Hijack This default32.dll

Status
Not open for further replies.
J

joemamma

New member
100% CPU when booting normally. No problems when in safe mode. I have run malware bytes in safe mode, it removed 37 infeections. I have run it again and it finds nothing. Microsfot security essentials finds nothing.

DDS (Ver_2011-07-14.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Barb at 20:56:18 on 2011-07-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.880 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://login.yahoo.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uProxyOverride = <local>;*.local
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
StartupFolder: c:\docume~1\barb\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: EnableProfileQuota = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} - hxxps://vpn.johnseastern.com/ISBinstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{2EB84B37-4CD4-4635-B607-506356D57A2E} : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: text/html - {500dadd4-30cc-4243-ad52-3e4cd414c023} -
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: Your Image File Name Here without a path - ntsd -d
.
============= SERVICES / DRIVERS ===============
.
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys --> c:\windows\system32\drivers\ctxusbm.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-24 24652]
S2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2009-7-2 151552]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-7-10 30576]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]
.
=============== Created Last 30 ================
.
2011-07-14 22:28:38 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-14 01:42:01 139264 ----a-w- c:\windows\system32\igfxres.dll
2011-07-12 00:24:03 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-07-12 00:23:24 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d2fbb9c7-5b5a-4d05-b413-0dc80a361cea}\mpengine.dll
2011-07-11 23:46:36 -------- d-----w- C:\Intel
2011-07-11 22:59:25 666 ----a-w- c:\windows\speed.reg
2011-07-11 22:48:27 42858 ----a-w- c:\windows\system32\hsfci014.dll
2011-07-11 22:48:27 1033728 ----a-w- c:\windows\system32\drivers\HSF_DPV.SYS
2011-07-11 22:40:53 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-07-11 22:40:53 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-07-11 22:40:53 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-07-11 22:40:53 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-07-11 22:40:53 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-07-11 22:40:53 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-07-11 22:40:52 303104 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-07-11 00:22:52 78704 ----a-w- c:\windows\system32\nx6000res.dll
2011-07-11 00:22:52 636784 ----a-w- c:\windows\system32\LCCoin36.dll
2011-07-11 00:22:52 514416 ----a-w- c:\windows\system32\LcProxy2.ax
2011-07-11 00:22:52 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
2011-07-11 00:22:22 -------- d-----w- c:\program files\Microsoft LifeCam
2011-07-11 00:21:54 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-11 00:21:47 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-11 00:21:19 -------- d-----w- c:\windows\Logs
2011-07-10 17:20:12 -------- d-----w- c:\program files\CONEXANT
2011-07-10 13:52:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-10 13:45:21 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-09 19:46:41 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-09 19:46:37 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-09 19:46:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-07-09 19:29:47 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-09 19:27:28 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-09 19:24:43 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-09 19:14:22 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-09 14:53:00 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2011-07-09 14:52:59 86016 ----a-w- c:\windows\system32\preflib.dll
2011-07-09 14:52:57 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2011-07-09 14:52:56 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2011-07-09 14:52:56 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2011-07-08 02:13:12 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-07-08 02:13:12 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-07-08 02:12:55 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-07-08 02:12:47 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-07-08 02:12:39 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-07-08 02:12:30 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-07-08 02:12:21 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-07-08 02:12:11 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-07-08 02:09:14 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-08 02:09:07 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-07-08 02:09:07 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-07-08 02:09:07 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-08 02:09:07 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-07-08 02:09:06 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-07-07 02:58:59 69120 ------w- c:\windows\system32\wlanapi.dll
2011-07-07 02:58:58 32866 ------w- c:\windows\slrundll.exe
2011-07-07 02:58:57 -------- d-----w- c:\windows\system32\scripting
2011-07-07 02:58:56 -------- d-----w- c:\windows\l2schemas
2011-07-07 02:58:55 -------- d-----w- c:\windows\system32\en
2011-07-07 02:58:55 -------- d-----w- c:\windows\system32\bits
2011-07-07 02:48:42 19569 ----a-w- c:\windows\003014_.tmp
2011-07-07 02:48:32 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-07-07 02:48:32 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2011-07-07 02:43:00 -------- d-----w- c:\windows\EHome
2011-07-07 01:02:06 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-07 01:00:44 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-07 01:00:26 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-07 01:00:26 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-07 01:00:26 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-07 01:00:26 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-07-07 01:00:26 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-07-07 01:00:26 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-07-07 01:00:26 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-07-07 01:00:26 117760 ------w- c:\windows\system32\prntvpt.dll
2011-07-07 01:00:25 -------- d-----w- C:\26e0381c782f070f733610226a8ba6
2011-07-07 00:51:41 -------- d-----w- c:\program files\MSXML 6.0
2011-07-05 18:15:11 -------- d-----w- c:\program files\Zone Labs
2011-07-05 18:15:11 -------- d-----w- c:\documents and settings\barb\application data\ZoneLabs
2011-07-04 22:52:14 -------- d-----w- c:\documents and settings\barb\local settings\application data\LogMeIn
2011-07-04 22:52:14 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
.
==================== Find3M ====================
.
2011-07-09 19:15:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-22 21:27:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-22 21:27:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-18 17:18:50 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 20:57:38.93 ===============
 
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Click to expand...
Hi and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Create a System Restore Point

  • Create a new, clean System Restore point which we can use in case of future system problems during the Malware Removal process.
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like PMR One for example then press the Create button and once it's done press Close
Next:

I have run malware bytes in safe mode, it removed 37 infeections. I have run it again and it finds nothing.
Click to expand...
I would like to review this log if available, it can be located as follows...

  • Launch/Start the application
  • Click on the Logs radio tab.
  • Post the contents of mbam-log-yyyy-mm-dd (tt-tt-tt).txt
Note: yyyy-mm-dd (tt-tt-tt) denote the date/time the log was created.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0 <-- We will update this in due course.
HijackThis 2.0.2 <-- Out of date.
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 25 <-- We will update this in due course.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.
  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes' Anti-Malware Log(if available).
  • aswMBR Log.
 
Last edited:
aswmbr logs

I ran aswmbr.exe in normal mode and during the scan got a BSOD with the following message.

Driver_IRQL_NOT_LESS_or_EQUAL.
offending file awwmbr.sys (0x00000D1,0xEZ8FA000,0x0000FF,0x0000000,0xB33ADB10)

I ran it in safe mode and here is the log. System is still very slow when not running in safe mode.
 
Hi. :)

I ran aswmbr.exe in normal mode and during the scan got a BSOD with the following message.
Click to expand...
OK and thanks for the update.

I ran it in safe mode and here is the log. System is still very slow when not running in safe mode.
Click to expand...
Fair play, run the below scan for myself please in Normal Mode if possible, Safe Mode will suffice if any problems encountered.

A question for your good self, do you have a copy of the Genuine XP Installation CD?

Scan with MBRCheck:

Please download MBRCheck.exe and save to your desktop.

Alternative Download is here.

  • Double-click on MBRCheck.exe to run the application.
  • A window similar to this should open on your desktop:-
mbrcheckeg2-2.gif

  • If you are prompted with options, enter N at the prompt and press Enter .
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run).
  • Please post the contents of the log in your next reply.
Next:

Please send the MBR.dat file created by aswMBR to a Zip file, then attach it in your next reply. Reason being I would like to carry out a analysis of the aforementioned, thank you.

Next:

Please download MiniToolBox and run it.

Checkmark following checkbox:
  • List Minidump Files.
Click Go and post the result (Result.txt) in your next reply.
 
Last edited:
Hi. :)

Show Hidden Files:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Next:

Using Windows Explorer (to get there right-click your Start button and go to Explore), please navigate to

C:\ >> WINDOWS >> Minidump >> Mini072111-01.dmp & Mini072111-02.dmp

Send both of these dmp files to a Zip file please, then attach it in your next reply, thank you.

Repair MBR:

We will need to use the XP CD-ROM you have for this proceddure.
  • Restart your computer with the Windows XP Setup disk in the CDROM drive.
  • If you are prompted to press a key to start the computer from CDROM, do so quickly. Otherwise it may try to boot from the hard drive.
  • A blue screen will appear and begin loading Windows XP Setup from the CD.
  • You will be prompted to "press F6 to install any third party SCSI or RAID drivers". Ignore this.
  • Depress the keyboard R key to enter the Recovery Console.
Next:

AT the C:\Windows> prompt
  • Type in the following exactly fixmbr and hit enter.
  • Then at the next prompt type in Exit and hit enter.
  • Windows should continue to load as normally.
Let myself know when completed the above and if your machine still has the same issue you mentioned in your first post in this topic.
 
Hi. :)

Thanks for the attachment...OK lets proceed as follows.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
 
TDSkill

I ran this in safe mode and it found nothing. When i tried to run it in Normal mode i got the BSOD attached.
 
Hi. :)

Carry out the below In Normal Mode if possible, if problems Safe Mode will suffice for now OK.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.
Click to expand...
Please include the C:\ComboFix.txt in your next reply for further review.
Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • A new DDS Log.
 
Combo Fix

I tried to run combo fix in normal mode but got a BSOD. Error Message: "IO System Verification error in catchme.sys(WDM Driver Error)

I ran it in safe mode. Here is the log. Also when i ran dss in normal mode i got a BSOD. Here is dss from safe mode.
 
Hi. :)

Please move the executable for ComboFix to the desktop as it needs to be there if we use it again and for when we uninstall it. It is currently residing here:-

c:\documents and settings\Barb\Desktop\Spyware Tools\combofix\ComboFix.exe

Have you uninstalled Microsoft Security Essentials?

Now the BSOD error you mentioned relates to ComboFix, though within the realms of possibility a hardware problem also. Have you changed/upgraded any memory modules recently?
 
Memory Module

I have not istalled any memory. When the issues started I was trying to install a web cam. It was half way through the install and caused the pc to reboot with our completing the install. There was nothing listed in add/remove programs relating to the new web cam software and nothing in device manager. Since then I have updated all device drives from dell that i could find.
 
Hi. :)

OK, thanks for the update, lets have another look at your machine with a different scanning application to see if will shed some light on the situation.

No need to attach the requested logs however merely post them back in this topic, thank you.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.
  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
 
OTL.txt

OTL logfile created on: 7/26/2011 12:17:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Barb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 67.90% Memory free
1.84 Gb Paging File | 1.64 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.31 Gb Total Space | 30.08 Gb Free Space | 57.50% Space Free | Partition Type: NTFS
Drive D: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUZY | User Name: Barb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Barb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Barb\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (72576925) -- C:\WINDOWS\system32\drivers\55340009.sys (Kaspersky Lab, GERT)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (NWUSBCDFIL) -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Barb\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin


O1 HOSTS File: ([2011/07/23 20:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} https://vpn.johnseastern.com/ISBinstaller.cab (ISBinstaller Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Barb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 12:17:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/26 12:12:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTL.exe
[2011/07/23 20:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/23 20:29:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/07/23 20:20:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/23 19:49:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/23 19:21:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/23 19:21:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/23 19:21:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/23 19:21:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/23 19:02:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/23 18:50:32 | 004,150,846 | R--- | C] (Swearware) -- C:\Documents and Settings\Barb\Desktop\ComboFix.exe
[2011/07/23 14:35:31 | 000,094,512 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\55340009.sys
[2011/07/14 20:56:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Barb\Start Menu\Programs\Administrative Tools
[2011/07/14 20:55:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/14 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Spyware Tools
[2011/07/14 18:28:38 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/07/13 21:42:01 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/07/11 19:50:11 | 003,274,608 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\Copy of HD5001FW1033.exe
[2011/07/11 19:47:21 | 003,274,608 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\HD5001FW1033.exe
[2011/07/11 19:46:36 | 000,000,000 | ---D | C] -- C:\Intel
[2011/07/11 18:52:38 | 002,318,336 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2011/07/11 18:52:38 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2011/07/11 18:52:38 | 000,114,688 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2011/07/11 18:52:38 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2011/07/11 18:48:27 | 001,033,728 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DPV.SYS
[2011/07/11 18:48:27 | 000,042,858 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfci014.dll
[2011/07/10 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft LifeCam
[2011/07/10 20:22:52 | 000,636,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin36.dll
[2011/07/10 20:22:52 | 000,514,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LcProxy2.ax
[2011/07/10 20:22:52 | 000,078,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nx6000res.dll
[2011/07/10 20:22:52 | 000,030,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nx6000.sys
[2011/07/10 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2011/07/10 20:21:54 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/07/10 20:21:47 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/07/10 20:21:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/07/10 13:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/07/10 09:52:04 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/07/09 21:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\AOL Saved PFC
[2011/07/09 15:46:41 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/07/09 15:46:37 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/07/09 15:46:33 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/07/09 15:29:47 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/07/09 15:27:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/07/09 15:24:43 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/07/09 15:14:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/07/09 10:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless
[2011/07/09 10:53:00 | 000,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2011/07/09 10:52:57 | 000,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2011/07/09 10:52:56 | 002,129,920 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2011/07/08 18:56:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/07 22:13:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/07/07 22:09:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/07/07 22:09:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/07/07 22:09:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/07/07 22:09:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/07/07 22:09:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/07/06 22:59:29 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/07/06 22:59:28 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/07/06 22:59:15 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/07/06 22:59:15 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/07/06 22:59:15 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/07/06 22:59:14 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/07/06 22:59:13 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/07/06 22:59:13 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/07/06 22:59:13 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/07/06 22:59:13 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/07/06 22:59:13 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/07/06 22:59:13 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/07/06 22:59:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/07/06 22:59:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/07/06 22:59:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/07/06 22:59:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/07/06 22:59:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/07/06 22:59:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/07/06 22:59:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2011/07/06 22:59:12 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2011/07/06 22:59:11 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/07/06 22:59:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2011/07/06 22:59:10 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/07/06 22:59:10 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/07/06 22:59:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2011/07/06 22:59:10 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/07/06 22:59:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/07/06 22:59:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/07/06 22:59:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2011/07/06 22:59:10 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/07/06 22:59:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/07/06 22:59:07 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/07/06 22:59:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/07/06 22:59:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/07/06 22:59:06 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/07/06 22:59:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/07/06 22:59:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/07/06 22:59:05 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/07/06 22:59:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/07/06 22:59:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/07/06 22:59:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/07/06 22:59:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2011/07/06 22:59:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/07/06 22:59:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2011/07/06 22:59:02 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/07/06 22:59:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2011/07/06 22:59:01 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/07/06 22:59:01 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/07/06 22:59:01 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/07/06 22:59:01 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/07/06 22:59:01 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/07/06 22:59:01 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/07/06 22:59:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/07/06 22:59:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/07/06 22:58:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/07/06 22:58:58 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/07/06 22:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/06 22:58:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/07/06 22:58:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/06 22:58:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/06 22:50:35 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/07/06 22:50:35 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/07/06 22:50:35 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/07/06 22:50:35 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/07/06 22:50:34 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/07/06 22:50:34 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/07/06 22:50:34 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/07/06 22:50:34 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/07/06 22:50:34 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/07/06 22:50:34 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/07/06 22:50:34 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/07/06 22:50:34 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/07/06 22:50:34 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/07/06 22:50:34 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/07/06 22:50:34 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/07/06 22:50:34 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/07/06 22:50:34 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/07/06 22:50:33 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/07/06 22:50:33 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/07/06 22:50:33 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/07/06 22:50:33 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/07/06 22:50:33 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/07/06 22:50:33 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/07/06 22:50:33 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/07/06 22:50:33 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/07/06 22:50:32 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/07/06 22:50:32 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/07/06 22:50:32 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/07/06 22:50:32 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/07/06 22:50:32 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/07/06 22:50:32 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/07/06 22:50:32 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/07/06 22:50:32 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/07/06 22:50:32 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/07/06 22:50:31 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/07/06 22:50:31 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/07/06 22:50:29 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/07/06 22:50:28 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/07/06 22:50:28 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/07/06 22:50:28 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/07/06 22:50:27 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/07/06 22:50:27 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/07/06 22:50:27 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/07/06 22:50:27 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/07/06 22:50:27 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/07/06 22:50:27 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/07/06 22:50:26 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/07/06 22:50:26 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/07/06 22:50:26 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/07/06 22:50:26 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/07/06 22:50:26 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/07/06 22:50:25 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/07/06 22:50:25 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/07/06 22:50:25 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/07/06 22:50:25 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/07/06 22:50:25 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/07/06 22:50:25 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/07/06 22:48:32 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelppm.sys
[2011/07/06 22:43:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/06 22:43:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/07/06 21:50:33 | 022,660,464 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\LifeCam3.60.exe
[2011/07/06 21:42:49 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/07/06 21:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2011/07/06 21:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/07/06 21:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/07/06 21:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/07/06 21:00:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/07/06 21:00:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/07/06 21:00:26 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/07/06 21:00:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/07/06 21:00:26 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/07/06 21:00:26 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/07/06 21:00:25 | 000,000,000 | ---D | C] -- C:\26e0381c782f070f733610226a8ba6
[2011/07/06 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/07/05 14:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Application Data\ZoneLabs
[2011/07/05 14:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/07/04 18:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Local Settings\Application Data\LogMeIn
[2011/07/04 18:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/27 19:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Piper Pics
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/26 12:15:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/26 12:12:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTL.exe
[2011/07/23 20:54:11 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/23 20:54:11 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/23 20:49:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 20:30:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/23 19:49:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/23 19:19:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/23 18:50:36 | 004,150,846 | R--- | M] (Swearware) -- C:\Documents and Settings\Barb\Desktop\ComboFix.exe
[2011/07/23 14:35:32 | 000,094,512 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\55340009.sys
[2011/07/23 14:33:18 | 000,059,999 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.JPG
[2011/07/23 14:31:18 | 001,741,549 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.GIF
[2011/07/23 14:30:23 | 010,037,302 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.bmp
[2011/07/23 14:27:19 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3668883598-1458084838-1880407917-1006UA.job
[2011/07/23 14:26:46 | 004,630,413 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.zip
[2011/07/21 19:33:48 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/21 19:33:46 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Google Chrome.lnk
[2011/07/14 20:55:29 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/14 20:36:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/14 18:08:45 | 000,227,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 20:04:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 19:47:21 | 003,274,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\HD5001FW1033.exe
[2011/07/11 19:47:21 | 003,274,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\Copy of HD5001FW1033.exe
[2011/07/11 18:59:26 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_INS_6000.MRK
[2011/07/11 18:59:26 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_INS_6000.MRK
[2011/07/10 21:58:44 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_rundll32_exe.job
[2011/07/10 21:58:20 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[2011/07/10 20:23:07 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2011/07/10 13:39:21 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Modem Helper.lnk
[2011/07/10 09:45:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/09 21:23:05 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/07/09 17:27:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3668883598-1458084838-1880407917-1006Core.job
[2011/07/09 15:15:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 22:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/06 21:50:33 | 022,660,464 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\LifeCam3.60.exe
[2011/07/06 21:11:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 20:58:27 | 000,305,664 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\1309778880380-mypinwheelquilt.pdf
[2011/06/29 22:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/23 19:49:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/23 19:49:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/23 19:21:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/23 19:21:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/23 19:21:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/23 19:21:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/23 19:21:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/23 14:31:15 | 001,741,549 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.GIF
[2011/07/23 14:27:53 | 010,037,302 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.bmp
[2011/07/23 14:26:41 | 004,630,413 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.zip
[2011/07/23 14:20:20 | 000,059,999 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.JPG
[2011/07/14 20:55:29 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 19:51:26 | 000,115,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/11 18:59:26 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_INS_6000.MRK
[2011/07/11 18:59:26 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_INS_6000.MRK
[2011/07/11 18:59:25 | 000,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2011/07/11 18:52:39 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/07/11 18:52:39 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/07/11 18:52:39 | 000,023,216 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/07/11 18:52:39 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/07/11 18:48:27 | 000,129,405 | ---- | C] () -- C:\WINDOWS\System32\drivers\del1028.cty
[2011/07/10 21:51:51 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[2011/07/10 21:51:15 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_rundll32_exe.job
[2011/07/10 20:23:07 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2011/07/10 13:39:21 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Modem Helper.lnk
[2011/07/10 09:47:54 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/09 21:23:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/09 10:52:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/07/09 10:52:56 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/07/07 21:24:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 22:50:32 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/07/06 22:50:31 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/07/06 22:50:28 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/07/04 20:58:27 | 000,305,664 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\1309778880380-mypinwheelquilt.pdf
[2010/01/19 18:57:24 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/08/18 12:32:58 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/08/18 12:32:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_6800.ini
[2009/08/18 12:32:57 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/18 12:32:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/08/18 12:32:54 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/04 11:04:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\housecall.guid.cache
[2009/04/29 20:17:30 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Barb\Application Data\PFP120JPR.{PB
[2009/04/29 20:17:30 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Barb\Application Data\PFP120JCM.{PB
[2009/04/29 20:17:08 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/29 20:17:08 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\90FD9E6706.sys
[2007/05/22 19:14:58 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/04/16 20:46:27 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/24 12:41:31 | 000,000,049 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/09/02 15:40:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/02 15:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/02 15:08:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2005/09/02 14:48:05 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2005/09/02 14:47:45 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2005/08/25 08:49:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/25 08:37:57 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/25 08:33:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/25 08:27:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/08/25 08:27:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2005/08/25 08:27:24 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/08/25 08:03:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2005/08/25 08:03:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/08/25 08:02:34 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,227,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 13:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 13:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 13:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 13:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >
 
Extras.txt

OTL Extras logfile created on: 7/26/2011 12:17:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Barb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 67.90% Memory free
1.84 Gb Paging File | 1.64 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.31 Gb Total Space | 30.08 Gb Free Space | 57.50% Space Free | Partition Type: NTFS
Drive D: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUZY | User Name: Barb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Disabled:VMware View Client -- (VMware, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D8C48F7A-5BCE-49B0-9781-EEFCB4CAE6AA}" = VMware View Client
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ERUNT_is1" = ERUNT 1.1j
"HP Deskjet 5700 Series_Driver" = HP Deskjet 5700 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickBooks 2000" = QuickBooks Pro 2000
"RealPlayer 6.0" = RealPlayer Basic
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2011 8:48:02 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/20/2011 8:43:00 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/20/2011 8:48:02 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/22/2011 9:07:22 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/22/2011 9:12:21 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 7:45:44 AM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 10:20:52 AM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 2:48:07 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 6:59:21 PM | Computer Name = SUZY | Source = Application Hang | ID = 1002
Description = Hanging application msseces.exe, version 2.1.1116.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2011 7:12:54 PM | Computer Name = SUZY | Source = Microsoft Security Client | ID = 1001
Description =

[ System Events ]
Error - 7/23/2011 8:19:24 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/23/2011 8:35:00 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/23/2011 8:36:33 PM | Computer Name = SUZY | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%2148074295

Error - 7/23/2011 8:36:58 PM | Computer Name = SUZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV ctxusbm Fips SBRE

Error - 7/23/2011 8:50:26 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/23/2011 8:51:38 PM | Computer Name = SUZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV ctxusbm Fips intelppm SBRE

Error - 7/23/2011 8:56:37 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/23/2011 9:04:41 PM | Computer Name = SUZY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JASON that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2EB84B37-4CD4-4635-B60.
The
master browser is stopping or an election is being forced.

Error - 7/24/2011 8:07:39 AM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/24/2011 2:41:08 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
 
Status
Not open for further replies.
Back
Top