Hello Ron
Thanks again for your time and patience.
I have done an OTL "fix" with paramenters you have posted, and now I am comming back with a new OTL scanning result on that machine. Here it is:
OTL logfile created on: 4/19/2010 10:31:54 AM - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\mac\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:
503.00 Mb Total Physical Memory | 59.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 9.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 62.84 Gb Free Space | 84.34% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 3.72 Gb Total Space | 0.65 Gb Free Space | 17.45% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP22552173873
Current User Name: mac
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/03/26 23:45:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mac\Desktop\OTL.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/04/02 09:36:14 | 000,204,800 | ---- | M] () -- C:\Program Files\ILC\MaxView\Persistence Service\wrapper.exe
PRC - [2007/12/14 23:21:44 | 005,754,880 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2005/09/23 13:43:44 | 000,131,072 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe
PRC - [2005/09/23 13:43:44 | 000,102,400 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
PRC - [2005/08/26 15:55:46 | 000,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\java.exe
PRC - [2005/04/17 12:31:56 | 000,038,648 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\CBA\pds.exe
PRC - [2005/04/17 12:31:42 | 000,908,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe
PRC - [2005/04/17 12:31:18 | 001,726,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\SAV\Rtvscan.exe
PRC - [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\SAV\VPTray.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\SAV\DefWatch.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/09/15 12:34:46 | 000,041,042 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 04:00:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2004/08/04 00:56:58 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2004/06/20 20:45:28 | 000,630,854 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2003/07/30 13:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/07/26 09:42:40 | 000,376,832 | ---- | M] () -- C:\Program Files\ILC\MaxView\Broker\SNMP\snmpdm.exe
PRC - [2002/07/26 09:42:40 | 000,073,728 | ---- | M] () -- C:\Program Files\ILC\MaxView\Broker\SNMP\msnsaagt.exe
PRC - [1999/03/30 19:38:18 | 000,043,280 | R--- | M] () -- C:\WINDOWS\system32\rkillsrv.exe
PRC - [1998/07/24 16:38:52 | 000,018,192 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rcmdsvc.exe
========== Modules (SafeList) ========== MOD - [2010/03/26 23:45:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mac\Desktop\OTL.exe
MOD - [2004/08/04 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2009/04/02 09:36:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\ILC\MaxView\Persistence Service\wrapper.exe -- (MaxView Persistence Service)
SRV - [2007/12/14 23:21:44 | 005,754,880 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2005/09/23 13:43:44 | 000,102,400 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)
SRV - [2005/04/17 12:31:56 | 000,038,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\WINDOWS\system32\CBA\pds.exe -- (Intel PDS)
SRV - [2005/04/17 12:31:42 | 000,908,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe -- (NSCTOP)
SRV - [2005/04/17 12:31:18 | 001,726,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\SAV\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\SAV\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/09/15 12:33:38 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Group\Apache2\bin\Apache.exe -- (Apache2)
SRV - [2004/08/04 00:56:58 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2004/06/20 20:45:28 | 000,630,854 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/07/26 09:42:40 | 000,376,832 | ---- | M] () [Auto | Running] -- C:\Program Files\ILC\MaxView\Broker\SNMP\snmpdm.exe -- (snmpdm)
SRV - [2002/07/26 09:42:40 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ILC\MaxView\Broker\SNMP\msnsaagt.exe -- (msnsa)
SRV - [1999/03/30 19:38:18 | 000,043,280 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\rkillsrv.exe -- (Remote Kill Server)
SRV - [1998/07/24 16:38:52 | 000,018,192 | R--- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rcmdsvc.exe -- (Remote Command Server)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.compaq.com...DT/0409/bl7.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://hp22552173873...in/reportgen.plIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2008/08/08 10:48:46 | 000,003,570 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.27.185.220 SESIMBRA-DTA
O1 - Hosts: 172.27.185.224 SESIMBRA-DTABU
O1 - Hosts: 172.27.185.226 SESIMBRA-DTB
O1 - Hosts: 172.27.185.41 SESIMBRA_S1
O1 - Hosts: 172.27.185.131 SESIMBRA-ETHERTRAK1
O1 - Hosts: 172.27.185.132 SESIMBRA-ETHERTRAK2
O1 - Hosts: 172.27.184.220 CARCAVELOS-DT
O1 - Hosts: 172.27.184.224 CARCAVELOS-DTB
O1 - Hosts: 172.27.184.41 CARCAVELOS_S1
O1 - Hosts: 172.27.184.131 CARCAVELOS-ETHERTRAK1
O1 - Hosts: 172.27.184.132 CARCAVELOS-ETHERTRAK2
O1 - Hosts: 172.27.155.220 PONTADELGADASMS
O1 - Hosts: 172.27.155.225 PDELGADASMS-BU
O1 - Hosts: 172.27.155.224 PONTADELGADA-NB
O1 - Hosts: 172.27.155.131 PONTADELGADASMS-ETHERTRAK1
O1 - Hosts: 172.27.155.132 PONTADELGADASMS-ETHERTRAK2
O1 - Hosts: 172.27.164.220 FUNCHAL-DT
O1 - Hosts: 172.27.164.131 FUNCHAL-ETHERTRAK1
O1 - Hosts: 172.27.164.132 FUNCHAL-ETHERTRAK2
O1 - Hosts: 172.27.175.222 TESTES
O1 - Hosts: 172.27.175.221 MAC-GENERAL
O1 - Hosts: 172.27.175.225 SINTRA1-SRV2
O1 - Hosts: 172.27.175.231 SINTRA-SRV-BU
O1 - Hosts: 172.27.175.232 SINTRA-LOGGER
O1 - Hosts: 99 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5w.exe (Apache Software Foundation)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\SAV\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 07:21:26 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/12 20:27:46 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 14 Days ========== [2010/04/19 10:30:05 | 000,000,000 | ---D | C] -- C:\.tonbeller
[2010/04/19 10:26:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/14 10:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mac\My Documents\OTLlogs
[2010/04/14 09:58:12 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mac\Desktop\OTL.exe
[2010/04/14 07:21:24 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/13 15:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/04/13 15:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2004/11/21 02:29:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/21 02:29:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/11/21 02:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/11/21 02:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
========== Files - Modified Within 14 Days ========== [2010/04/19 10:33:14 | 000,444,728 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/19 10:33:14 | 000,384,660 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/19 10:33:14 | 000,053,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/19 10:31:46 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\mac\NTUSER.DAT
[2010/04/19 10:28:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/19 10:28:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/19 10:28:38 | 527,962,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/19 10:27:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\mac\ntuser.ini
[2010/04/19 07:12:10 | 000,001,174 | -H-- | M] () -- C:\Documents and Settings\mac\My Documents\Default.rdp
[2010/04/19 01:00:04 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MVCleandb.job
[2010/04/18 23:00:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\MVSpace.job
[2010/04/18 22:00:12 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\MVArchiver.job
[2010/04/14 07:47:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\mac\Desktop\Logger-SINTRA.url
[2010/04/13 15:10:10 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/04/12 17:37:48 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\mac\Desktop\DESINFECTAR AS CANETAS Flash_Disinfector.exe
========== Files Created - No Company Name ========== [2010/04/14 07:47:34 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\mac\Desktop\Logger-SINTRA.url
[2010/04/13 15:10:48 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\mac\Desktop\DESINFECTAR AS CANETAS Flash_Disinfector.exe
[2010/04/13 15:10:08 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/03/19 07:52:17 | 000,000,490 | ---- | C] () -- C:\WINDOWS\EventManager.ini
[2010/03/19 07:52:15 | 000,000,136 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/08 14:33:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NTEventLogAppender.dll
[2008/09/09 08:18:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\mac\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/29 07:36:22 | 000,000,067 | ---- | C] () -- C:\WINDOWS\PPM.INI
[2007/01/29 06:41:37 | 000,000,980 | ---- | C] () -- C:\WINDOWS\CCWTERM.INI
[2005/12/20 02:46:15 | 000,327,680 | ---- | C] () -- C:\Program Files\Common Files\UnPackIt
[2005/08/03 00:37:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/11/21 02:43:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/21 02:39:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/08/04 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/08 05:12:22 | 000,001,065 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
========== LOP Check ========== [2010/04/13 15:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/04/19 01:00:04 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MVCleandb.job
[2010/04/18 23:00:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\MVSpace.job
[2010/04/18 22:00:12 | 000,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\MVArchiver.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >[2004/02/03 00:36:44 | 000,028,773 | ---- | M] () MD5=2BC34697A3E62DBE977FF29DBDF190A4 -- C:\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SYMMPI.SYS >[2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) MD5=F2B7E8416F508368AC6730E2AE1C614F -- C:\WINDOWS\system32\drivers\symmpi.sys
< %systemroot%\*./mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2004/08/09 02:20:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 02:20:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 02:20:08 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%system32\drivers\*.sys /90 >< End of report >
_____________________________________________________________
I will post here too the 3 files you have talked about
SYSTEM.INI
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
device=vppm.386
device=ppm.386
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
Com1AutoAssign=0
Com2AutoAssign=0
Com3AutoAssign=0
Com4AutoAssign=0
NetHeapSize=40
device=C:\WINDOWS\MICROCOM\ccvxd.386
device=C:\WINDOWS\MICROCOM\mcvcomm.386
device=C:\WINDOWS\MICROCOM\ccrpvxd.386
device=C:\WINDOWS\MICROCOM\ccrdvxd.386
WIN.INI
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
[Intel]
CurrentLanguage=enu
BOOT.INI
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
_______________________________________________________________________________________________
There is another computer OTL log, that I would like you could take a look. I saw an advise done by Symantec antivirus installed, that there were two virus deleted recently.
here it is:
OTL logfile created on: 4/19/2010 3:59:48 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Advanced Server Edition Service Pack 4 (Version = 5.0.2195) - Type = NTServer
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 245.00 Mb Available Physical Memory | 48.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 1.99 Gb Total Space | 0.05 Gb Free Space | 2.38% Space Free | Partition Type: NTFS
Drive D: | 7.33 Gb Total Space | 0.46 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 2.85 Gb Total Space | 0.89 Gb Free Space | 31.10% Space Free | Partition Type: FAT
Drive G: | 6.69 Gb Total Space | 5.50 Gb Free Space | 82.25% Space Free | Partition Type: NTFS
Drive H: | 3.72 Gb Total Space | 0.58 Gb Free Space | 15.52% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: MAC-GENERAL
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/03/26 23:45:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2005/04/17 12:31:18 | 001,726,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/04/17 12:30:48 | 000,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/08 15:52:30 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/06/03 21:05:08 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
PRC - [2003/06/20 12:00:00 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/20 12:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe
PRC - [2003/06/20 12:00:00 | 000,185,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2003/06/20 12:00:00 | 000,090,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dfssvc.exe
PRC - [2003/06/20 12:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/06/20 12:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\tcpsvcs.exe
PRC - [2003/06/20 12:00:00 | 000,014,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\inetsrv\inetinfo.exe
PRC - [1998/07/24 16:38:52 | 000,018,192 | R--- | M] (Microsoft Corporation) -- C:\WINNT\system32\rcmdsvc.exe
========== Modules (SafeList) ========== MOD - [2010/03/26 23:45:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2003/06/20 12:00:00 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
========== Win32 Services (SafeList) ========== SRV - [2009/12/30 14:55:18 | 000,235,344 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/20 18:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/04/26 11:09:02 | 000,136,456 | ---- | M] (MG-SOFT Corporation, Strma ulica 8, SI-2000 Maribor, Slovenia. Internet:
http://www.mg-soft.com/ E-mail: <
[email protected]>) [On_Demand | Stopped] -- C:\Program Files\MG-SOFT\MIB Browser\Bin\MgWTrap3.exe -- (MG-SOFT SNMP Trap Service)
SRV - [2007/02/13 12:53:34 | 000,836,012 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ILC\MaxView\MComm\mcomm.exe -- (MaxView Communications Server)
SRV - [2005/04/17 12:31:18 | 001,726,656 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/04/17 12:30:42 | 000,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/04/17 12:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/04/08 15:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/04/08 15:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/04/08 15:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/06/20 12:00:00 | 000,745,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\ntfrs.exe -- (NtFrs)
SRV - [2003/06/20 12:00:00 | 000,326,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\dns.exe -- (DNS)
SRV - [2003/06/20 12:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2003/06/20 12:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/20 12:00:00 | 000,145,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\wins.exe -- (WINS) Windows Internet Name Service (WINS)
SRV - [2003/06/20 12:00:00 | 000,142,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\termsrv.exe -- (TermService)
SRV - [2003/06/20 12:00:00 | 000,119,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/20 12:00:00 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2003/06/20 12:00:00 | 000,090,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\dfssvc.exe -- (Dfs)
SRV - [2003/06/20 12:00:00 | 000,085,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\sfmprint.exe -- (MacPrint)
SRV - [2003/06/20 12:00:00 | 000,083,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\llssrv.exe -- (LicenseService)
SRV - [2003/06/20 12:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/20 12:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\sfmsvc.exe -- (MacFile)
SRV - [2003/06/20 12:00:00 | 000,030,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\snmp.exe -- (SNMP)
SRV - [2003/06/20 12:00:00 | 000,025,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\ismserv.exe -- (IsmServ)
SRV - [2003/06/20 12:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/06/20 12:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2003/06/20 12:00:00 | 000,025,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (DHCPServer)
SRV - [2003/06/20 12:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/20 12:00:00 | 000,014,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2003/06/20 12:00:00 | 000,014,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2003/06/20 12:00:00 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2003/06/20 12:00:00 | 000,007,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\ias.dll -- (IAS)
SRV - [1998/07/24 16:38:52 | 000,018,192 | R--- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\rcmdsvc.exe -- (Remote Command Server)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://snt-1_s2/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2009/01/14 13:52:17 | 000,003,578 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.27.185.220 SESIMBRA-DTA
O1 - Hosts: 172.27.185.224 SESIMBRA-DTABU
O1 - Hosts: 172.27.185.226 SESIMBRA-DTB
O1 - Hosts: 172.27.185.41 SESIMBRA_S1
O1 - Hosts: 172.27.185.131 SESIMBRA-ETHERTRAK1
O1 - Hosts: 172.27.185.132 SESIMBRA-ETHERTRAK2
O1 - Hosts: 172.27.184.220 CARCAVELOS-DT
O1 - Hosts: 172.27.184.224 CARCAVELOS-DTB
O1 - Hosts: 172.27.184.41 CARCAVELOS_S1
O1 - Hosts: 172.27.184.131 CARCAVELOS-ETHERTRAK1
O1 - Hosts: 172.27.184.132 CARCAVELOS-ETHERTRAK2
O1 - Hosts: 172.27.155.220 PONTADELGADASMS
O1 - Hosts: 172.27.155.225 PDELGADASMS-BU
O1 - Hosts: 172.27.155.224 PONTADELGADA-NB
O1 - Hosts: 172.27.155.131 PONTADELGADASMS-ETHERTRAK1
O1 - Hosts: 172.27.155.132 PONTADELGADASMS-ETHERTRAK2
O1 - Hosts: 172.27.164.220 FUNCHAL-DT
O1 - Hosts: 172.27.164.131 FUNCHAL-ETHERTRAK1
O1 - Hosts: 172.27.164.132 FUNCHAL-ETHERTRAK2
O1 - Hosts: 172.27.175.222 TESTES
O1 - Hosts: 172.27.175.221 MAC-GENERAL
O1 - Hosts: 172.27.175.225 SINTRA1-SRV2
O1 - Hosts: 172.27.175.231 SINTRA-SRV-BU
O1 - Hosts: 172.27.175.232 SINTRA-LOGGER
O1 - Hosts: 101 more lines...
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/24 11:33:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/24 11:19:49 | 000,000,046 | ---- | M] () - C:\AUTOEXEC.SOL -- [ NTFS ]
O32 - AutoRun File - [2010/04/12 20:27:46 | 000,000,000 | ---D | M] - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\WINNT\system32\ias.dll (Microsoft Corporation)
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
SystemRestore not available.
========== Files/Folders - Created Within 14 Days ========== [2010/04/19 15:58:00 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/04/13 14:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/04/13 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2010/04/19 15:59:41 | 001,150,976 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/14 13:03:28 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HOSTs.lnk
[2010/04/13 14:13:37 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/04/12 19:16:18 | 000,002,382 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTLexecutar.cfg
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/04/19 15:57:25 | 000,002,382 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTLexecutar.cfg
[2010/04/13 14:13:37 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2010/03/26 18:49:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/03/24 14:42:20 | 000,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
[2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll
[2007/09/13 07:55:28 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/09 08:43:45 | 000,029,184 | ---- | C] () -- C:\WINNT\System32\kWab.dll
[2005/09/28 16:26:34 | 000,000,244 | ---- | C] () -- C:\WINNT\System32\nirpc.ini
[2005/06/10 10:00:00 | 000,007,140 | ---- | C] () -- C:\WINNT\System32\drivers\cvintdrv.sys
[2004/10/19 15:15:47 | 000,000,073 | ---- | C] () -- C:\WINNT\hdkctnts.ini
[2004/10/19 15:15:47 | 000,000,027 | ---- | C] () -- C:\WINNT\SIOMAP.INI
[2004/10/19 14:37:23 | 000,000,069 | ---- | C] () -- C:\WINNT\sixtrak.ini
[2004/10/19 14:37:19 | 000,417,850 | ---- | C] () -- C:\WINNT\System32\iobase32.dll
[2004/10/19 14:37:19 | 000,167,936 | ---- | C] () -- C:\WINNT\System32\udrcom32.dll
[2004/09/10 13:57:27 | 000,000,138 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/09/02 15:30:21 | 000,007,551 | ---- | C] () -- C:\WINNT\System32\drivers\U3sHlpDr.sys
[2004/07/29 14:31:58 | 000,012,351 | ---- | C] () -- C:\WINNT\System32\i81xcoin.dll
[2004/07/28 15:27:05 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/07/28 15:26:00 | 000,002,360 | ---- | C] () -- C:\WINNT\System32\dhcpctrs.ini
[2004/07/28 15:22:51 | 000,007,854 | ---- | C] () -- C:\WINNT\System32\ftpctrs.ini
[2004/07/28 15:22:50 | 000,038,523 | ---- | C] () -- C:\WINNT\System32\w3ctrs.ini
[2004/07/28 15:22:49 | 000,011,355 | ---- | C] () -- C:\WINNT\System32\infoctrs.ini
[2004/07/28 15:22:48 | 000,011,400 | ---- | C] () -- C:\WINNT\System32\dnsperf.ini
[2004/07/28 15:22:47 | 000,014,745 | ---- | C] () -- C:\WINNT\System32\CPSsym.ini
[2004/07/28 15:22:22 | 000,009,584 | ---- | C] () -- C:\WINNT\System32\axperf.ini
[2003/06/20 14:00:06 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini
[2003/06/20 12:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2003/06/20 12:00:00 | 000,133,752 | ---- | C] () -- C:\WINNT\System32\schema.ini
[2003/06/20 12:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2003/06/20 12:00:00 | 000,022,582 | ---- | C] () -- C:\WINNT\System32\ntdsctrs.ini
[2003/06/20 12:00:00 | 000,020,386 | ---- | C] () -- C:\WINNT\System32\ntfrsrep.ini
[2003/06/20 12:00:00 | 000,017,168 | ---- | C] () -- C:\WINNT\System32\ismsink.dll
[2003/06/20 12:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2003/06/20 12:00:00 | 000,005,597 | ---- | C] () -- C:\WINNT\System32\ntfrscon.ini
[2003/06/20 12:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINNT\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\lockres.dll
[1999/09/25 10:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 10:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
========== LOP Check ========== [2008/12/17 09:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2005/02/09 11:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VERITAS
[2010/03/23 16:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2010/04/13 14:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2007/07/11 15:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MG-SOFT
[2010/03/24 08:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010/03/24 11:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2003/06/20 12:00:00 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/20 12:00:00 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
< MD5 for: AGP440.SYS >[2003/06/20 12:00:00 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys
< MD5 for: ATAPI.SYS >[2003/06/20 12:00:00 | 006,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys
[2003/06/20 12:00:00 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >[2003/06/20 12:00:00 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\dllcache\eventlog.dll
[2003/06/20 12:00:00 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >[2003/06/20 12:00:00 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\dllcache\netlogon.dll
[2003/06/20 12:00:00 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\netlogon.dll
[2003/06/20 12:00:00 | 000,013,072 | ---- | M] (Microsoft Corporation) MD5=BB2A715595BCA726A8D185BDECF31072 -- C:\WINNT\system32\NETMON\PARSERS\NETLOGON.DLL
< MD5 for: SCECLI.DLL >[2003/06/20 12:00:00 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\dllcache\scecli.dll
[2003/06/20 12:00:00 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2004/07/28 14:56:48 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2004/07/28 14:56:48 | 000,532,480 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2004/07/28 14:56:48 | 000,360,448 | ---- | M] () -- C:\WINNT\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >[2010/03/26 18:50:10 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\system32\drivers\tmcomm.sys
========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Microsoft UAM Volume:AFP_AfpInfo
@Alternate Data Stream - 44 bytes -> C:\Microsoft UAM Volume:AFP_DeskTop
@Alternate Data Stream - 4096 bytes -> C:\Microsoft UAM Volume:AFP_IdIndex
< End of report >