Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIN32 Service Error / DCOM Network Error


  • This topic is locked This topic is locked
52 replies to this topic

#1 Tobs8

Tobs8

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 30 January 2010 - 02:26 PM

My links are not working in yahoo...I get redirected. Then I get a message " DCOM Server Process Launcher has failed and NT Authority/System needs to shut down your system" I get one minute and then it shuts me down.

re.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pat\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\dtx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar5.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\dtx.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OurPictures] "c:\program files\ritzpix e-z print & share\OurPictures.exe" /AutoStart
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [agent.exe] c:\documents and settings\pat\application data\pc\agent.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DACSMiniApp] c:\program files\fisher-price\dacs\miniapp\DACSMiniApp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [XoftSpySE] "c:\program files\xoftspyse6\XoftSpySE.exe" -NM -hidesplash
mRun: [djmncmbr] c:\windows\system32\config\systemprofile\local settings\application data\upjyob\rdtnsysguard.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\szyen.exe
dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\nvsvc32.exe
dRun: [djmncmbr] c:\windows\system32\config\systemprofile\local settings\application data\upjyob\rdtnsysguard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\citrix~1.lnk - c:\program files\citrix\secure access client\nsload.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
Filter: text/html - {f1c82041-3c4c-41e8-a512-b2aeb7c8ae5c} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXOFUKE
LSA: Notification Packages = scecli cagusa.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-3-16 616408]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2009-4-23 139264]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-4-23 73368]
R3 XoftSpyService;XoftSpyService;c:\program files\common files\xoftspyse\6\xoftspyservice.exe [2009-10-23 582424]
S3 diskmgr;diskmgr;c:\windows\system32\diskmgr.sys [2004-8-10 2304]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-13 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-13 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-13 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-13 40552]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [2004-8-10 2304]
S3 winsts;winsts;c:\windows\system32\winsts.sys [2004-8-10 2304]

=============== Created Last 30 ================

2010-01-26 02:39:43 0 d-s---w- C:\ComboFix
2010-01-25 23:12:00 0 d-sha-r- C:\cmdcons
2010-01-25 23:09:53 98816 ----a-w- c:\windows\sed.exe
2010-01-25 23:09:53 77312 ----a-w- c:\windows\MBR.exe
2010-01-25 23:09:53 261632 ----a-w- c:\windows\PEV.exe
2010-01-25 23:09:53 161792 ----a-w- c:\windows\SWREG.exe
2010-01-24 18:23:03 25088 ----a-w- c:\windows\system32\winlogon86.exe
2010-01-24 18:23:03 17408 ----a-w- c:\windows\system32\winhelper86.dll
2010-01-24 18:22:43 88576 ----a-w- c:\windows\system32\AntiXPVSTFix.exe
2010-01-13 02:13:31 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 17:15:47 27911 ----a-w- c:\windows\system32\F0FFFJK08T.dat
2010-01-11 17:15:47 1860 ----a-w- c:\windows\system32\XGIT7VDDF.dat
2010-01-06 17:21:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-06 17:21:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-04 02:08:13 0 ----a-w- c:\windows\system32\41.exe
2010-01-04 02:07:03 29184 ----a-w- c:\windows\system32\bwsb.gio
2010-01-04 02:05:26 225 ----a-w- c:\windows\system32\uses32.dat
2010-01-04 02:05:26 100 ----a-w- c:\windows\system32\flags.ini
2010-01-04 02:03:38 1 ----a-w- C:\s
2010-01-04 02:03:23 137216 ----a-w- C:\eujbmv.exe
2010-01-04 02:03:22 25088 ----a-w- C:\khkil.exe

==================== Find3M ====================

2010-01-24 21:17:32 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-24 21:17:32 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-01-24 21:17:32 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-01-12 02:14:40 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-11-07 19:43:53 46224 ----a-w- c:\docume~1\pat\applic~1\GDIPFONTCACHEV1.DAT
2007-08-03 22:09:24 56 --sh--r- c:\windows\system32\7680720CCB.sys

============= FINISH: 13:42:29.06 ===============

Edited by Tobs8, 30 January 2010 - 02:29 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 05 February 2010 - 09:50 AM



welcome.gif to the Bleeping Computer Malware Removal Forum
, My name is Elise. I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
Please be patient and I'd be grateful if you would note the following:
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem.


I understand you can't log on to your computer at all. Please let me know exactly what happens, does it attempt to load your desktop and logs you off immediately afterwards?


OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Tobs8

Tobs8
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 February 2010 - 11:11 AM

Thanks for your help!

When I get to the logon screen and click the user I want it starts to load and then fails, shuttng me down. I have tried this for all users, also tried it in safe mode and even tried the last know configuration. Nothing lets me in.

I am so frustrated right now I willing to just install a new windows but I am not even sure if I can do that and if I do will I lose everything on my computer? Can I just install a new windows 7 on my computer?

Edited by Tobs8, 05 February 2010 - 11:12 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 05 February 2010 - 12:33 PM

For good measure, I replied to your PM.

For now, I think it would be best to go with OTLPE. Let me know what you want to do smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Tobs8

Tobs8
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 February 2010 - 01:42 PM

I am going to try the OTLPE. I have to get the CD burned. will I be able to log on and post after I run it or will I have to save it disk and go to another computer?



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 05 February 2010 - 01:50 PM

You can copy the log to an USB flash drive and transfer it to the computer you use now to access the internet.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Tobs8

Tobs8
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 February 2010 - 02:01 PM

I am not that big of a computer user and do not have a usb flash drive. Is there another option or do I need to purchase one?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 05 February 2010 - 02:09 PM

I believe there is an alternative download for OTLPE that includes network card drivers. This should give you the possibility to access the internet. However, this is a bigger download.

link

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Tobs8

Tobs8
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 February 2010 - 03:41 PM

I went and got a flash drive. Burning the CD now

#10 Tobs8

Tobs8
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 05 February 2010 - 05:38 PM

Elise,

Here is the log from the OTLPE, please advise on my next steps. Thanks


OTL logfile created on: 2/5/2010 5:26:08 PM - Run
OTLPE by OldTimer - Version 3.1.27.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 797.00 Mb Available Physical Memory | 78.00% Memory free
906.00 Mb Paging File | 851.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 84.57 Gb Free Space | 77.88% Space Free | Partition Type: NTFS
Drive D: | 37.14 Gb Total Space | 37.07 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2010/01/31 16:10:03 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/11/25 15:42:18 | 00,583,640 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/23 10:14:46 | 00,139,264 | ---- | M] (Citrix Systems, Inc) [Auto] -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl)
SRV - [2009/03/16 16:37:52 | 00,616,408 | ---- | M] () [Auto] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/24 21:30:23 | 00,138,168 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2005/10/27 23:41:52 | 00,491,520 | ---- | M] ( ) [On_Demand] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2004/04/07 12:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/12/17 13:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us


IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-inc/en/s...html?channel=us
IE - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bridie_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://everythingy.com/ie/home
IE - HKU\Bridie_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Bridie_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Bridie_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Bridie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bridie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Bridie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Pat_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Pat_ON_C\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKU\Pat_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Pat_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


FF - HKLM\software\mozilla\Firefox\Extensions\\{8FF6F4A2-3E74-4B31-B3B6-5D737E3D87DF}: C:\Documents and Settings\Pat\Local Settings\Application Data\{8FF6F4A2-3E74-4B31-B3B6-5D737E3D87DF} [2009/03/29 17:29:53 | 00,000,000 | ---D | M]


O1 HOSTS File: ([2010/01/31 12:35:31 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\dtx.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\dtx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
O3 - HKU\Bridie_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
O3 - HKU\Bridie_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Bridie_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Pat_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
O3 - HKU\Pat_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\Pat_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Bridie_ON_C..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\Bridie_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Bridie_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Bridie_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Pat_ON_C..\Run: [agent.exe] C:\Documents and Settings\Pat\Application Data\PC\agent.exe File not found
O4 - HKU\Pat_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Pat_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Pat_ON_C..\Run: [OurPictures] C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
O4 - HKU\Pat_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bridie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pat_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Pat_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Pat_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\Administrator_ON_C\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Bridie_ON_C\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\Bridie_ON_C\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Pat_ON_C\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\Pat_ON_C\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/05 16:44:08 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/02/03 19:30:24 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symtdi.sys
[2010/02/03 19:30:23 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/02/03 19:30:23 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/02/03 19:30:23 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.sys
[2010/02/03 19:30:23 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/02/03 19:30:23 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symfw.sys
[2010/02/03 19:30:23 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndisv.sys
[2010/02/03 19:30:23 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.sys
[2010/02/03 19:30:23 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndis.sys
[2010/02/03 19:30:23 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symids.sys
[2010/02/03 19:29:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0308000.029
[2010/02/02 21:19:47 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/01/31 16:19:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/01/31 16:19:17 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/01/31 16:19:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/01/31 16:10:35 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/01/31 16:10:23 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/01/31 16:10:22 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/01/31 16:09:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/01/31 16:09:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/01/31 16:09:27 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/01/31 16:09:17 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/01/31 16:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bridie\My Documents\Symantec
[2010/01/31 12:45:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/01/31 12:30:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/31 11:34:55 | 01,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/01/31 11:34:55 | 00,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/01/31 11:34:55 | 00,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/01/31 11:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/31 11:34:51 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/01/31 11:33:03 | 09,732,720 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Pat\Desktop\rminstall.exe
[2010/01/30 13:44:37 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Pat\Desktop\RootRepeal.exe
[2010/01/25 18:12:00 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/25 18:09:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/25 18:09:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/25 18:09:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/25 18:09:53 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/25 18:09:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/25 17:53:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/24 14:03:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/01/24 14:02:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/01/24 13:22:43 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2010/01/12 21:13:31 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2006/04/17 09:14:34 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/04/17 09:14:34 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/04/17 09:14:34 | 00,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/04/17 09:14:34 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/04/17 09:14:34 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/04/17 09:14:34 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/04/17 09:14:32 | 00,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/04/17 09:14:32 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/04/17 09:14:32 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/05 16:44:08 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/02/05 16:02:57 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/02/05 16:02:57 | 00,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/02/05 16:02:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/05 16:02:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/05 16:02:32 | 10,716,97920 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/04 20:45:32 | 00,018,027 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/04 20:45:17 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Pat\ntuser.ini
[2010/02/04 20:45:16 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Pat\ntuser.dat
[2010/02/04 20:36:04 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D9758F90-F0DD-48AA-94E0-3E0DFEA4D273}.job
[2010/02/04 19:21:27 | 00,677,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/04 19:18:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/03 19:29:50 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/03 19:18:55 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\Bridie\ntuser.dat
[2010/02/03 19:18:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Bridie\ntuser.ini
[2010/02/03 18:05:04 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/31 16:19:31 | 00,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Pat.job
[2010/01/31 16:19:17 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/01/31 16:10:22 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/01/31 16:10:22 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/01/31 16:10:22 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/01/31 16:10:22 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/01/31 16:10:08 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/01/31 16:10:08 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.sys
[2010/01/31 16:10:08 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symtdi.sys
[2010/01/31 16:10:08 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symfw.sys
[2010/01/31 16:10:08 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndisv.sys
[2010/01/31 16:10:08 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.sys
[2010/01/31 16:10:08 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/01/31 16:10:08 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symndis.sys
[2010/01/31 16:10:08 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\symids.sys
[2010/01/31 16:10:07 | 00,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2010/01/31 16:10:06 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/01/31 16:10:06 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/01/31 16:09:57 | 00,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/01/31 16:09:48 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/01/31 16:09:48 | 00,001,752 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/01/31 16:09:48 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/01/31 16:09:48 | 00,001,561 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.inf
[2010/01/31 16:09:48 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.inf
[2010/01/31 16:09:48 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.inf
[2010/01/31 16:09:48 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/01/31 16:09:31 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/01/31 16:09:31 | 00,009,402 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.cat
[2010/01/31 16:09:31 | 00,007,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/01/31 16:09:31 | 00,007,429 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.cat
[2010/01/31 16:09:31 | 00,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.cat
[2010/01/31 16:09:30 | 00,007,400 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/01/31 16:09:30 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/01/31 15:44:26 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\Bridie\Desktop\Install_NSS.lnk
[2010/01/31 12:35:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/31 12:35:31 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/31 11:33:18 | 09,732,720 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Pat\Desktop\rminstall.exe
[2010/01/30 13:45:14 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\settings.dat
[2010/01/30 13:44:38 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Pat\Desktop\RootRepeal.exe
[2010/01/30 13:40:48 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Pat\Desktop\dds.scr
[2010/01/25 18:12:09 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/25 17:55:15 | 03,836,854 | R--- | M] () -- C:\Documents and Settings\Pat\Desktop\ComboFix.exe
[2010/01/24 16:17:32 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/01/24 13:52:55 | 00,243,200 | ---- | M] () -- C:\Documents and Settings\Pat\My Documents\spyware screen.doc
[2010/01/12 22:18:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 21:14:40 | 00,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/11 21:14:32 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\CB0C728076.sys
[2010/01/11 12:15:47 | 00,027,911 | ---- | M] () -- C:\WINDOWS\System32\F0FFFJK08T.dat
[2010/01/11 12:15:47 | 00,001,860 | ---- | M] () -- C:\WINDOWS\System32\XGIT7VDDF.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/04 19:20:26 | 00,677,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/03 19:30:24 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\symnetv.cat
[2010/02/03 19:30:24 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.cat
[2010/02/03 19:30:24 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/02/03 19:30:24 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymNet.inf
[2010/02/03 19:30:23 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/02/03 19:30:23 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.cat
[2010/02/03 19:30:23 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.cat
[2010/02/03 19:30:23 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/02/03 19:30:23 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/02/03 19:30:23 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/02/03 19:30:23 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/02/03 19:30:23 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtspx.inf
[2010/02/03 19:30:23 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\srtsp.inf
[2010/02/03 19:30:23 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/02/03 19:29:50 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/03 18:06:02 | 10,716,97920 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/31 16:19:22 | 00,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Pat.job
[2010/01/31 16:19:17 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/01/31 16:10:22 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/01/31 16:10:22 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/01/31 15:44:26 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\Bridie\Desktop\Install_NSS.lnk
[2010/01/30 13:45:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\settings.dat
[2010/01/30 13:40:48 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Pat\Desktop\dds.scr
[2010/01/25 18:12:08 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/25 18:12:01 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/25 18:09:53 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/25 18:09:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/25 18:09:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/25 18:09:53 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/25 18:09:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/25 17:55:14 | 03,836,854 | R--- | C] () -- C:\Documents and Settings\Pat\Desktop\ComboFix.exe
[2010/01/24 13:52:55 | 00,243,200 | ---- | C] () -- C:\Documents and Settings\Pat\My Documents\spyware screen.doc
[2010/01/11 12:15:47 | 00,027,911 | ---- | C] () -- C:\WINDOWS\System32\F0FFFJK08T.dat
[2010/01/11 12:15:47 | 00,001,860 | ---- | C] () -- C:\WINDOWS\System32\XGIT7VDDF.dat
[2009/08/19 17:18:23 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Pat\Local Settings\Application Data\fusioncache.dat
[2008/12/25 07:40:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/07/09 19:36:55 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Pat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/03 17:02:18 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7680720CCB.sys
[2006/12/29 18:17:24 | 00,002,715 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/05/08 12:33:53 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Pat\Application Data\PFP120JPR.{PB
[2006/05/08 12:33:53 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Pat\Application Data\PFP120JCM.{PB
[2006/05/05 14:55:34 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/04/29 18:30:52 | 00,000,185 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/04/29 18:29:47 | 00,000,256 | ---- | C] () -- C:\WINDOWS\PROVW.INI
[2006/04/29 18:29:46 | 00,000,673 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2006/04/24 19:13:42 | 00,000,033 | ---- | C] () -- C:\WINDOWS\CWLMAW.INI
[2006/04/24 18:59:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/24 18:37:47 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CB0C728076.sys
[2006/04/24 18:37:46 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/17 09:50:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/17 09:44:26 | 00,004,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/17 09:38:47 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/04/17 09:14:34 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/04/17 09:14:34 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/04/17 09:14:34 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/04/17 09:14:34 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/04/17 09:14:34 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/04/17 09:14:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/04/17 09:14:34 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/04/17 09:14:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/04/17 09:14:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/04/17 09:14:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/04/17 09:13:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/04/17 09:13:52 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/04 13:48:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\OPShDwn.dll
[2005/08/02 14:00:16 | 00,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/01/31 16:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bridie\Application Data\CallingID
[2010/01/31 16:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bridie\Application Data\comcasttb
[2008/12/26 10:27:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bridie\Application Data\Fisher-Price
[2009/12/19 16:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/06 16:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\CallingID
[2009/12/21 17:42:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\comcasttb
[2008/12/31 08:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Fisher-Price
[2006/04/26 21:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\ICAClient
[2006/12/29 18:18:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Leadertech
[2006/05/26 12:23:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\OurPictures
[2007/06/05 20:56:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Viewpoint
[2006/11/12 12:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Wal-Mart Digital Photo Manager
[2006/11/12 12:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pat\Application Data\Wal-Mart Digital Photo Viewer
[2010/02/04 20:36:04 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9758F90-F0DD-48AA-94E0-3E0DFEA4D273}.job

========== Purity Check ==========


< End of report >


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 06 February 2010 - 03:28 AM

Gotcha, that showed me what I wanted to see smile.gif

The userinit value on your computer is missing. This means your computer can't log you on to windows. In the next steps we are going to recreate it.

We need to run an OTLPE Fix
  1. Please reopen OTLPE.
  2. Copy and Paste the following code into the "Custom Scan/Fixes" box. Do not include the word "Code"
    CODE
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\\windows\\system32\\userinit.exe,"
  3. Push

Let me know if you can boot after this. If you can boot normally, do nothing, just let me know. ONLY if you still can't boot, do the following:

Paste the following text in the Custom scan/Fix box in OTLPE and click Run Scan
CODE
/md5start
userinit.exe
/md5stop
Post me the log afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Tobs8

Tobs8
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 08 February 2010 - 08:26 AM

I will try it today. Sorry for the delay.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 08 February 2010 - 08:31 AM

Okay, take your time smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Tobs8

Tobs8
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 08 February 2010 - 11:42 PM

The log on is fixed. Here is the log

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\"Userinit"|"c:\\windows\\system32\\userinit.exe," /E : value set successfully!

OTLPE by OldTimer - Version 3.1.27.0 log created on 02082010_233128


What is my next step?

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 AM

Posted 09 February 2010 - 02:53 AM

Well done thumbup.gif

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users