OTL logfile created on: 9/3/2011 4:12:12 PM - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Documents and Settings\pab\Desktop
Windows XP Professional Edition  (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.36 Mb Total Physical Memory | 735.24 Mb Available Physical Memory | 71.85% Memory free
2.40 Gb Paging File | 2.17 Gb Available in Paging File | 90.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 16.75 Gb Free Space | 59.92% Space Free | Partition Type: NTFS
Drive E: | 24.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: TOSHIBA-USER | User Name: pab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/09/03 16:11:01 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
PRC - [2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
PRC - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2002/04/15 18:35:38 | 000,311,296 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2001/08/18 05:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/09/03 16:11:01 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (PrtSmanm)
SRV - File not found [Auto | Stopped] --  -- (Netmanm)
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2001/08/18 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)
SRV - [2001/08/13 23:18:36 | 000,115,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (aic32p)
DRV - [2011/07/18 21:20:28 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2002/08/01 13:43:01 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/06/21 11:47:56 | 001,133,440 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/05/17 04:56:02 | 000,063,501 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/04/04 18:12:48 | 000,023,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2002/02/26 17:00:00 | 000,585,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2002/02/26 17:00:00 | 000,065,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVENG.SYS -- (NAVENG)
DRV - [2002/02/26 10:40:24 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/01/29 14:43:52 | 000,488,960 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/01/24 14:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/01/07 18:16:40 | 000,015,111 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tossdpci.sys -- (pciSd)
DRV - [2001/12/19 16:46:44 | 000,155,136 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/12/12 14:55:02 | 000,157,984 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2001/12/12 14:54:36 | 000,014,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2001/12/08 15:00:00 | 000,183,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAVAP.SYS -- (NAVAP)
DRV - [2001/09/13 19:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/09/11 11:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 14:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 14:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\pab\Application Data\IDM\idmmzcc3
 
[2011/07/02 14:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Extensions
[2011/08/05 19:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Firefox\Profiles\lvfzyrae.default\extensions
[2011/08/20 00:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PAB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LVFZYRAE.DEFAULT\EXTENSIONS\MULTIFOX@HULTMANN.XPI
[2011/09/03 14:27:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/03 14:27:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [NvCplDaemon]  File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [TFncKy]  File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BD496BB-F649-4F54-B1FC-CA08701E065D}: NameServer = 202.138.128.50 202.138.128.54
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/01 09:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/16 19:13:46 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp - C:\WINDOWS\system32\mspmspsv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/09/03 16:04:43 | 000,748,643 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\pab\Desktop\explorer.exe
[2011/09/02 00:04:37 | 000,642,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/08/30 01:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/30 01:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/28 15:40:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/28 04:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Xara
[2011/08/25 03:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Desktop\mobile movies
[2011/08/21 14:36:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pab\Recent
[2011/08/17 02:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/14 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\AdobeUM
[2011/08/14 03:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Adobe
[2011/08/13 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2011/08/13 16:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/08/13 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2011/08/13 16:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/08/13 16:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/08/11 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\InterVideo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/09/03 16:04:48 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\pab\Desktop\explorer.exe
[2011/09/03 14:25:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/03 14:25:31 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/02 23:38:35 | 000,050,703 | ---- | M] () -- C:\WINDOWS\System32\lpdd.exe
[2011/09/02 20:00:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/09/02 01:51:49 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/09/02 00:04:00 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/31 02:57:15 | 000,003,692 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/30 12:51:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 01:47:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/29 15:36:40 | 000,679,607 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:30 | 001,158,462 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:17 | 001,153,599 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 12:38:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ug.exe
[2011/08/29 10:34:58 | 000,368,383 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/29 05:30:38 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/28 20:48:44 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\mq.exe
[2011/08/28 13:24:09 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/28 02:59:49 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\cq.exe
[2011/08/27 22:38:30 | 000,025,658 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/27 17:42:22 | 001,076,314 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/25 21:03:50 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\ge.exe
[2011/08/22 21:51:39 | 000,005,894 | ---- | M] () -- C:\a.bat
[2011/08/22 21:51:12 | 000,505,856 | RHS- | M] () -- C:\WINDOWS\System32\upds.exe
[2011/08/20 16:03:50 | 000,036,864 | R--- | M] () -- C:\WINDOWS\System32\TFTP3476
[2011/08/20 00:55:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/20 00:55:45 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/19 23:56:22 | 000,001,136 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 23:45:33 | 000,506,842 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:48 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/10 23:19:53 | 000,009,778 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/09/02 01:51:49 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:03:59 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/09/01 17:22:01 | 000,050,703 | ---- | C] () -- C:\WINDOWS\System32\lpdd.exe
[2011/08/30 01:47:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/30 01:03:51 | 000,003,692 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/29 15:36:40 | 000,679,607 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:27 | 001,158,462 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:08 | 001,153,599 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 12:38:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ug.exe
[2011/08/29 10:35:25 | 001,076,314 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/29 10:34:57 | 000,368,383 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/28 20:48:32 | 000,069,336 | ---- | C] () -- C:\WINDOWS\System32\mq.exe
[2011/08/28 13:24:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/28 02:59:45 | 000,069,336 | ---- | C] () -- C:\WINDOWS\System32\cq.exe
[2011/08/27 22:38:26 | 000,025,658 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/25 21:03:34 | 000,069,336 | ---- | C] () -- C:\WINDOWS\System32\ge.exe
[2011/08/22 21:51:20 | 000,005,894 | ---- | C] () -- C:\a.bat
[2011/08/22 21:35:08 | 000,505,856 | RHS- | C] () -- C:\WINDOWS\System32\upds.exe
[2011/08/20 16:02:14 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\TFTP3476
[2011/08/16 23:45:31 | 000,506,842 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:49 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS.lnk
[2011/08/13 16:59:49 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS.lnk
[2011/08/13 16:59:48 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/13 16:52:50 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk
[2011/08/10 23:19:52 | 000,009,778 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[2011/08/10 11:57:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
[2011/07/18 21:20:28 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/07/09 20:20:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/02 14:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/08/09 11:01:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/05 13:54:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\tutildel.exe
[2002/08/01 14:53:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2002/08/01 14:53:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/08/01 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/08/01 13:48:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/08/01 13:46:53 | 000,000,546 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/01 13:46:53 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/01 13:46:25 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/08/01 13:30:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/08/01 13:26:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2002/08/01 13:21:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2002/08/01 13:18:28 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/08/01 13:15:06 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/08/01 13:15:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/08/01 13:15:06 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/08/01 13:15:06 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/08/01 09:21:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/08/01 09:19:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/01 09:15:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/01 09:11:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/01 09:09:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/08/01 08:45:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/08/01 08:44:01 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/08/01 08:43:54 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2002/08/01 08:43:52 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/01 08:43:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/01 08:43:52 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/01 08:43:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/01 08:43:49 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/01 08:43:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/01 08:43:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/01 08:43:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/01 08:43:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/01 08:43:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/01 08:42:46 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/01 02:03:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/01 02:02:24 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
[2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
[2011/07/21 18:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/07/14 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2011/07/14 11:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2011/07/12 01:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/06 09:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/08/28 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/07/16 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/15 18:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2011/08/29 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\DMCache
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Drag'n Drop CD
[2011/07/06 09:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GameHouse
[2011/07/09 20:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GamesCafe
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterTrust
[2011/08/11 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterVideo
[2011/07/18 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Jane s Hotel
[2011/07/13 02:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Mysteryville2
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\PlayFirst
[2011/07/03 16:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\RobotSoft
[2011/08/28 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Spyware Terminator
[2011/07/15 16:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Supermarket Mania 2
[2011/07/16 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\World-LooM
[2011/07/02 23:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Y!Supra
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Zbshareware Lab
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/09/03 16:04:48 | 000,748,643 | ---- | M] (maliprog @ Geekstogo) MD5=036621107C359B7FC3BE7C3757EE7F60 -- C:\Documents and Settings\pab\Desktop\explorer.exe
[2001/08/18 05:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) MD5=5A26FC6010886D25B3E412493DD95ED8 -- C:\WINDOWS\explorer.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2001/08/18 05:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\WINDOWS\system32\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2001/08/18 05:00:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=585398603F570F9705774D65D292E5D1 -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2001/08/18 05:00:00 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=2B0E480E975EE51F2D5CE5F068FED6E2 -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2001/10/03 18:50:50 | 000,106,560 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2001/08/18 05:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/18 05:00:00 | 000,151,552 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AMERIC~1.0\aol.exe [2001/10/03 18:50:50 | 000,106,560 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2001/08/18 05:00:00 | 000,091,136 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/18 05:00:00 | 000,151,552 | ---- | M] (Microsoft Corporation)
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193C133
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9

< End of report >