Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

c:\combofix.txt

Started by escaleraway , Dec 06 2009 09:09 PM

  • Please log in to reply

#1
escaleraway
Posted 06 December 2009 - 09:09 PM

escaleraway

    New Member

  • Member
  • Pip
  • 7 posts
ComboFix 09-12-06.09 - Administrator 12/06/2009 18:49.2.2 - x86 NETWORK
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Zoe\Application Data\Microsoft\SystemBackup\browserui.dll
c:\documents and settings\Zoe\Application Data\Microsoft\SystemBackup\mt_32.dll
c:\documents and settings\Zoe\Application Data\Microsoft\SystemBackup\winload.dll
c:\documents and settings\Zoe\Application Data\wiaserva.log
c:\documents and settings\Zoe\Start Menu\Programs\Startup\lyesys32.exe
c:\windows\iyaferocohuvilit.dll
c:\windows\system32\brOWsearch.dll
c:\windows\system32\browserui.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mshtmllib.dll
c:\windows\system32\mt_32.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\wiNLoad.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 02:26 . 2009-12-07 02:26 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-07 02:24 . 2009-12-07 02:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-06 22:57 . 2009-12-06 22:57 152576 ----a-w- c:\documents and settings\Zoe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-06 22:54 . 2009-12-06 22:54 0 ----a-w- c:\windows\Qdifeg.bin
2009-12-06 22:54 . 2009-12-07 01:27 120 ----a-w- c:\windows\Ctecafujah.dat
2009-11-26 16:20 . 2009-11-26 16:20 -------- d-----w- c:\documents and settings\Zoe\WINDOWS
2009-11-26 16:16 . 2009-12-03 22:54 17920 ----a-w- c:\windows\system32\winsec.dll
2009-11-26 16:16 . 2009-11-26 16:16 -------- d-----w- c:\program files\SafeShield Antivirus
2009-11-26 16:14 . 2009-11-26 16:13 120320 ----a-w- c:\windows\system32\wpv981259104068.exe
2009-11-22 19:08 . 2009-11-22 19:08 -------- d-sh--w- c:\documents and settings\Zoe\IECompatCache
2009-11-12 22:26 . 2009-12-06 22:57 79488 ----a-w- c:\documents and settings\Zoe\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 02:03 . 2009-02-22 03:43 33416 -c--a-w- c:\documents and settings\Zoe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-26 16:20 . 2009-01-03 19:55 -------- d-----w- c:\program files\Dell Video Chat
2009-11-19 21:49 . 2009-04-10 21:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-18 15:35 . 2009-10-18 15:35 152576 ----a-w- c:\documents and settings\Zoe\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-16 17:22 . 2009-04-10 20:53 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 17:22 . 2009-04-10 20:53 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 17:22 . 2009-04-10 20:53 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 17:22 . 2009-04-10 20:53 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 17:22 . 2009-04-10 20:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2008-04-25 20:33 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-01-03 19:55 . 2009-01-03 19:55 75 -csh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-08-15 4812664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-14 1343488]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-13 16876032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-14 137752]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2008-09-18 546088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli vmesngr2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=

S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2008-11-05 14248]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-14 93968]
S3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\Drivers\OA004Afx.sys [2008-11-10 148056]
S3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\DRIVERS\OA004Ufd.sys [2008-11-10 144672]
S3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\DRIVERS\OA004Vid.sys [2008-11-10 269760]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-16 31616]

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6090103
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Pxesax - c:\windows\iyaferocohuvilit.dll
SafeBoot-Wdf01000.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(896)
c:\windows\vmesngr2.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\vmesngr2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2009-12-06 19:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 03:00

Pre-Run: 10,524,545,024 bytes free
Post-Run: 10,577,854,464 bytes free

- - End Of File - - 4F9D768544501A595366DBC5D1585AE4
  • 0

Advertisements

#2
escaleraway
Posted 06 December 2009 - 09:23 PM

escaleraway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL Extras logfile created on: 12/6/2009 7:19:42 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Zoe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 648.09 Mb Available Physical Memory | 63.89% Memory free
1.19 Gb Paging File | 0.87 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): C:\pagefile.sys 300 300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.30 Gb Total Space | 9.87 Gb Free Space | 69.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D32K5JC1
Current User Name: Zoe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B840FAB0-0E67-4DD9-A93C-A92BA7DF9625}" = Dell Box.net Launcher
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2009 9:37:46 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/6/2009 10:09:00 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:09:23 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:21:38 PM | Computer Name = D32K5JC1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/6/2009 10:35:15 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00000001.

Error - 12/6/2009 10:35:22 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1001
Description = Fault bucket 761304223.

Error - 12/6/2009 10:57:51 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 11:18:53 PM | Computer Name = D32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.11.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 12/6/2009 9:37:46 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/6/2009 10:09:00 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:09:23 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:21:38 PM | Computer Name = D32K5JC1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/6/2009 10:35:15 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00000001.

Error - 12/6/2009 10:35:22 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1001
Description = Fault bucket 761304223.

Error - 12/6/2009 10:57:51 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 11:18:53 PM | Computer Name = D32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.11.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The System Event Notification service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
unexpectedly. It has done this 1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Telephony service terminated unexpectedly. It has done this 1
time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Windows Time service terminated unexpectedly. It has done this
1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Wireless Zero Configuration service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/6/2009 10:05:24 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5

Error - 12/6/2009 10:21:38 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B840FAB0-0E67-4DD9-A93C-A92BA7DF9625}" = Dell Box.net Launcher
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Dell Touchpad
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2009 9:37:46 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/6/2009 10:09:00 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:09:23 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:21:38 PM | Computer Name = D32K5JC1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/6/2009 10:35:15 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00000001.

Error - 12/6/2009 10:35:22 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1001
Description = Fault bucket 761304223.

Error - 12/6/2009 10:57:51 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 11:18:53 PM | Computer Name = D32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.11.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 12/6/2009 9:37:46 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/6/2009 9:38:52 PM | Computer Name = D32K5JC1 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/6/2009 10:09:00 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:09:23 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03af000a.

Error - 12/6/2009 10:21:38 PM | Computer Name = D32K5JC1 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/6/2009 10:35:15 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00000001.

Error - 12/6/2009 10:35:22 PM | Computer Name = D32K5JC1 | Source = Application Error | ID = 1001
Description = Fault bucket 761304223.

Error - 12/6/2009 10:57:51 PM | Computer Name = D32K5JC1 | Source = McLogEvent | ID = 5004
Description = Could not contact Filter Driver. Error = 0x2 : The system cannot find
the file specified.

Error - 12/6/2009 11:18:53 PM | Computer Name = D32K5JC1 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.11.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The System Event Notification service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
unexpectedly. It has done this 1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Telephony service terminated unexpectedly. It has done this 1
time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Windows Time service terminated unexpectedly. It has done this
1 time(s).

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 12/6/2009 9:39:52 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7034
Description = The Wireless Zero Configuration service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/6/2009 10:05:24 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%5

Error - 12/6/2009 10:21:38 PM | Computer Name = D32K5JC1 | Source = Service Control Manager | ID = 7024
Description = The Java Quick Starter service terminated with service-specific error
1 (0x1).


< End of report >
  • 0

#3
escaleraway
Posted 06 December 2009 - 09:24 PM

escaleraway

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 12/6/2009 7:19:42 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Zoe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 648.09 Mb Available Physical Memory | 63.89% Memory free
1.19 Gb Paging File | 0.87 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): C:\pagefile.sys 300 300 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.30 Gb Total Space | 9.87 Gb Free Space | 69.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D32K5JC1
Current User Name: Zoe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/06 19:16:10 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zoe\Desktop\OTL.exe
PRC - [2009/03/09 04:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/11/04 19:47:38 | 00,623,912 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2008/10/04 11:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 11:58:02 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/17 19:28:58 | 00,546,088 | ---- | M] (Dell) -- C:\Program Files\Wireless Select Switch\WLSS.exe
PRC - [2008/08/15 13:03:50 | 04,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files\Dell Video Chat\DellVideoChat.exe
PRC - [2008/07/13 19:02:16 | 01,343,488 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/07/13 15:59:12 | 16,876,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/06/03 13:54:56 | 00,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/06 19:16:10 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zoe\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/03/09 04:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/10/04 11:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2004/10/22 01:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/11/10 18:39:02 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/10 15:03:38 | 00,269,760 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/11/10 15:03:38 | 00,144,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/11/10 15:03:36 | 00,148,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Afx.sys -- (OA004Afx)
DRV - [2008/11/04 18:24:58 | 00,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/07/13 19:02:12 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/13 16:55:40 | 00,106,368 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/13 16:52:08 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/07/13 16:02:52 | 00,093,968 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/07/13 15:59:14 | 04,745,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 04:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 04:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/01/15 16:57:08 | 00,031,616 | ---- | M] () -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2001/08/17 18:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6090103
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6090103

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=6090103
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 12:35:59 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe (Dell)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:45:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/06 19:14:52 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zoe\Desktop\OTL.exe
[2009/12/06 18:55:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/12/06 18:40:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/06 18:40:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/06 18:40:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/06 18:40:42 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/06 18:40:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/06 18:39:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/26 08:20:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zoe\WINDOWS
[2009/11/26 08:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SafeShield Antivirus
[2009/11/22 11:08:05 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Zoe\IECompatCache
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/06 19:16:10 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zoe\Desktop\OTL.exe
[2009/12/06 18:58:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/06 18:57:33 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/06 18:57:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/06 18:24:18 | 00,000,452 | ---- | M] () -- C:\WINDOWS\System32\fdeploy.ocx
[2009/12/06 18:21:42 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Zoe\NTUSER.DAT
[2009/12/06 18:21:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Zoe\ntuser.ini
[2009/12/06 18:21:36 | 03,220,886 | -H-- | M] () -- C:\Documents and Settings\Zoe\Local Settings\Application Data\IconCache.db
[2009/12/06 18:03:53 | 00,033,416 | ---- | M] () -- C:\Documents and Settings\Zoe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/06 17:27:53 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Ctecafujah.dat
[2009/12/06 17:23:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fsmgmt.ocx
[2009/12/06 14:54:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Qdifeg.bin
[2009/12/06 11:48:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 14:54:21 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\winsec.dll
[2009/11/26 08:14:10 | 00,011,029 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/26 08:13:14 | 00,120,320 | ---- | M] () -- C:\WINDOWS\System32\wpv981259104068.exe
[2009/11/23 19:26:28 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 19:26:28 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 19:26:28 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 14:19:10 | 00,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/06 18:40:42 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/06 18:40:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/06 18:40:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/06 18:40:42 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/06 18:40:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/06 14:54:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Qdifeg.bin
[2009/12/06 14:54:52 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Ctecafujah.dat
[2009/11/26 08:28:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.ocx
[2009/11/26 08:16:57 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\winsec.dll
[2009/11/26 08:14:16 | 00,000,452 | ---- | C] () -- C:\WINDOWS\System32\fdeploy.ocx
[2009/11/26 08:14:12 | 00,120,320 | ---- | C] () -- C:\WINDOWS\System32\wpv981259104068.exe
[2009/05/01 19:57:46 | 00,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/21 20:18:11 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Zoe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/03 13:02:26 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/01/03 13:00:16 | 00,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/03 12:04:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/03 11:33:34 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/04/25 17:42:57 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
< End of report >
DRV - File not found -- -- (catchme)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/11/10 18:39:02 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/10 15:03:38 | 00,269,760 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/11/10 15:03:38 | 00,144,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/11/10 15:03:36 | 00,148,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\OA004Afx.sys -- (OA004Afx)
DRV - [2008/11/04 18:24:58 | 00,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/07/13 19:02:12 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/13 16:55:40 | 00,106,368 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/13 16:52:08 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/07/13 16:02:52 | 00,093,968 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/07/13 15:59:14 | 04,745,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 04:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 04:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/01/15 16:57:08 | 00,031,616 | ---- | M] () -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2001/08/17 18:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6090103
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6090103

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=6090103
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/30 12:35:59 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe (Dell)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:45:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/06 19:14:52 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zoe\Desktop\OTL.exe
[2009/12/06 18:55:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/12/06 18:40:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/06 18:40:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/06 18:40:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/06 18:40:42 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/06 18:40:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/06 18:39:53 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/26 08:20:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zoe\WINDOWS
[2009/11/26 08:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SafeShield Antivirus
[2009/11/22 11:08:05 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Zoe\IECompatCache
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/06 19:16:10 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zoe\Desktop\OTL.exe
[2009/12/06 18:58:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/06 18:57:33 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/06 18:57:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/06 18:24:18 | 00,000,452 | ---- | M] () -- C:\WINDOWS\System32\fdeploy.ocx
[2009/12/06 18:21:42 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\Zoe\NTUSER.DAT
[2009/12/06 18:21:42 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Zoe\ntuser.ini
[2009/12/06 18:21:36 | 03,220,886 | -H-- | M] () -- C:\Documents and Settings\Zoe\Local Settings\Application Data\IconCache.db
[2009/12/06 18:03:53 | 00,033,416 | ---- | M] () -- C:\Documents and Settings\Zoe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/06 17:27:53 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Ctecafujah.dat
[2009/12/06 17:23:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\fsmgmt.ocx
[2009/12/06 14:54:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Qdifeg.bin
[2009/12/06 11:48:42 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 14:54:21 | 00,017,920 | ---- | M] () -- C:\WINDOWS\System32\winsec.dll
[2009/11/26 08:14:10 | 00,011,029 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/11/26 08:13:14 | 00,120,320 | ---- | M] () -- C:\WINDOWS\System32\wpv981259104068.exe
[2009/11/23 19:26:28 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 19:26:28 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 19:26:28 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 14:19:10 | 00,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/06 18:40:42 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/06 18:40:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/06 18:40:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/06 18:40:42 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/06 18:40:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/06 14:54:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Qdifeg.bin
[2009/12/06 14:54:52 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Ctecafujah.dat
[2009/11/26 08:28:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.ocx
[2009/11/26 08:16:57 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\winsec.dll
[2009/11/26 08:14:16 | 00,000,452 | ---- | C] () -- C:\WINDOWS\System32\fdeploy.ocx
[2009/11/26 08:14:12 | 00,120,320 | ---- | C] () -- C:\WINDOWS\System32\wpv981259104068.exe
[2009/05/01 19:57:46 | 00,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2009/02/21 20:18:11 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Zoe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/03 13:02:26 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/01/03 13:00:16 | 00,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/03 12:04:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/03 11:33:34 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/04/25 17:42:57 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP