OTL logfile created on: 14-04-2010 9:12:01 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrador\Ambiente de trabalho Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 5.00.3700.1000) Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy 126,00 Mb Total Physical Memory | 15,00 Mb Available Physical Memory | 12,00% Memory free 302,00 Mb Paging File | 150,00 Mb Available in Paging File | 49,00% Paging File free Paging file location(s): C:\pagefile.sys 192 384 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programas Drive C: | 1,99 Gb Total Space | 0,72 Gb Free Space | 36,15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 3,72 Gb Total Space | 0,65 Gb Free Space | 17,50% Space Free | Partition Type: FAT32 Drive F: | 1,99 Gb Total Space | 1,12 Gb Free Space | 56,38% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SNT-1_S11 Current User Name: Administrador Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-26 23:45:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Ambiente de trabalho\OTL.exe PRC - [2010-01-07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Programas\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010-01-07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010-01-07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2008-04-14 11:33:40 | 001,765,100 | ---- | M] () -- c:\Program Files\ILC\MaxView\TMComm\TMComm.exe PRC - [2007-04-11 11:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Programas\WinZip\WZQKPICK.EXE PRC - [2007-02-13 11:53:34 | 000,836,012 | ---- | M] () -- C:\Program Files\ILC\MaxView\MCOMM\mcomm_3.69.9.1.exe PRC - [2006-05-12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Programas\RealVNC\VNC4\winvnc4.exe PRC - [2003-07-14 12:00:00 | 000,243,984 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe PRC - [2003-07-14 12:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe PRC - [2003-07-14 12:00:00 | 000,120,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe PRC - [2003-07-14 12:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe PRC - [2003-07-14 12:00:00 | 000,020,752 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\internat.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-03-26 23:45:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Ambiente de trabalho\OTL.exe MOD - [2003-07-14 12:00:00 | 000,024,848 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll MOD - [2003-07-14 12:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll MOD - [2003-07-14 12:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\indicdll.dll MOD - [2003-07-14 12:00:00 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-01-07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008-04-14 11:33:40 | 001,765,100 | ---- | M] () [Auto | Running] -- c:\Program Files\ILC\Maxview\TMComm\TMComm.exe -- (MVP-TMComm) SRV - [2007-02-13 11:53:34 | 000,836,012 | ---- | M] () [Auto | Running] -- C:\Program Files\ILC\MaxView\MCOMM\mcomm_3.69.9.1.exe -- (Mcomm) SRV - [2006-05-12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Programas\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV - [2003-07-14 12:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt) WMI (Instrumento de gestão do Windows) SRV - [2003-07-14 12:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin) SRV - [2003-07-14 12:00:00 | 000,120,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule) SRV - [2003-07-14 12:00:00 | 000,096,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax) SRV - [2003-07-14 12:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry) SRV - [2003-07-14 12:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://172.27.175.51/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2009-01-14 13:52:17 | 000,003,578 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 172.27.185.220 SESIMBRA-DTA O1 - Hosts: 172.27.185.224 SESIMBRA-DTABU O1 - Hosts: 172.27.185.226 SESIMBRA-DTB O1 - Hosts: 172.27.185.41 SESIMBRA_S1 O1 - Hosts: 172.27.185.131 SESIMBRA-ETHERTRAK1 O1 - Hosts: 172.27.185.132 SESIMBRA-ETHERTRAK2 O1 - Hosts: 172.27.184.220 CARCAVELOS-DT O1 - Hosts: 172.27.184.224 CARCAVELOS-DTB O1 - Hosts: 172.27.184.41 CARCAVELOS_S1 O1 - Hosts: 172.27.184.131 CARCAVELOS-ETHERTRAK1 O1 - Hosts: 172.27.184.132 CARCAVELOS-ETHERTRAK2 O1 - Hosts: 172.27.155.220 PONTADELGADASMS O1 - Hosts: 172.27.155.225 PDELGADASMS-BU O1 - Hosts: 172.27.155.224 PONTADELGADA-NB O1 - Hosts: 172.27.155.131 PONTADELGADASMS-ETHERTRAK1 O1 - Hosts: 172.27.155.132 PONTADELGADASMS-ETHERTRAK2 O1 - Hosts: 172.27.164.220 FUNCHAL-DT O1 - Hosts: 172.27.164.131 FUNCHAL-ETHERTRAK1 O1 - Hosts: 172.27.164.132 FUNCHAL-ETHERTRAK2 O1 - Hosts: 172.27.175.222 TESTES O1 - Hosts: 172.27.175.221 MAC-GENERAL O1 - Hosts: 172.27.175.225 SINTRA1-SRV2 O1 - Hosts: 172.27.175.231 SINTRA-SRV-BU O1 - Hosts: 172.27.175.232 SINTRA-LOGGER O1 - Hosts: 101 more lines... O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Rádio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [internat.exe] C:\WINNT\System32\internat.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler - No CLSID value found O18 - Protocol\Filter\deflate - No CLSID value found O18 - Protocol\Filter\gzip - No CLSID value found O18 - Protocol\Filter\lzdhtml - No CLSID value found O18 - Protocol\Filter\text/webviewhtml - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation) O24 - Desktop Components:0 (A minha home page actual) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-08-16 14:24:21 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-04-13 09:31:23 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-04-12 20:27:46 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010-04-13 09:31:24 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: Ias - C:\WINNT\system32\ias [2007-08-16 10:55:55 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Nwsapagent - File not found SystemRestore not available. [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2010-04-14 08:31:40 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Ambiente de trabalho\OTL.exe [2010-04-13 09:31:23 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010-03-31 15:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Os meus documentos\Bkup [3 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2010-04-14 08:32:11 | 000,409,600 | -H-- | M] () -- C:\Documents and Settings\Administrador\NTUSER.DAT [2010-04-13 09:35:40 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT [2010-04-13 09:34:01 | 000,000,190 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini [2010-04-13 07:25:24 | 000,067,584 | ---- | M] () -- C:\WINNT\System32\75.scr [2010-04-12 18:20:51 | 000,067,584 | ---- | M] () -- C:\WINNT\System32\73.scr [2010-04-12 17:37:48 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Administrador\Ambiente de trabalho\Flash_Disinfector(2).exe [2010-04-12 16:25:43 | 000,063,488 | ---- | M] () -- C:\WINNT\System32\60.scr [3 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-13 09:30:40 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Administrador\Ambiente de trabalho\Flash_Disinfector(2).exe [2010-04-13 03:09:34 | 000,067,584 | ---- | C] () -- C:\WINNT\System32\75.scr [2010-04-12 18:20:51 | 000,067,584 | ---- | C] () -- C:\WINNT\System32\73.scr [2010-04-12 16:25:42 | 000,063,488 | ---- | C] () -- C:\WINNT\System32\60.scr [2007-08-16 14:23:21 | 000,022,073 | -H-- | C] () -- C:\Programas\folder.htt [2003-07-14 12:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll [2003-07-14 12:00:00 | 000,034,064 | ---- | C] () -- C:\WINNT\System32\efsadu.dll [2003-07-14 12:00:00 | 000,013,903 | ---- | C] () -- C:\WINNT\System32\iasperf.ini [2003-07-14 12:00:00 | 000,003,066 | ---- | C] () -- C:\WINNT\System32\faxperf.ini [2003-07-14 12:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini [1999-09-25 19:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys [1999-09-25 19:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys [color=#E56717]========== LOP Check ==========[/color] [2007-12-19 14:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2003-07-14 12:00:00 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe [2003-07-14 12:00:00 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2003-07-14 12:00:00 | 006,581,917 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2003-07-14 12:00:00 | 006,581,917 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys [2003-07-14 12:00:00 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2003-07-14 12:00:00 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=2E1BEEFDCFADADC62FCEAEED2AA30028 -- C:\WINNT\system32\dllcache\eventlog.dll [2003-07-14 12:00:00 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=2E1BEEFDCFADADC62FCEAEED2AA30028 -- C:\WINNT\system32\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2003-07-14 12:00:00 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=F4BDEDE21A586EC165B235BF034DC580 -- C:\WINNT\system32\dllcache\netlogon.dll [2003-07-14 12:00:00 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=F4BDEDE21A586EC165B235BF034DC580 -- C:\WINNT\system32\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2003-07-14 12:00:00 | 000,117,008 | ---- | M] (Microsoft Corporation) MD5=9CFD2FF6E7E1A4C921955C2E4BEA1294 -- C:\WINNT\system32\dllcache\scecli.dll [2003-07-14 12:00:00 | 000,117,008 | ---- | M] (Microsoft Corporation) MD5=9CFD2FF6E7E1A4C921955C2E4BEA1294 -- C:\WINNT\system32\scecli.dll [color=#A23BEC]< %systemroot%\*./mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2007-08-16 10:56:44 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav [2007-08-16 10:56:44 | 000,544,768 | ---- | M] () -- C:\WINNT\system32\config\software.sav [2007-08-16 10:56:44 | 000,352,256 | ---- | M] () -- C:\WINNT\system32\config\system.sav [color=#A23BEC]< %systemroot%system32\drivers\*.sys /90 >[/color] < End of report >