Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Post Here for Malware Removal ... / Re: [In Progress] shockwave player and flash stalling/freezing
« Last post by badsketching on Yesterday at 11:07:11 PM »
ok i updated flash, shockwave and firefox and it doesnt stall as much.
now ran ccleaner, it did its job but i click on the startup tab and found something that dont remember d/l or installing
getsav -in 5.0 <<<<< running in explorer
and also there's something running on windows that i dont know wat it is:
SearchProctectAll <<<<<< this seems to be connected with the "c:\Document and Settings\bee.PC530884041415\Application.....
and it doesnt let ccleaner disable it
i've added some screen shots so u can see wat i see:


if ur wonder why am i using the onscreen keyboard; the prt sc key hasnt worked in months
12
Post Here for Malware Removal ... / Re: [In Progress] I've got something going on...
« Last post by ngt on Yesterday at 11:00:38 PM »
I don't use any toolbars to my knowledge and I use Opera as my browser. I just have regular old Opera on with the tabs and address bar. I don't even know what they are. "Sweat IM" was the only one not listed and I uninstalled the other two.

It only gave me one log file this time

Quote
OTL logfile created on: 5/23/2013 9:50:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\cossackred\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 59.93% Memory free
3.72 Gb Paging File | 2.91 Gb Available in Paging File | 78.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 105.86 Gb Free Space | 74.44% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.45 Gb Free Space | 50.58% Space Free | Partition Type: FAT32
 
Computer Name: ERIC | User Name: cossackred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/23 17:10:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cossackred\Desktop\OTL.exe
PRC - [2013/05/23 07:19:11 | 000,210,312 | ---- | M] (Innovative Apps) -- C:\Documents and Settings\cossackred\Local Settings\Application Data\Updater12759\Updater12759.exe
PRC - [2013/02/22 06:41:12 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013/01/24 11:45:24 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe
PRC - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe
PRC - [2012/03/23 16:43:12 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/14 12:36:20 | 000,749,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/27 10:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/07/22 20:25:06 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2005/07/22 20:25:04 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2004/11/11 18:50:15 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2004/11/05 08:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/22 06:41:50 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013/02/22 06:41:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013/02/22 06:41:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013/02/22 06:41:50 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013/02/22 06:41:49 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013/02/22 06:41:49 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013/02/22 06:41:49 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013/02/22 06:41:49 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013/02/22 06:41:49 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013/02/22 06:41:49 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013/02/22 06:41:49 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013/02/22 06:41:48 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2013/01/24 11:45:24 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
MOD - [2013/01/09 23:22:07 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ddcb6e82\mscorlib.dll
MOD - [2013/01/09 23:22:04 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_5554264c\system.drawing.dll
MOD - [2013/01/09 23:21:54 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_49469be8\system.xml.dll
MOD - [2013/01/09 23:21:47 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d7491915\system.windows.forms.dll
MOD - [2013/01/09 23:21:36 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_daefbfa2\system.dll
MOD - [2013/01/09 23:21:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/09 23:21:22 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/01/09 23:21:22 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/09 23:21:20 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\wincfi39.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/17 22:32:56 | 000,122,880 | ---- | M] () -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\EnumDevLib.dll
MOD - [2006/06/18 21:32:01 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/06/18 21:32:01 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006/06/18 21:32:00 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2005/07/20 05:53:04 | 000,966,765 | ---- | M] () -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\acAuth.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/14 18:57:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/24 11:45:24 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe -- (NCO)
SRV - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe -- (NAV)
SRV - [2012/03/23 16:43:12 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/05/21 22:12:41 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130523.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/21 22:12:40 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130523.016\NAVENG.SYS -- (NAVENG)
DRV - [2013/04/24 19:00:15 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/04/24 17:52:10 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130523.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/04/12 16:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130515.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/30 20:18:18 | 000,394,656 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403010.016\symtdi.sys -- (SYMTDI)
DRV - [2013/01/30 20:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1403010.016\SymEFA.sys -- (SymEFA)
DRV - [2013/01/28 18:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403010.016\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 18:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403010.016\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 19:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1403010.016\SymDS.sys -- (SymDS)
DRV - [2012/11/15 19:22:01 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403010.016\Ironx86.sys -- (SymIRON)
DRV - [2012/11/15 19:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NST\7DD03030.013\ccSetx86.sys -- (ccSet_NST)
DRV - [2012/11/15 19:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1403010.016\ccSetx86.sys -- (ccSet_NAV)
DRV - [2012/08/08 19:47:46 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 19:47:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/23 16:04:34 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2008/06/27 01:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/12/14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/19 00:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/15 15:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 08:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/04 22:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/10 18:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 18:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/10/02 10:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4553AD8E-CF64-440E-83D8-8734CB7B348E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3272718&CUI=UN36298175039071406&UM=2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\IPSFFPlgn\ [2013/04/25 06:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn\ [2013/05/23 17:53:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/04/26 15:58:00 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013/05/15 21:01:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Lucky Savings) - {11111111-1111-1111-1111-110111271159} - C:\Program Files\Lucky Savings\Lucky Savings-bho.dll (Innovative Apps)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.3.1.22\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.3.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Update.exe] C:\Program Files\Free Youtube Downloader\Update.exe ()
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O4 - HKCU..\Run: [Updater12759.exe] C:\Documents and Settings\cossackred\Local Settings\Application Data\Updater12759\Updater12759.exe (Innovative Apps)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD093F57-7B43-4AA7-9FEB-BD1D876961DA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\cossackred\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\cossackred\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 02:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2010/05/26 22:24:42 | 000,000,000 | ---D | M] - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/23 17:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cossackred\Desktop\OTL.exe
[2013/05/23 07:19:16 | 007,507,845 | ---- | C] (QuickShare) -- C:\Documents and Settings\cossackred\QuickShare1.exe
[2013/05/23 07:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cossackred\Application Data\SwvUpdater
[2013/05/23 07:17:37 | 000,156,704 | ---- | C] (Amonetize) -- C:\Documents and Settings\cossackred\setup__1994.exe
[2013/05/21 17:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cossackred\Application Data\Malwarebytes
[2013/05/21 17:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/21 17:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/05/21 17:13:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/21 17:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/19 02:08:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\cossackred\Recent
[2013/05/17 23:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/05/16 22:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cossackred\Application Data\Runscanner.net
[2013/05/16 22:13:17 | 000,000,000 | ---D | C] -- C:\runscanner
[2013/05/16 22:09:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\cossackred\Desktop\HijackThis.exe
[2013/05/16 06:25:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/16 05:57:08 | 000,156,192 | ---- | C] (Amonetize) -- C:\Documents and Settings\cossackred\setup__2079.exe
[2013/05/15 20:50:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/15 20:47:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/15 20:47:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/15 20:47:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/15 20:47:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/15 20:46:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/15 20:46:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/15 20:41:24 | 005,066,276 | R--- | C] (Swearware) -- C:\Documents and Settings\cossackred\Desktop\ComboFix.exe
[2013/05/15 11:27:39 | 000,000,000 | ---D | C] -- C:\87371cf3c1e48425e634eab86f6ebb6d
[2013/05/15 06:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cossackred\Application Data\ElevatedDiagnostics
[2013/05/15 06:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/05/15 06:05:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/05/15 04:31:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\cossackred\Desktop\dds.com
[2013/05/15 03:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/05/11 18:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cossackred\Desktop\yona's music
[2013/04/30 06:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cossackred\Desktop\animal videos
[2013/04/26 16:03:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/04/26 16:03:26 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/04/26 16:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cossackred\Application Data\Strongvault
[2013/04/26 15:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsTube
[2013/04/26 15:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/04/25 06:09:21 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccSetx86.sys
[2013/04/25 06:09:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST
[2013/04/25 06:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2013/04/25 06:09:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03030.013
[2013/04/25 06:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
[2013/04/25 06:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/23 20:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/23 17:53:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/05/23 17:52:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/23 17:52:10 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/23 17:38:02 | 000,156,704 | ---- | M] (Amonetize) -- C:\Documents and Settings\cossackred\setup__1994.exe
[2013/05/23 17:10:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cossackred\Desktop\OTL.exe
[2013/05/23 07:19:30 | 007,507,845 | ---- | M] (QuickShare) -- C:\Documents and Settings\cossackred\QuickShare1.exe
[2013/05/23 07:19:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\cossackred\3491
[2013/05/23 06:58:09 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\adwcleaner.exe
[2013/05/21 17:13:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/20 06:19:31 | 001,200,769 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\Roseland FYI May 20 week 36.pdf
[2013/05/19 22:31:16 | 000,867,883 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\trollingmotor.jpg
[2013/05/19 06:49:13 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/17 23:42:45 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2013/05/16 22:09:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\cossackred\Desktop\HijackThis.exe
[2013/05/16 05:57:10 | 000,156,192 | ---- | M] (Amonetize) -- C:\Documents and Settings\cossackred\setup__2079.exe
[2013/05/15 22:06:44 | 000,597,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1403010.016\Cat.DB
[2013/05/15 22:05:50 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 22:05:50 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 21:01:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/15 20:41:34 | 005,066,276 | R--- | M] (Swearware) -- C:\Documents and Settings\cossackred\Desktop\ComboFix.exe
[2013/05/15 04:31:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\cossackred\Desktop\dds.com
[2013/05/15 03:56:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\cossackred\-1
[2013/05/11 23:09:20 | 000,144,107 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\900x900px-LL-710a3c28_RockIslandFlatwings.jpeg
[2013/05/11 20:16:29 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\neonaomipm.rtf
[2013/05/11 18:59:38 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\cossackred\default.pls
[2013/05/11 18:58:56 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/11 14:03:27 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\cossackred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/11 07:36:16 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/05/05 17:28:21 | 000,821,178 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\Roseland FYI May 6 week 34.pdf
[2013/05/05 12:40:46 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/05 12:40:45 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/04 21:39:13 | 000,035,378 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\KG MAD.JPG
[2013/05/04 21:27:46 | 000,057,047 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\lakers beat celtics.JPG
[2013/05/03 05:41:14 | 001,554,035 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\Roseland FYI April 29 week 33 STAR Week 2.pdf
[2013/04/29 06:41:09 | 000,838,339 | ---- | M] () -- C:\Documents and Settings\cossackred\Desktop\bow.jpg
[2013/04/29 05:51:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\cossackred\4447
[2013/04/28 07:49:12 | 001,148,510 | ---- | M] () -- C:\Documents and Settings\cossackred\My Documents\minnkota_saltwater_upto_101_7-1-13.pdf
[2013/04/28 07:48:52 | 000,005,680 | ---- | M] () -- C:\Documents and Settings\cossackred\My Documents\www.cabelas.com-assets-pdfs-minnkota_saltwater_upto_101_7-1-13.mdi
[2013/04/26 16:04:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\cossackred\OK
[2013/04/25 06:09:01 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2013/04/25 06:07:59 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1403010.016\VT20130115.021
[2013/04/24 19:00:15 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/04/24 19:00:15 | 000,007,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/04/24 19:00:15 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/23 07:18:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/05/23 06:58:07 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\adwcleaner.exe
[2013/05/23 06:34:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\cossackred\3491
[2013/05/21 17:13:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/20 06:19:30 | 001,200,769 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\Roseland FYI May 20 week 36.pdf
[2013/05/19 22:31:16 | 000,867,883 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\trollingmotor.jpg
[2013/05/19 06:49:13 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/17 23:24:37 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/05/17 23:24:36 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk
[2013/05/15 20:50:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/05/15 20:50:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/15 20:47:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/15 20:47:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/15 20:47:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/15 20:47:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/15 20:47:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/15 03:56:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\cossackred\-1
[2013/05/11 23:09:20 | 000,144,107 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\900x900px-LL-710a3c28_RockIslandFlatwings.jpeg
[2013/05/11 20:16:29 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\neonaomipm.rtf
[2013/05/05 17:28:21 | 000,821,178 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\Roseland FYI May 6 week 34.pdf
[2013/05/04 21:39:13 | 000,035,378 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\KG MAD.JPG
[2013/05/04 21:27:46 | 000,057,047 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\lakers beat celtics.JPG
[2013/05/03 05:41:11 | 001,554,035 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\Roseland FYI April 29 week 33 STAR Week 2.pdf
[2013/04/29 06:41:09 | 000,838,339 | ---- | C] () -- C:\Documents and Settings\cossackred\Desktop\bow.jpg
[2013/04/28 07:49:12 | 001,148,510 | ---- | C] () -- C:\Documents and Settings\cossackred\My Documents\minnkota_saltwater_upto_101_7-1-13.pdf
[2013/04/28 07:48:52 | 000,005,680 | ---- | C] () -- C:\Documents and Settings\cossackred\My Documents\www.cabelas.com-assets-pdfs-minnkota_saltwater_upto_101_7-1-13.mdi
[2013/04/26 16:04:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\cossackred\OK
[2013/04/26 15:59:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\cossackred\4447
[2013/04/25 06:09:13 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccSetx86.inf
[2013/04/25 06:09:12 | 000,007,611 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.cat
[2013/04/25 06:09:12 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\isolate.ini
[2013/03/26 20:37:08 | 000,000,196 | ---- | C] () -- C:\WINDOWS\youtube2mp3.ini
[2012/07/19 18:03:27 | 000,000,039 | ---- | C] () -- C:\WINDOWS\spwdrp.INI
[2012/06/20 09:51:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\cossackred\Application Data\wklnhst.dat
[2012/06/18 07:52:03 | 000,010,740 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2012/04/06 19:45:02 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\cossackred\default.pls
[2012/04/06 19:42:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/25 09:45:03 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/24 14:00:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/23 19:07:08 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/03/23 18:19:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2012/03/23 18:12:12 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\cossackred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 16:48:45 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\cossackred\Local Settings\Application Data\fusioncache.dat
[2012/03/23 16:03:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/03/23 16:02:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2012/03/23 15:57:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/23 15:44:46 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2012/03/23 15:11:06 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/03/23 15:10:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/03/23 15:10:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/03/23 15:10:23 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/03/23 15:10:11 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/03/23 15:09:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/03/23 15:08:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/03/23 15:08:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/03/23 15:06:09 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/03/23 15:04:57 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
 
========== ZeroAccess Check ==========
 
[2006/06/17 02:37:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 01:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/02/01 07:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2012/03/23 18:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/04/12 19:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2012/03/23 16:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/04/12 19:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\AnvSoft
[2013/03/28 06:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\Audacity
[2013/03/09 21:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\DVDVideoSoft
[2013/05/15 06:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\ElevatedDiagnostics
[2013/03/09 21:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\iVideoConverter
[2012/03/23 18:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\Opera
[2013/03/28 20:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\PhotoScape
[2013/05/16 22:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\Runscanner.net
[2012/03/23 16:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\SampleView
[2012/03/23 19:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\Simple Star
[2012/03/24 08:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\Snapfish
[2013/05/15 04:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\Strongvault
[2013/05/23 07:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\SwvUpdater
[2012/06/20 09:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cossackred\Application Data\Template
 
========== Purity Check ==========
 
 

< End of report >

13
Post Here for Malware Removal ... / Re: [In Progress] Computer would not wake up, whine while playing games on FB, more
« Last post by Hoov on Yesterday at 10:07:56 PM »
Go ahead and use your computer hard for the next 18 hrs or so. If all is still well, we can call it done.
14
Post Here for Malware Removal ... / Re: [In Progress] Computer would not wake up, whine while playing games on FB, more
« Last post by Darlyn on Yesterday at 09:42:56 PM »
The mouse is working fine now even after using it a while after reboot
15
Post Here for Malware Removal ... / Re: [In Progress] shockwave player and flash stalling/freezing
« Last post by Hoov on Yesterday at 09:03:07 PM »
Try installing and running FileHippo's Update Checker. That will tell you what you need to update.

Basically you install it, then run it. It will open a browser window and show you what software is outdated and needs updating. Update everything it tells you and then run CCleaner and clean up your temporary files. Reboot the computer and go back to facebook.

Let me know what happens.
16
Post Here for Malware Removal ... / Re: [In Progress] shockwave player and flash stalling/freezing
« Last post by badsketching on Yesterday at 08:47:30 PM »
that string after my name is fishy. that has me worried.

i start firefox n it doesnt stall. i get on facebook and it stalls but i see that the only thing that hasn't loaded on facebook is the right side theres a side panel where u can see who's online/offline. once it stopped stalling that side panel loaded.
HA! so i hid it so it doesnt load when i get on facebook. it doesnt stall anymore.
relieved, i get on youtube... only to find it still stalls.
can it be that i need the latest flash or i have to update something else?

or can it be that this old POS is just too old to be running all the new versions of flash, ect?
17
Post Here for Malware Removal ... / Re: [In Progress] Computer would not wake up, whine while playing games on FB, more
« Last post by Hoov on Yesterday at 08:39:58 PM »
I am testing something right now that I am going to have you run tomorrow so we can watch the memory. I think that is the problem with the mouse. In the meantime (I want to make sure this program is safe, it is from a new source that I just ran into) reboot your computer. Test your mouse out. If it starts bogging down a lot, reboot the computer again and see if the problem goes away and then comes back after your computer has been running a while.
18
Post Here for Malware Removal ... / Re: [In Progress] I've got something going on...
« Last post by Hoov on Yesterday at 08:36:52 PM »
Please run OTL again and post both the logs. And if the programs come back, run it again. I am going to go through these things with a fine tooth comb.

Just so you know, if it comes back I am going to have you uninstall most of the toolbars that are on your machine. Are there any that you like using?

Can you also go into your uninstall programs list and uninstall Lucky Savings, Updater By SweetPacks 2.0.0.566, Sweat IM (either of those last two might not be listed) . Go ahead and do that as soon as you read this. Also go into Firefox's Addons and look for any addon with the same or similar name. Or an addon that you do not know. Uninstall them as well.
19
Post Here for Malware Removal ... / Re: [In Progress] Computer would not wake up, whine while playing games on FB, more
« Last post by Darlyn on Yesterday at 08:28:33 PM »

I finally called Lexmark. After 2hours and 13 minutes, it was something in the windows firewall. He added the printer to the safe things, and it worked. I still feel something is running in the background that causes my mouse to act erratically. It's ok now but every once in a while it lags and I can't get it where I want it to be. Also when I shut down, even though nothing is running, it comes up end program.
20
Post Here for Malware Removal ... / Re: [In Progress] I've got something going on...
« Last post by ngt on Yesterday at 07:12:16 PM »
Reset the computer 3 times and it didn't come back yet.
Pages: 1 [2] 3 4 ... 10