,417,295 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2012/02/23 10:52:55 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2012/02/23 06:58:14 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\The Five.url
[2012/02/23 03:01:27 | 000,458,446 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/23 03:01:27 | 000,078,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 22:45:59 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Yahoo!.url
[2012/02/22 20:20:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2012/02/22 20:06:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.com
[2012/02/22 20:06:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2012/02/22 11:51:35 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera.url
[2012/02/22 11:39:00 | 000,002,043 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Interactive User's Guide.lnk
[2012/02/22 11:35:44 | 000,047,807 | ---- | M] () -- C:\WINDOWS\hpiins01.dat.temp
[2012/02/22 11:27:40 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Manual Removal Guide for Moozy - Safer-Networking Forums.url
[2012/02/22 10:05:17 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Google.url
[2012/02/21 18:14:02 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Photo Gallery - Winter Preview 2012 New TV Shows - TV Shows & TV Series Pictures & Photos TWoP.url
[2012/02/20 18:39:50 | 000,002,213 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Doc Martin Season.url
[2012/02/20 10:10:51 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Live Sports Events and ESPN Programs Online and on Mobile Applications - WatchESPN.url
[2012/02/20 09:35:26 | 000,000,302 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CBS Radio Mystery Theater CBSRMT - Old Time Radio Shows - OTR.url
[2012/02/19 14:57:42 | 000,001,135 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to bug_std_super_72 wiring diagrahm.lnk
[2012/02/18 23:44:24 | 006,849,352 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Microsoft PowerPointSTFWIRING.pdf
[2012/02/17 13:01:21 | 000,322,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 11:00:35 | 000,000,271 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Glynn County, GA - Official Website - Live Meeting Video.url
[2012/02/16 17:35:42 | 000,081,455 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Run-on-Trout.jpg
[2012/02/16 17:28:09 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\912-638-5778 - Pipl - People Search.url
[2012/02/16 08:52:49 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Walmart Toshiba Toshiba Black Trax 17.3 C675-S7308 Laptop PC with Intel Core i3-2330M Processor and Windows 7 Home Premium Questions, Answers, How To, FAQs, Tips, Advice, Answers, Buying Guide.url
[2012/02/16 03:02:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 22:38:19 | 000,014,798 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2012/02/15 22:38:19 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Internal Revenue Service.wps
[2012/02/15 22:36:33 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT11.ini
[2012/02/15 22:18:09 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Ga Dept Of Revenue.wps
[2012/02/14 22:47:39 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tom's Bug Gauges.url
[2012/02/14 14:03:36 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP Home & Home Office Store - Shopping Cart and Checkout.url
[2012/02/14 09:20:19 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WunderMap Interactive Radar & Weather Stations Weather Underground.url
[2012/02/12 14:31:34 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP INK ORDER.bmp
[2012/02/12 13:02:19 | 002,395,062 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Me and Carol at the Lake Mirror Classic in 2011.bmp
[2012/02/11 12:02:02 | 000,000,331 | ---- | M] () -- C:\WINDOWS\System32\msxkwn.vxp
[2012/02/09 07:29:13 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera (2).url
[2012/02/08 16:07:37 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT10.ini
[2012/02/07 09:44:47 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\#player (2).url
[2012/02/04 14:03:01 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT09.ini
[2012/02/04 13:47:46 | 000,000,075 | ---- | M] () -- C:\WINDOWS\TaxACT08.ini
[2012/02/04 12:19:34 | 000,065,644 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\2011 Individual Tax Return File.ta1

========== Files Created - No Company Name ==========

[2012/03/02 11:32:16 | 002,044,252 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip
[2012/03/02 08:35:24 | 000,089,741 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\burncdcc.zip
[2012/03/01 18:32:31 | 135,467,008 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\lupu-528.iso
[2012/03/01 17:52:31 | 000,415,861 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Troy Built Pressure Washer Parts List.pdf
[2012/02/29 14:52:09 | 000,924,241 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\~PS37A.tmp.pdf
[2012/02/28 13:06:50 | 001,917,682 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Hot Rod Primer.pdf
[2012/02/28 13:06:41 | 001,917,682 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Hot Rod Primer.pdf
[2012/02/28 13:06:34 | 003,045,324 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Auto Painting Techniques.pdf
[2012/02/28 13:06:24 | 003,045,324 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Auto Painting Techniques.pdf
[2012/02/28 12:20:13 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\VW Diagnostic Plug.url
[2012/02/26 20:50:15 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Recyclebank.url
[2012/02/26 09:22:09 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\QuickOilDrainValve.com - the best way to change oil.url
[2012/02/26 00:58:59 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\http--www.chromeplatingshop.com-.url
[2012/02/25 11:48:31 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2012/02/25 11:48:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012/02/25 10:59:38 | 000,144,769 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\St Simons Lighthouse.JPG
[2012/02/24 14:40:11 | 000,000,245 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Contact GPB.url
[2012/02/23 23:24:31 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\List of Doc Martin episodes - Wikipedia, the free encyclopedia.url
[2012/02/23 12:28:06 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\WKCALREM.LNK
[2012/02/23 11:53:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/23 11:53:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/23 11:53:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/23 11:53:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/23 11:53:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/23 10:52:52 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBRCheck.exe
[2012/02/22 20:20:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2012/02/22 11:39:00 | 000,002,043 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Interactive User's Guide.lnk
[2012/02/22 11:27:40 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Manual Removal Guide for Moozy - Safer-Networking Forums.url
[2012/02/20 10:10:51 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Live Sports Events and ESPN Programs Online and on Mobile Applications - WatchESPN.url
[2012/02/20 09:35:26 | 000,000,302 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\CBS Radio Mystery Theater CBSRMT - Old Time Radio Shows - OTR.url
[2012/02/19 14:57:42 | 000,001,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Shortcut to bug_std_super_72 wiring diagrahm.lnk
[2012/02/18 23:44:22 | 006,849,352 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Microsoft PowerPointSTFWIRING.pdf
[2012/02/16 17:32:40 | 000,081,455 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Run-on-Trout.jpg
[2012/02/16 17:17:37 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Glynn County, GA - Official Website - Live Meeting Video.url
[2012/02/15 22:13:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 22:13:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 22:47:39 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Tom's Bug Gauges.url
[2012/02/12 14:31:33 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HP INK ORDER.bmp
[2012/02/12 12:56:17 | 002,395,062 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Me and Carol at the Lake Mirror Classic in 2011.bmp
[2012/02/12 09:57:23 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\912-638-5778 - Pipl - People Search.url
[2012/02/10 19:25:30 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\WunderMap Interactive Radar & Weather Stations Weather Underground.url
[2012/02/07 09:44:47 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\#player (2).url
[2012/02/06 09:26:08 | 000,002,213 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Watch Doc Martin Season.url
[2012/02/04 15:33:12 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera (2).url
[2012/02/04 12:22:54 | 000,065,644 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\2011 Individual Tax Return File.ta1
[2012/02/02 14:05:03 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SSI Pier Web Camera.url
[2012/01/06 17:08:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT11.ini
[2011/11/30 23:46:28 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/07/24 14:47:34 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/07/10 12:48:52 | 000,024,408 | ---- | C] () -- C:\WINDOWS\System32\ventmon.dll
[2011/07/03 00:10:37 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\WebpageIcons.db
[2011/05/14 15:11:18 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/14 15:11:18 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/14 15:11:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/12 17:31:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PUTTY.RND
[2011/01/07 16:08:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/07/04 12:58:02 | 000,158,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== Custom Scans ==========



< >

< End of report >

Attached Files


Edited by Lewg, 02 March 2012 - 11:04 AM.

#39 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2012 - 01:38 PM

Hi Lewg,

I am not convinced that this is a malware related problem. If you are still getting the strange noises from your hard drive it could be a hardware/software problem and if so you would be better off posting a new topic into the General Hardware forum. Hopefully the techs there will be able to help you sort this out. If they are not able to find any problems come back and we can dig around some more.

Be sure to post a link to this topic so that they can take a look at what we have done.
Posted Image
 
 

#40 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 02 March 2012 - 02:53 PM

Jeff, what happened to the last post I made showing the HIJACKTHIS log and thanking you for your help?

Edited by Lewg, 02 March 2012 - 02:56 PM.

    Advertisements

Register to Remove

#41 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2012 - 03:09 PM

Hi Lewg,

Jeff, what happened to the last post I made showing the HIJACKTHIS log and thanking you for your help?

I am not sure? Sometimes the forum monster will eat one LOL!! :D But really I just don't know.

You got my post about creating a new topic. :)
Posted Image
 
 

#42 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 02 March 2012 - 05:51 PM

OK, I posted a new HJT log which took 5 minutes to get, and wanted you to know....Also I appreciate all you did, and I'll post up the thread in the Hardware Section. Maybe they can see something that's out of whack. Before when needing a HGT log, it only took seconds to get. . Thanks again! :)

#43 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 02 March 2012 - 06:08 PM

Hi Lewg, If it is found that there is not a hardware/software problem please come back and we can dig deeper and see what we can find.
Posted Image
 
 

#44 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 02 March 2012 - 06:18 PM

OK

#45 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 393 posts

Posted 05 March 2012 - 07:14 AM

Jeff, I noticed this when we ran the program but failed to ask about it.....is this a problem? Thanks! 232 GB \\.\PhysicalDrive1 Unknown MBR code SHA1: 4A3BF69CA3259413E25A52D6E01242850E3B0E3A 93 GB \\.\PhysicalDrive0 Legit MBR code detected SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·