OTL logfile created on: 11/24/2010 6:44:16 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3700.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
128.00 Mb Total Physical Memory | 3.00 Mb Available Physical Memory | 2.00% Memory free
495.00 Mb Paging File | 180.00 Mb Available in Paging File | 36.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 17.91 Gb Total Space | 14.85 Gb Free Space | 82.93% Space Free | Partition Type: NTFS
Computer Name: TOUCHSCNRTM-II | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/11/24 06:42:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/11/22 07:01:43 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2003/06/19 12:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 12:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2003/06/19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2000/07/19 02:50:00 | 000,295,936 | ---- | M] () -- C:\Program Files\UPDD\TBSYSTRY.EXE
========== Modules (SafeList) ==========
MOD - [2010/11/24 06:42:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2003/06/19 12:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/06/19 12:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [1999/12/07 07:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2003/06/19 12:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 12:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 12:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 12:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 12:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 12:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\DMusic.sys -- (DMusic)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2009/11/24 18:51:09 | 000,093,424 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswmon.sys -- (aswMon)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2004/01/15 12:46:56 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2004/01/15 12:46:55 | 000,014,336 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\XPC4DRVR.SYS -- (XilinxPC4Driver)
DRV - [2004/01/15 10:46:20 | 000,011,811 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mltlnx.sys -- (MultiLINX)
DRV - [2004/01/15 10:46:20 | 000,007,884 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mlnxfltr.sys -- (mlnxfltr)
DRV - [2003/06/19 12:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 12:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 12:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 12:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/19 12:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 12:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 12:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2000/07/19 02:50:00 | 000,261,197 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\System32\Drivers\TBUPDDWD.SYS -- (TBUPDDWD)
DRV - [2000/07/19 02:50:00 | 000,055,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\TBUPDDMP.SYS -- (TBUPDDMP)
DRV - [1999/12/07 07:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [1999/12/07 07:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [1999/12/03 01:39:00 | 000,096,811 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\chipsm5.sys -- (chips)
DRV - [1999/09/25 05:36:48 | 000,009,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\NtApm.sys -- (NtApm)
DRV - [1999/05/27 15:13:40 | 000,025,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e100ent.sys -- (E100E)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/11/23 07:46:56 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHIPSPtrt] C:\WINNT\System32\chpsptrt.exe ()
O4 - HKLM..\Run: [CHIPSStart] C:\WINNT\System32\chpstart.exe ()
O4 - HKLM..\Run: [TBSysTry] C:\Program Files\UPDD\TBSYSTRY.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.10 192.168.10.25 192.168.10.21
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/04/16 13:04:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi1 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - File not found
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
Drivers32: wdmaud.drv - wdmaud.drv File not found
SystemRestore not available.
========== Files/Folders - Created Within 30 Days ==========
[2010/11/24 06:43:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/23 07:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2010/11/23 07:28:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/11/22 07:19:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/11/22 07:19:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/11/22 07:19:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/11/22 07:19:00 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/11/22 07:18:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/20 10:23:31 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Administrator\Desktop\remover.exe
========== Files - Modified Within 30 Days ==========
[2010/11/24 06:42:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/11/23 13:26:23 | 000,742,352 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2010/11/23 08:53:08 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_200.dat
[2010/11/23 07:52:59 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_204.dat
[2010/11/23 07:46:56 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/11/23 07:20:50 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to virus_et_al.lnk
[2010/11/23 07:02:27 | 003,914,095 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/11/22 07:06:13 | 000,002,626 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINNT\MBR.exe
========== Files Created - No Company Name ==========
[2010/11/23 08:53:08 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_200.dat
[2010/11/23 07:52:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_204.dat
[2010/11/22 07:19:08 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/11/22 07:19:08 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/11/22 07:19:08 | 000,089,088 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/11/22 07:19:08 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/11/22 07:19:08 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2003/02/27 13:34:42 | 000,000,012 | ---- | C] () -- C:\WINNT\wininit.ini
[2003/02/27 13:34:40 | 000,261,197 | ---- | C] () -- C:\WINNT\System32\drivers\TBUPDDWD.SYS
[2003/02/27 13:34:40 | 000,055,304 | ---- | C] () -- C:\WINNT\System32\drivers\TBUPDDMP.SYS
[2001/04/16 14:24:26 | 000,001,299 | ---- | C] () -- C:\WINNT\System32\Oeminfo.ini
[2001/04/16 13:02:36 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2001/04/16 07:42:57 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1979/12/31 19:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1979/12/31 19:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[1979/12/31 19:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[1979/12/31 19:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[1979/12/31 19:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
========== LOP Check ==========
[2005/06/28 12:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/02/21 08:29:46 | 000,000,007 | ---- | M] () -- C:\ahs-lab
[2006/01/10 13:33:21 | 000,737,361 | ---- | M] () -- C:\als.mcs
[2001/04/16 13:04:20 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2001/04/17 10:24:41 | 000,000,192 | -HS- | M] () -- C:\boot.ini
[2001/03/26 06:45:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2010/11/23 07:55:09 | 000,004,545 | ---- | M] () -- C:\ComboFix.txt
[2001/04/16 13:04:20 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/09/11 13:19:20 | 000,737,361 | ---- | M] () -- C:\download_9_11.mcs
[2001/04/16 13:04:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/30 23:46:40 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2001/04/16 13:04:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/08/23 12:45:32 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM
[2007/08/23 12:45:32 | 000,214,432 | RHS- | M] () -- C:\ntldr
[2010/11/24 06:27:24 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2006/08/29 07:57:59 | 000,000,000 | ---- | M] () -- C:\pep.txt
[2005/08/04 12:00:11 | 000,921,654 | ---- | M] () -- C:\piaggio.bmp
[2008/01/31 11:06:43 | 000,000,012 | ---- | M] () -- C:\pipename.txt
[2006/08/23 14:51:27 | 000,000,020 | ---- | M] () -- C:\shut.bat
[2005/02/02 09:35:07 | 000,737,361 | ---- | M] () -- C:\tac_2_2_934.mcs
[2005/10/04 10:14:43 | 000,737,361 | ---- | M] () -- C:\TAC_PreScanClock_2005104.mcs
[2005/07/18 14:13:07 | 000,737,361 | ---- | M] () -- C:\tac_pre_20050712.mcs
[2006/01/09 09:40:08 | 000,737,361 | ---- | M] () -- C:\tac_pre_sscl3.mcs
[2005/05/06 02:30:56 | 000,155,701 | ---- | M] () -- C:\WinPowerOff.exe
< %systemroot%\Fonts\*.com >
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2001/04/16 13:03:19 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/06/19 12:05:04 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2001/04/16 13:02:36 | 000,000,271 | -H-- | M] () -- C:\Program Files\desktop.ini
[2001/04/16 13:02:36 | 000,021,952 | -H-- | M] () -- C:\Program Files\folder.htt
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2001/04/16 07:39:30 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2001/04/16 07:39:30 | 000,536,576 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2001/04/16 07:39:30 | 000,360,448 | ---- | M] () -- C:\WINNT\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/08/23 12:53:29 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/11/23 07:02:27 | 003,914,095 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/08/19 12:51:53 | 002,760,756 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Min_scanner.exe
[2010/11/24 06:42:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/01 15:33:50 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\Administrator\Desktop\remover.exe
[2004/07/23 13:40:28 | 045,393,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WebPACK_62_fcp_i.exe
[2005/05/06 02:30:56 | 000,155,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinPowerOff.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[1999/12/07 07:00:00 | 000,000,777 | ---- | M] () -- C:\WINNT\addins\faxext.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
[1999/12/07 07:00:00 | 000,000,654 | ---- | M] () -- C:\WINNT\Config\general.idf
[1999/12/07 07:00:00 | 000,000,658 | ---- | M] () -- C:\WINNT\Config\hindered.idf
[1999/12/07 07:00:00 | 000,000,302 | ---- | M] () -- C:\WINNT\Config\msadlib.idf
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2007/08/23 12:53:29 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2007/08/23 12:53:47 | 000,002,338 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/24 06:47:44 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2003/06/19 12:05:04 | 000,221,184 | ---- | M] () -- C:\WINNT\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< >
< End of report >