thanks very much, help will be very much appreciated.I'm sure it is cause by some virus, the last time I made some scan while MBAM's working I thought its already gone, but now I know its not.Thank you again 
All exe files wont work, safe mode not working and antivirus/antimalwa
Started by
ejhay06
, Aug 31 2011 06:44 AM
-
This topic is locked
#1
Posted 31 August 2011 - 06:44 AM
ejhay06
-
- Member
-
- 19 posts
Member
thanks very much, help will be very much appreciated.I'm sure it is cause by some virus, the last time I made some scan while MBAM's working I thought its already gone, but now I know its not.Thank you again
#2
Posted 31 August 2011 - 07:12 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Hello ejhay06 and welcome to G2G!
My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:
NOTE:
Step 1
We need to disable malware processes on your system first
Step 2
Download OTL to your Desktop
Step 3
Please don't forget to include these items in your reply:
My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:
NOTE:
- Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
- Absence of symptoms does not always mean the computer is clean
- Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
- Please DO NOT run any scans or fix on your own without my direction.
- Please read all of my response through at least once before attempting to follow the procedures described.
- If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
- Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
- You must reply within 3 days or your topic will be closed
Step 1
We need to disable malware processes on your system first
- Download TheKiller to your Desktop
- Note that TheKiller is renamed as explorer.exe
- Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
- Press OK button after program finish
- Do not restart your system after this step
Step 2
Download OTL to your Desktop
- Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
Step 3
Please don't forget to include these items in your reply:
- OTL log
- OTL Extras log
#3
Posted 31 August 2011 - 07:19 AM
ejhay06
- Topic Starter
-
- Member
-
- 19 posts
Member
Sir, before I begin doing this, I would like to ask if the results for OTL opens in notepad?If it does, my notepad don't work as well, it says missing shortcut.thank you very much.,sorry for all the trouble.
#4
Posted 31 August 2011 - 12:19 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
If it fails to open notepad then attach OTL.txt and Extras.txt in your next reply. These are saved in the same location as OTL.
But I hope it will open...
But I hope it will open...
#5
Posted 01 September 2011 - 11:25 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Hi ejhay06,
Are you still with me?
Are you still with me?
#6
Posted 03 September 2011 - 02:25 AM
ejhay06
- Topic Starter
-
- Member
-
- 19 posts
Member
sorry Sir ive been out yesterday fixing some papers, my brother told me he can't use the firefox as well, now I am only using IE for posting this, here is the logs. thanks very much sir.
------------------
------------------
Attached Files
-
OTL.Txt 65.38KB
139 downloads
-
Extras.Txt 51.7KB
171 downloads
#7
Posted 03 September 2011 - 08:41 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
Hi ejhay06,
We have work to do...
Step 1
Please close all running programs and Run OTL
Step 2
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Step 3
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
Step 4
Please don't forget to include these items in your reply:
We have work to do...
Step 1
Please close all running programs and Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:processes
killallprocesses
:OTL
MOD - [2011/09/03 16:11:01 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
[2011/09/02 23:38:35 | 000,050,703 | ---- | M] () -- C:\WINDOWS\System32\lpdd.exe
[2011/08/29 12:38:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ug.exe
[2011/08/28 20:48:44 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\mq.exe
[2011/08/28 02:59:49 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\cq.exe
[2011/08/25 21:03:50 | 000,069,336 | ---- | M] () -- C:\WINDOWS\System32\ge.exe
[2011/08/22 21:51:39 | 000,005,894 | ---- | M] () -- C:\a.bat
[2011/08/22 21:51:12 | 000,505,856 | RHS- | M] () -- C:\WINDOWS\System32\upds.exe
[2011/08/20 16:03:50 | 000,036,864 | R--- | M] () -- C:\WINDOWS\System32\TFTP3476
[2002/08/05 13:54:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\tutildel.exe
[2002/08/01 14:53:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
:Files
C:\Documents and Settings\pab\Local Settings\Temp\winjosoef.exe
ipconfig /flushdns /c
:Commands
[purity]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Step 3
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
- Extract the zip file to its own folder.
- Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
- Click Start scan to start scanning.
- If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
- Click Continue button
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 4
Please don't forget to include these items in your reply:
- OTL fix log
- Malwarebytes log
- TDSSKiller log
#8
Posted 03 September 2011 - 11:22 AM
ejhay06
- Topic Starter
-
- Member
-
- 19 posts
Member
Sir Ive attached the result from the OTL, but I can't attach the MBAM result, notepad still not working, when I scanned using MBAM and I restarted it, when it comes back on, theres only black screen so I needed to turn it off again, thank you.
Attached Files
-
09042011_004808.log 4.17KB
156 downloads
#9
Posted 03 September 2011 - 11:55 AM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
I understand. It's OK. Please do TDSSKiller log and try to post/attach result.
#10
Posted 03 September 2011 - 12:28 PM
ejhay06
- Topic Starter
-
- Member
-
- 19 posts
Member
sir I'm sorry, but can you please post again the download link of tdsskiller, I cant seem to see the post unless I click the add reply, thats when i could only see your post, it just keeps on loading. really sorry
#11
Posted 03 September 2011 - 02:06 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
No problems.
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
- Extract the zip file to its own folder.
- Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
- Click Start scan to start scanning.
- If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
- Click Continue button
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
#12
Posted 03 September 2011 - 10:02 PM
ejhay06
- Topic Starter
-
- Member
-
- 19 posts
Member
Sir, there's another problem, I can't open zip files or rar files as well sorry for the toruble. I just want to reformat it but my recovery cd is not working as well, really sorry
sorry for the toruble. I just want to reformat it but my recovery cd is not working as well, really sorry
#13
Posted 03 September 2011 - 11:31 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
We have other tools to work with. Give us chance before you re-format your system.
Please do OTL Quick Scan but tis time make sure All Users option is selected. Post/attach OTL.txt log after the scan.
Please do OTL Quick Scan but tis time make sure All Users option is selected. Post/attach OTL.txt log after the scan.
#14
Posted 04 September 2011 - 06:09 AM
ejhay06
- Topic Starter
-
- Member
-
- 19 posts
Member
OTL logfile created on: 9/4/2011 8:01:54 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\pab\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.36 Mb Total Physical Memory | 818.07 Mb Available Physical Memory | 79.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.56 Gb Free Space | 62.82% Space Free | Partition Type: NTFS
Drive E: | 24.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TOSHIBA-USER | User Name: pab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
PRC - [2011/07/18 21:20:28 | 002,286,592 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
PRC - [2002/07/31 11:41:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2002/07/03 17:17:00 | 000,102,400 | R--- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/04/15 18:35:38 | 000,311,296 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2002/04/03 17:19:22 | 000,237,568 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2002/03/19 20:38:26 | 000,286,720 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
PRC - [2001/08/18 05:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/03 17:08:28 | 000,135,168 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
MOD - [2010/01/12 18:27:48 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\XCodec.dll
MOD - [2010/01/12 18:27:46 | 000,159,744 | ---- | M] () -- C:\Program Files\Globe Broadband\SMSPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,151,552 | ---- | M] () -- C:\Program Files\Globe Broadband\DetectDev.dll
MOD - [2010/01/12 18:27:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Globe Broadband\LocaleMgrPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,090,112 | ---- | M] () -- C:\Program Files\Globe Broadband\FileManager.dll
MOD - [2010/01/12 18:27:46 | 000,086,016 | ---- | M] () -- C:\Program Files\Globe Broadband\DialUpPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceOperate.dll
MOD - [2010/01/12 18:27:46 | 000,057,344 | ---- | M] () -- C:\Program Files\Globe Broadband\ConfigFilePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,032,768 | ---- | M] () -- C:\Program Files\Globe Broadband\NotifyServicePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,014,848 | ---- | M] () -- C:\Program Files\Globe Broadband\isaputrace.dll
MOD - [2010/01/12 18:27:44 | 000,552,960 | ---- | M] () -- C:\Program Files\Globe Broadband\atcomm.dll
MOD - [2010/01/12 18:27:44 | 000,073,728 | ---- | M] () -- C:\Program Files\Globe Broadband\CallPlugin.dll
MOD - [2009/12/10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Globe Broadband\NDISAPI.dll
MOD - [2009/12/10 10:53:38 | 000,172,032 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrUIPlugin.dll
MOD - [2009/12/10 10:52:58 | 000,114,688 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrPlugin.dll
MOD - [2009/09/19 11:08:04 | 000,118,784 | ---- | M] () -- C:\Program Files\Globe Broadband\NetInfoPlugin.dll
MOD - [2001/08/18 05:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (PrtSmanm)
SRV - File not found [Auto | Stopped] -- -- (Netmanm)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/04 02:05:23 | 000,115,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2001/08/18 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (aic32p)
DRV - [2011/07/18 21:20:28 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/07/06 19:52:42 | 000,021,048 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2002/08/01 13:43:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/06/21 11:47:56 | 001,133,440 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/05/17 04:56:02 | 000,063,501 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/04/04 18:12:48 | 000,023,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2002/02/26 17:00:00 | 000,585,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2002/02/26 17:00:00 | 000,065,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVENG.SYS -- (NAVENG)
DRV - [2002/02/26 10:40:24 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/01/29 14:43:52 | 000,488,960 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/01/24 14:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/01/07 18:16:40 | 000,015,111 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tossdpci.sys -- (pciSd)
DRV - [2001/12/19 16:46:44 | 000,155,136 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/12/12 14:55:02 | 000,157,984 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2001/12/12 14:54:36 | 000,014,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2001/12/08 15:00:00 | 000,183,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAVAP.SYS -- (NAVAP)
DRV - [2001/09/13 19:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/09/11 11:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 14:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 18:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\pab\Application Data\IDM\idmmzcc3
[2011/07/02 14:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Extensions
[2011/08/05 19:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Firefox\Profiles\lvfzyrae.default\extensions
[2011/09/03 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PAB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LVFZYRAE.DEFAULT\EXTENSIONS\[email protected]
[2011/08/30 15:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/30 12:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/01 09:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/16 19:13:46 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/04 00:51:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/04 00:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 00:51:32 | 000,021,048 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/04 00:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 00:48:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:41:29 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 17:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Google
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Opera
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/09/03 17:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/09/03 17:16:01 | 010,377,904 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 00:04:37 | 000,642,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/08/30 01:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/30 01:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/28 15:40:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/28 04:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Xara
[2011/08/25 03:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Desktop\mobile movies
[2011/08/21 14:36:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pab\Recent
[2011/08/17 02:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/14 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\AdobeUM
[2011/08/14 03:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Adobe
[2011/08/13 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2011/08/13 16:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/08/13 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2011/08/13 16:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/08/13 16:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/08/11 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\InterVideo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/04 14:06:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 14:06:14 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 00:51:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 00:45:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 18:34:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/03 17:16:01 | 010,377,904 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 20:00:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/09/02 01:51:49 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/09/02 00:04:00 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/31 02:57:15 | 000,003,692 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/30 12:51:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 01:47:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/29 15:36:40 | 000,679,607 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:30 | 001,158,462 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:17 | 001,153,599 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:34:58 | 000,368,383 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/29 05:30:38 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/28 13:24:09 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:30 | 000,025,658 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/27 17:42:22 | 001,076,314 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/20 00:55:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 23:56:22 | 000,001,136 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 23:45:33 | 000,506,842 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:48 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/10 23:19:53 | 000,009,778 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/04 00:51:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:34:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/09/03 17:16:46 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/02 01:51:49 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:03:59 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/30 01:47:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/30 01:03:51 | 000,003,692 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/29 15:36:40 | 000,679,607 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:27 | 001,158,462 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:08 | 001,153,599 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:35:25 | 001,076,314 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/29 10:34:57 | 000,368,383 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/28 13:24:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:26 | 000,025,658 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/16 23:45:31 | 000,506,842 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:49 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS.lnk
[2011/08/13 16:59:49 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS.lnk
[2011/08/13 16:59:48 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/13 16:52:50 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk
[2011/08/10 23:19:52 | 000,009,778 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[2011/08/10 11:57:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
[2011/07/18 21:20:28 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/07/09 20:20:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/02 14:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/08/09 11:01:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/01 14:53:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/08/01 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/08/01 13:48:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/08/01 13:46:53 | 000,000,546 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/01 13:46:53 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/01 13:46:25 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/08/01 13:30:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/08/01 13:26:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2002/08/01 13:21:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2002/08/01 13:18:28 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/08/01 13:15:06 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/08/01 13:15:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/08/01 13:15:06 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/08/01 13:15:06 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/08/01 09:21:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/08/01 09:19:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/01 09:15:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/01 09:11:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/01 09:09:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/08/01 08:45:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/08/01 08:44:01 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/08/01 08:43:54 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2002/08/01 08:43:52 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/01 08:43:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/01 08:43:52 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/01 08:43:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/01 08:43:49 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/01 08:43:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/01 08:43:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/01 08:43:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/01 08:43:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/01 08:43:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/01 08:42:46 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/01 02:03:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/01 02:02:24 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
[2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
[2011/07/21 18:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/07/14 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2011/07/14 11:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2011/07/12 01:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/06 09:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/08/28 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/07/16 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/15 18:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2011/08/29 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\DMCache
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Drag'n Drop CD
[2011/07/06 09:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GameHouse
[2011/07/09 20:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GamesCafe
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterTrust
[2011/08/11 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterVideo
[2011/07/18 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Jane s Hotel
[2011/07/13 02:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Mysteryville2
[2011/09/03 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\PlayFirst
[2011/07/03 16:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\RobotSoft
[2011/08/28 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Spyware Terminator
[2011/07/15 16:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Supermarket Mania 2
[2011/07/16 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\World-LooM
[2011/07/02 23:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Y!Supra
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Zbshareware Lab
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193C133
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
< End of report >
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\pab\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.36 Mb Total Physical Memory | 818.07 Mb Available Physical Memory | 79.94% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 17.56 Gb Free Space | 62.82% Space Free | Partition Type: NTFS
Drive E: | 24.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: TOSHIBA-USER | User Name: pab | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
PRC - [2011/07/18 21:20:28 | 002,286,592 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
PRC - [2002/07/31 11:41:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
PRC - [2002/07/03 17:17:00 | 000,102,400 | R--- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
PRC - [2002/04/15 18:35:38 | 000,311,296 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2002/04/03 17:19:22 | 000,237,568 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2002/03/19 20:38:26 | 000,286,720 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
PRC - [2001/08/18 05:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/03 17:08:28 | 000,135,168 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/02 14:12:25 | 000,176,128 | ---- | M] () -- C:\Program Files\Globe Broadband\Globe Broadband.exe
MOD - [2010/01/12 18:27:48 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\XCodec.dll
MOD - [2010/01/12 18:27:46 | 000,159,744 | ---- | M] () -- C:\Program Files\Globe Broadband\SMSPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,151,552 | ---- | M] () -- C:\Program Files\Globe Broadband\DetectDev.dll
MOD - [2010/01/12 18:27:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Globe Broadband\LocaleMgrPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,090,112 | ---- | M] () -- C:\Program Files\Globe Broadband\FileManager.dll
MOD - [2010/01/12 18:27:46 | 000,086,016 | ---- | M] () -- C:\Program Files\Globe Broadband\DialUpPlugin.dll
MOD - [2010/01/12 18:27:46 | 000,061,440 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceOperate.dll
MOD - [2010/01/12 18:27:46 | 000,057,344 | ---- | M] () -- C:\Program Files\Globe Broadband\ConfigFilePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,032,768 | ---- | M] () -- C:\Program Files\Globe Broadband\NotifyServicePlugin.dll
MOD - [2010/01/12 18:27:46 | 000,014,848 | ---- | M] () -- C:\Program Files\Globe Broadband\isaputrace.dll
MOD - [2010/01/12 18:27:44 | 000,552,960 | ---- | M] () -- C:\Program Files\Globe Broadband\atcomm.dll
MOD - [2010/01/12 18:27:44 | 000,073,728 | ---- | M] () -- C:\Program Files\Globe Broadband\CallPlugin.dll
MOD - [2009/12/10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Globe Broadband\NDISAPI.dll
MOD - [2009/12/10 10:53:38 | 000,172,032 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrUIPlugin.dll
MOD - [2009/12/10 10:52:58 | 000,114,688 | ---- | M] () -- C:\Program Files\Globe Broadband\DeviceMgrPlugin.dll
MOD - [2009/09/19 11:08:04 | 000,118,784 | ---- | M] () -- C:\Program Files\Globe Broadband\NetInfoPlugin.dll
MOD - [2001/08/18 05:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (PrtSmanm)
SRV - File not found [Auto | Stopped] -- -- (Netmanm)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/04 02:05:23 | 000,115,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2011/07/18 21:20:28 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2001/08/18 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (aic32p)
DRV - [2011/07/18 21:20:28 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011/07/06 19:52:42 | 000,021,048 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2002/08/01 13:43:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/06/21 11:47:56 | 001,133,440 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/05/17 04:56:02 | 000,063,501 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2002/04/04 18:12:48 | 000,023,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsdhd.sys -- (tsdhd)
DRV - [2002/02/26 17:00:00 | 000,585,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2002/02/26 17:00:00 | 000,065,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20020227.005\NAVENG.SYS -- (NAVENG)
DRV - [2002/02/26 10:40:24 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/01/29 14:43:52 | 000,488,960 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/01/24 14:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys -- (TBiosDrv)
DRV - [2002/01/07 18:16:40 | 000,015,111 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tossdpci.sys -- (pciSd)
DRV - [2001/12/19 16:46:44 | 000,155,136 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/12/12 14:55:02 | 000,157,984 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2001/12/12 14:54:36 | 000,014,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2001/12/08 15:00:00 | 000,183,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAVAP.SYS -- (NAVAP)
DRV - [2001/09/13 19:53:02 | 000,005,936 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG)
DRV - [2001/09/11 11:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 14:23:58 | 000,005,264 | ---- | M] (Toshiba Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
IE - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/03 18:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\pab\Application Data\IDM\idmmzcc3
[2011/07/02 14:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Extensions
[2011/08/05 19:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pab\Application Data\Mozilla\Firefox\Profiles\lvfzyrae.default\extensions
[2011/09/03 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PAB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LVFZYRAE.DEFAULT\EXTENSIONS\[email protected]
[2011/08/30 15:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/30 12:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2001/08/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\Toshiba\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-334337264-1417066420-3376078148-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/01 09:15:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 11:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/16 19:13:46 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/04 00:51:39 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/04 00:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/04 00:51:32 | 000,021,048 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/04 00:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/04 00:48:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/04 00:41:29 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 17:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Google
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Opera
[2011/09/03 17:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/09/03 17:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/09/03 17:16:01 | 010,377,904 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 00:04:37 | 000,642,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/08/30 01:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/30 01:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/28 15:40:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/08/28 04:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Xara
[2011/08/25 03:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Desktop\mobile movies
[2011/08/21 14:36:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pab\Recent
[2011/08/17 02:31:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/14 03:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\AdobeUM
[2011/08/14 03:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Local Settings\Application Data\Adobe
[2011/08/13 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2011/08/13 16:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/08/13 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrintMe Internet Printing
[2011/08/13 16:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/08/13 16:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/08/11 21:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pab\Application Data\InterVideo
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/04 14:06:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 14:06:14 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 00:51:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/04 00:45:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\pab\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/03 18:34:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/03 17:16:01 | 010,377,904 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\pab\Desktop\Opera_1151_int_Setup.exe
[2011/09/02 20:00:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2011/09/02 01:51:49 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:04:42 | 000,642,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pab\Desktop\OTL.scr
[2011/09/02 00:04:00 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/31 02:57:15 | 000,003,692 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/30 12:51:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 01:47:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/29 15:36:40 | 000,679,607 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:30 | 001,158,462 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:17 | 001,153,599 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:34:58 | 000,368,383 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/29 05:30:38 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/28 13:24:09 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:30 | 000,025,658 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/27 17:42:22 | 001,076,314 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/20 00:55:46 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 23:56:22 | 000,001,136 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 23:45:33 | 000,506,842 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:48 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/10 23:19:53 | 000,009,778 | ---- | M] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | M] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/04 00:51:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 18:34:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/03 17:16:47 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\pab\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/09/03 17:16:47 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/09/03 17:16:46 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/09/02 01:51:49 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\contract.rtf
[2011/09/02 00:03:59 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\123.rtf
[2011/08/30 01:47:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/30 01:03:51 | 000,003,692 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Document2.rtf
[2011/08/29 15:36:40 | 000,679,607 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2takip.JPG
[2011/08/29 14:08:27 | 001,158,462 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited2.jpg
[2011/08/29 13:57:08 | 001,153,599 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregationedited.jpg
[2011/08/29 10:35:25 | 001,076,314 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\segregation.jpg
[2011/08/29 10:34:57 | 000,368,383 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\momsy.jpg
[2011/08/28 13:24:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\pab\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 04:36:59 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\Shortcut to Portable Xara3D6.exe.lnk
[2011/08/27 22:38:26 | 000,025,658 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110827_223823.reg
[2011/08/16 23:45:31 | 000,506,842 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\Untitled-1.psd
[2011/08/13 16:59:49 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS.lnk
[2011/08/13 16:59:49 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS.lnk
[2011/08/13 16:59:48 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/08/13 16:52:54 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2011/08/13 16:52:50 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 6.0.lnk
[2011/08/10 23:19:52 | 000,009,778 | ---- | C] () -- C:\Documents and Settings\pab\My Documents\cc_20110810_231948.reg
[2011/08/10 19:23:58 | 000,077,412 | ---- | C] () -- C:\Documents and Settings\pab\Desktop\makulay ang kendi.jpg
[2011/08/10 11:57:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
[2011/07/18 21:20:28 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/07/09 20:20:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/02 14:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2002/08/09 11:01:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/08/01 14:53:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2002/08/01 13:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/08/01 13:48:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/08/01 13:46:53 | 000,000,546 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/08/01 13:46:53 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/08/01 13:46:25 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2002/08/01 13:30:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/08/01 13:26:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2002/08/01 13:21:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2002/08/01 13:18:28 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/08/01 13:15:06 | 000,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/08/01 13:15:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/08/01 13:15:06 | 000,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/08/01 13:15:06 | 000,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/08/01 09:21:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/08/01 09:19:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/08/01 09:15:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/08/01 09:11:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/08/01 09:09:39 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/08/01 08:45:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/08/01 08:44:01 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/08/01 08:43:54 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2002/08/01 08:43:52 | 000,313,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/01 08:43:52 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/01 08:43:52 | 000,041,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/01 08:43:52 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/01 08:43:49 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/01 08:43:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/01 08:43:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/08/01 08:43:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/01 08:43:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/01 08:43:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/01 08:42:46 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/01 02:03:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/08/01 02:02:24 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
[2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
[2011/07/21 18:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/07/14 11:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2011/07/14 11:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2011/07/12 01:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/06 09:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/08/28 23:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2011/07/16 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/15 18:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Drag'n Drop CD
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2011/08/29 23:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\DMCache
[2002/08/01 15:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Drag'n Drop CD
[2011/07/06 09:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GameHouse
[2011/07/09 20:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\GamesCafe
[2002/08/01 13:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterTrust
[2011/08/11 21:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\InterVideo
[2011/07/18 20:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Jane s Hotel
[2011/07/13 02:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Mysteryville2
[2011/09/03 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Opera
[2011/07/25 23:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\PlayFirst
[2011/07/03 16:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\RobotSoft
[2011/08/28 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Spyware Terminator
[2011/07/15 16:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Supermarket Mania 2
[2011/07/16 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\World-LooM
[2011/07/02 23:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Y!Supra
[2011/07/19 02:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pab\Application Data\Zbshareware Lab
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193C133
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
< End of report >
#15
Posted 04 September 2011 - 11:31 PM
maliprog
-
- Malware Removal
-
- 6,172 posts
Trusted Helper
I still see signs of infection on your system. First some questions for you to narrow the problem:
If you get any error messages by trying to open them write it down for me please.
Step 1
Download SREng
Step 2
Please close all running programs and Run OTL
Step 3
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
Step 4
Please don't forget to include these items in your reply:
- Can you open TXT files now?
- Can you just start Notepad?
- Can you run EXE files now?
If you get any error messages by trying to open them write it down for me please.
Step 1
Download SREng
- Extract it to Desktop and double click SREngLdr.EXE to run it
- Select System Repair from the left pane.
- Click on File Association
- Select all entries that has an Error status click [Repair]
- Refer to this image for an example:
- Close SREng now.
Step 2
Please close all running programs and Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2011/08/03 19:29:46 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\ga.exe
[2011/07/06 12:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\10-7r-18-1s-o3-6r
[2011/07/06 20:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-55-55-55-55-55
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOCUME~1\pab\LOCALS~1\Temp\winsjgkq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winbvirnk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winvpnda.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\w7e06a.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winbtekp.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winefvlea.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnthiox.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkiop.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wincavhuh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winuxio.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winxfjjhc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winrhvum.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winmgcl.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winokfck.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpitmge.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winjdfohl.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\~e5d141.tmp"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\windtejo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkbqgsv.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winvves.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wintxkia.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winqkmi.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winsnhw.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winuyjb.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winucgc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winirlwk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wincioqc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winyuajo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winagslax.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkxti.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\windtcm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\windgjdp.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winayibpm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winkybk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wingxxa.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wintwipfd.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winucwbh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winjsdo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhqttd.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhmpqk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winwdko.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winbyuej.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wintmnym.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winvnkumg.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winoihj.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnocjj.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winquyk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winynvos.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winimpwml.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhdjkkh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winxpjt.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpjged.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winljplv.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhcwm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wingfmkfn.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winccwg.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnwitl.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winibcthk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winsjlmo.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winqrcfuj.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpxlxya.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpdralc.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winoyfy.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winfidie.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpgnb.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winwvityg.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winfvctrv.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winakoiax.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winwcgq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winhatd.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnrubm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winqexko.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winrexwid.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winscldof.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winoobm.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winckpmh.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winthpuoq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wingvuk.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winmvuq.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\wincbbwp.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winnpej.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winjosoef.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winpprpu.exe"=-
"C:\DOCUME~1\pab\LOCALS~1\Temp\winadryh.exe"=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 3
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
Step 4
Please don't forget to include these items in your reply:
- OTL fix log
- AVPTool log
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
