Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Error Loading C:\docume~1\locals~1\ntuser.dll

Started by sophik420 , Oct 19 2009 09:58 PM

  • Please log in to reply

#1
sophik420
Posted 19 October 2009 - 09:58 PM

sophik420

    New Member

  • Member
  • Pip
  • 2 posts
Hello,i have been getting the following error,"Error Loading C:\docume~1\locals~1\ntuser.dll" when i start my computer ever since i ridded my computer of anitvirus pro 2010 (or so i thought):) after that, i started trying to get rid of "regedit.com",a dummy file of my registry
so far i have been able to gain access to my registry tools for maybe a minute by disactivating it via "Hijack This", in addition i am constantly being redirected to random sites that start with "greatfeedbarn.com" plz plz plz help me i followed NeonFX's instructions for getting my "OTL.txt" "Extras.txt" & "rootrepeal.txt" and here they are,



ROOT REPEAL SCAN TXT


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/19 20:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3CD6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AE4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7FAF000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86b190f0

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x86b140f0

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x86b141b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8681da00

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf3fd1ee0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x86a84160

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86ebd360

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf3fd2160

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf3fd26c0

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x86e9d440

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x86b010f0

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x86b1d0f0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x86e8fdc8

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x86af20f0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x86b39280

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x86b240a8

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86c566f0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x86a630f0

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86b260a8

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x86aa70a8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf3fd2910

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x86ea10f0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86b43280

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86e9d680

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86a1f0f0

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x86a4e0f0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x86a813a8

==EOF==




OTL SCAN TXT



OTL logfile created on: 10/19/2009 8:07:27 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\harveyj\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 327.00 Mb Available Physical Memory | 31.99% Memory free
2.39 Gb Paging File | 1.70 Gb Available in Paging File | 71.30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 87.96 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8XHQZ91
Current User Name: harveyj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 20:06:46 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harveyj\Desktop\OTL.exe
PRC - [2009/10/19 18:31:25 | 00,021,508 | -H-- | M] () -- C:\Documents and Settings\harveyj\Local Settings\Temp\nvsvc32.exe
PRC - [2009/10/19 18:31:24 | 00,021,508 | -H-- | M] () -- C:\Documents and Settings\harveyj\Local Settings\Temp\smss.exe
PRC - [2009/10/19 18:31:23 | 00,021,508 | -H-- | M] () -- C:\Documents and Settings\harveyj\Local Settings\Temp\mdm.exe
PRC - [2009/10/19 17:37:27 | 00,021,508 | -H-- | M] () -- C:\Documents and Settings\harveyj\Local Settings\Temp\svchost.exe
PRC - [2009/10/19 00:41:53 | 00,015,001 | -H-- | M] () -- C:\Documents and Settings\harveyj\Local Settings\Temp\i4xvjs.exe
PRC - [2009/09/05 02:46:18 | 03,399,168 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\XoftSpySE6\XoftSpySE.exe
PRC - [2009/08/28 14:15:30 | 00,582,424 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
PRC - [2009/08/26 22:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/31 07:57:59 | 01,935,360 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe
PRC - [2009/05/25 16:38:28 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/21 10:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/17 15:38:46 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/10/01 19:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/10/01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/02 08:23:05 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2008/01/22 09:44:22 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/09/20 08:23:44 | 00,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/05/26 07:56:30 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/30 20:36:30 | 00,057,344 | ---- | M] ((?)????) -- C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
PRC - [2007/01/15 14:23:48 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2007/01/09 22:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 01:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/09/28 02:20:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/10/05 01:12:00 | 00,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 03:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2005/06/10 08:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/22 21:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2003/10/29 00:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NMSAccessU [Auto | Stopped])
SRV - File not found -- -- (LiveUpdate [On_Demand | Stopped])
SRV - [2009/08/28 14:15:30 | 00,582,424 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService [On_Demand | Running])
SRV - [2009/05/25 16:38:28 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/03/23 21:28:37 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/02/17 15:38:46 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2008/10/01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/05/02 08:23:05 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2008/02/20 10:01:12 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/11/28 20:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/14 00:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2007/01/12 20:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/05 01:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/09/28 02:20:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
SRV - [2005/10/28 05:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcgcoms.exe -- (dlcg_device [On_Demand | Stopped])
SRV - [2004/11/19 09:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatfeedmill.....FLinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://greatfeedmill.....FLinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://greatfeedmill.....FLinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://greatfeedmill.....FLinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://greatfeedmill...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://greatfeedmill...w.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://greatfeedmill...w.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatfeedmill...w.dell.ca/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://greatfeedmill...www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://greatfeedmill...=...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://greatfeedmill...w.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.thottbot.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/25 16:38:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 08:10:29 | 00,000,000 | ---D | M]

[2009/02/10 08:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\mozilla\Firefox\Profiles\1o50bu8v.default\extensions
[2007/11/20 17:52:00 | 02,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: (150 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (no name) - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL (Microsoft)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CmUsbSound] File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe ((?)????)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XoftSpySE] C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
O4 - HKCU..\Run: [calc] C:\WINDOWS\system32\config\systemprofile\ntuser.dll ()
O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Login Software 2009] C:\Documents and Settings\harveyj\Local Settings\Temp\i4xvjs File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\Documents and Settings\harveyj\Local Settings\Temp\nvsvc32 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\harveyj\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://greatfeedmill.....Flinkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://greatfeedmill...ca32/wficat.cab (Citrix ICA Client)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://greatfeedmill...es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://greatfeedmill...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://greatfeedmill...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://greatfeedmill...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://greatfeedmill...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://greatfeedmill...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://greatfeedmill...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://greatfeedmill...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://greatfeedmill...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://greatfeedmill...ad/iaplayer.cab (InstantAction Game Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ac49d3ad-aba0-11dd-a8d6-00038a000015}\Shell\AutoRun\command - "" = E:\podcastready.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/19 01:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/19 17:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/10/19 16:59:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/19 15:02:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2009/10/16 14:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\harveyj\Application Data\BitZipper
[2009/10/19 01:10:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\harveyj\Application Data\Malwarebytes
[2009/10/19 17:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/10/12 17:59:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/10/19 17:04:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2009/10/16 14:16:28 | 00,000,000 | ---D | C] -- C:\Program Files\BitZipper
[2009/10/19 19:47:29 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/19 11:05:36 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/10/19 00:41:45 | 00,000,000 | ---D | C] -- C:\Program Files\kvahux
[2009/10/19 01:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/19 17:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/19 11:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/10/19 16:59:44 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/10/19 15:02:40 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2009/10/19 20:07:01 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\harveyj\Desktop\OTL.exe
[2009/10/19 17:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\harveyj\Desktop\Crack
[2009/10/19 15:02:11 | 04,276,264 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\harveyj\Desktop\XoftSpySE_Setup.exe
[2009/10/19 10:30:40 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/19 01:05:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 01:05:09 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/16 14:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\harveyj\Desktop\del
[2009/10/16 11:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\harveyj\Desktop\Apathy - Wanna Snuggle
[2008/02/04 00:07:21 | 58,619,176 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2007/04/29 08:37:30 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgserv.dll
[2007/04/29 08:37:30 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgusb1.dll
[2007/04/29 08:37:30 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgprox.dll
[2007/04/29 08:37:30 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpplc.dll
[2007/04/29 08:37:29 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgpmui.dll
[2007/04/29 08:37:28 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomc.dll
[2007/04/29 08:37:28 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcglmpm.dll
[2007/04/29 08:37:28 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcgcomm.dll

========== Files - Modified Within 14 Days ==========

[12 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/19 20:06:46 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\harveyj\Desktop\OTL.exe
[2009/10/19 20:03:53 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\settings.dat
[2009/10/19 20:03:32 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\RootRepeal.zip
[2009/10/19 19:48:35 | 00,289,206 | ---- | M] () -- C:\Documents and Settings\harveyj\My Documents\cc_20091019_194810.reg
[2009/10/19 19:47:30 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\CCleaner.lnk
[2009/10/19 19:03:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/19 18:33:46 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/19 18:31:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/19 18:30:55 | 00,211,668 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/19 18:30:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/19 18:30:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/19 18:30:29 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/19 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2009/10/19 17:29:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\HijackThis.lnk
[2009/10/19 17:05:01 | 00,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2009/10/19 17:05:01 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2009/10/19 17:04:56 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/10/19 17:01:44 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\XoftSpySE_v6.0_Crack_[_kk_].torrent
[2009/10/19 17:00:10 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/10/19 16:37:04 | 00,010,752 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/10/19 15:02:22 | 04,276,264 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\harveyj\Desktop\XoftSpySE_Setup.exe
[2009/10/19 11:18:32 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\WindowsDefender.msi
[2009/10/19 10:45:32 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\UnHookExec.inf
[2009/10/19 10:39:52 | 00,001,341 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\regtools.vbs
[2009/10/19 10:37:30 | 00,000,103 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\fix.reg
[2009/10/19 10:13:07 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/19 01:06:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 21:44:40 | 00,186,878 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\diabetic.pdf
[2009/10/16 14:16:30 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\harveyj\Desktop\BitZipper.lnk
[2009/10/14 03:09:17 | 00,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 03:09:17 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 03:09:17 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 03:06:14 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/06 07:35:21 | 00,000,644 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/06 07:34:56 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini

========== Files - No Company Name ==========
[2009/10/19 20:03:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\settings.dat
[2009/10/19 20:03:30 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\RootRepeal.zip
[2009/10/19 19:48:17 | 00,289,206 | ---- | C] () -- C:\Documents and Settings\harveyj\My Documents\cc_20091019_194810.reg
[2009/10/19 19:47:30 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\CCleaner.lnk
[2009/10/19 17:29:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\HijackThis.lnk
[2009/10/19 17:08:04 | 00,000,448 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2009/10/19 17:01:48 | 00,002,337 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\XoftSpySE_v6.0_Crack_[_kk_].torrent
[2009/10/19 17:00:10 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/10/19 16:36:06 | 00,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2009/10/19 16:36:05 | 00,000,422 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2009/10/19 16:36:00 | 00,000,380 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/10/19 15:26:41 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/10/19 11:22:18 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/19 11:18:18 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\WindowsDefender.msi
[2009/10/19 10:45:36 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\UnHookExec.inf
[2009/10/19 10:39:59 | 00,001,341 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\regtools.vbs
[2009/10/19 10:37:30 | 00,000,103 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\fix.reg
[2009/10/19 01:05:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/17 21:44:39 | 00,186,878 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\diabetic.pdf
[2009/10/16 14:16:30 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\harveyj\Desktop\BitZipper.lnk
[2009/10/06 07:34:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/06/10 08:29:34 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 08:29:34 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 08:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 08:29:32 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/14 09:59:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MusicStudio.INI
[2008/09/11 13:31:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008/09/11 13:26:01 | 00,005,817 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/05/02 08:23:22 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/03/31 14:25:46 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 13:30:08 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 13:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 13:28:54 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 13:28:20 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/10 17:44:56 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\harveyj\Local Settings\Application Data\fusioncache.dat
[2007/12/20 22:45:51 | 00,450,560 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2007/12/20 22:45:51 | 00,172,032 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2007/10/07 14:22:35 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2007/10/07 14:22:19 | 00,005,098 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2007/08/17 22:59:17 | 00,044,440 | ---- | C] () -- C:\WINDOWS\System32\MtpAccess.dll
[2007/08/17 22:36:43 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/08/17 22:34:02 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2007/08/17 22:34:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2007/08/17 22:34:01 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2007/08/17 22:34:01 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2007/07/11 14:57:25 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/06/04 20:49:09 | 03,753,508 | -H-- | C] () -- C:\Documents and Settings\harveyj\Local Settings\Application Data\IconCache.db
[2007/05/18 05:59:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/05/15 10:52:29 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\harveyj\Application Data\PFP120JPR.{PB
[2007/05/15 10:52:29 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\harveyj\Application Data\PFP120JCM.{PB
[2007/05/10 13:26:25 | 00,000,461 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/05/01 20:20:44 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\harveyj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/30 09:20:26 | 00,050,752 | ---- | C] () -- C:\Documents and Settings\harveyj\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/04/30 09:20:17 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/30 09:20:17 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\45638B691A.sys
[2007/04/29 11:10:19 | 00,147,501 | ---- | C] () -- C:\Documents and Settings\harveyj\Application Data\Cosmos Prefs
[2007/04/29 08:37:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcgvs.dll
[2007/04/29 08:37:27 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcgutil.dll
[2007/04/29 08:37:22 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcgjswr.dll
[2007/04/29 08:37:21 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcginsb.dll
[2007/04/29 08:37:21 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcgins.dll
[2007/04/29 08:37:21 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcginsr.dll
[2007/04/29 08:37:19 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcgcub.dll
[2007/04/29 08:37:19 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcgcu.dll
[2007/04/29 08:37:19 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcgcur.dll
[2007/04/29 08:28:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\harveyj\Application Data\desktop.ini
[2006/09/06 05:27:28 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcgcfg.dll
[2006/05/15 11:50:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/15 11:47:25 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/15 11:16:58 | 00,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/05 10:32:24 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcgcnv4.dll
[2004/12/20 11:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 11:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 10:57:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/10 10:51:28 | 00,000,644 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 10:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/10/19 17:04:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/19 20:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/07/03 13:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apowersoft
[2008/10/14 13:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/24 06:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2006/05/15 11:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/02/26 22:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/09/06 16:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/12/26 19:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/10/19 17:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/12/26 01:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/11/19 08:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2004/08/10 11:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/05 13:42:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/11/15 11:14:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/12/20 22:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/09/09 17:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/19 17:00:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/19 15:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2009/10/19 01:10:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\harveyj\Application Data
[2009/10/16 14:16:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\BitZipper
[2007/05/15 10:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\Corel
[2007/04/30 09:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\Corel Photo Album
[2007/08/17 22:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\DataCast
[2007/09/14 13:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\fretsonfire
[2009/10/19 17:07:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\FrostWire
[2009/05/13 21:59:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\GarageGames
[2009/08/23 20:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\GetRightToGo
[2007/05/18 06:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\ICAClient
[2007/05/01 20:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\Leadertech
[2008/08/21 14:51:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\harveyj\Application Data\SecuROM
[2007/08/25 19:53:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\SoundSpectrum
[2008/09/10 20:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\teamspeak2
[2007/12/21 01:12:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\Ulead Systems
[2007/05/07 12:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\Ventrilo
[2007/09/09 17:19:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\Viewpoint
[2006/05/15 11:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\harveyj\Application Data\You've Got Pictures Screensaver
[2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/19 19:03:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/19 18:33:46 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/01 01:46:23 | 00,000,626 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - harveyj.job
[2009/10/19 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2009/10/19 17:05:01 | 00,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2009/10/19 18:30:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/19 17:04:56 | 00,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/10/19 00:41:45 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\ldvx.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 03:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[12 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2004/08/04 03:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[12 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >



EXTRAS SCAN TXT



OTL Extras logfile created on: 10/19/2009 8:07:27 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\harveyj\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 327.00 Mb Available Physical Memory | 31.99% Memory free
2.39 Gb Paging File | 1.70 Gb Available in Paging File | 71.30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 87.96 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8XHQZ91
Current User Name: harveyj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56098:TCP" = 56098:TCP:*:Enabled:Pando Media Booster
"56098:UDP" = 56098:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- File not found
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{4EED46D7-65DD-4F66-BAEE-DFCF5E240117}" = Symantec Real Time Storage Protection Component
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5594D59-EE12-4C8B-868B-2CBC323D46BA}" = SymNet
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AviSynth" = AviSynth 2.5
"BitZipper_is1" = BitZipper 2009
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Creative Photo Manager" = Creative Photo Manager
"CurseClient" = Curse Client
"Dell AIO 810" = Dell AIO 810
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"FrostWire" = FrostWire 4.17.2
"Generic USB Sound" = Sector 7 Xtreme Gaming Headset.
"G-Force" = G-Force
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyFreeCodec" = MyFreeCodec
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Samsung_SEDG" = Samsung Video Codec 1.2.5006 Uninstall
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2009 11:04:33 AM | Computer Name = D8XHQZ91 | Source = Application Error | ID = 1000
Description = Faulting application curseclient.exe, version 0.0.0.0, faulting module
curseclient.exe, version 0.0.0.0, fault address 0x0027d2e7.

[ System Events ]
Error - 10/19/2009 8:37:59 PM | Computer Name = D8XHQZ91 | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%2

Error - 10/19/2009 9:32:10 PM | Computer Name = D8XHQZ91 | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%2


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP