PDA

View Full Version : Hijack This default32.dll


joemamma
2011-07-15, 04:04
100% CPU when booting normally. No problems when in safe mode. I have run malware bytes in safe mode, it removed 37 infeections. I have run it again and it finds nothing. Microsfot security essentials finds nothing.

DDS (Ver_2011-07-14.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Barb at 20:56:18 on 2011-07-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.880 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://login.yahoo.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uProxyOverride = <local>;*.local
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
StartupFolder: c:\docume~1\barb\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: EnableProfileQuota = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} - hxxps://vpn.johnseastern.com/ISBinstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{2EB84B37-4CD4-4635-B607-506356D57A2E} : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: text/html - {500dadd4-30cc-4243-ad52-3e4cd414c023} -
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
IFEO: Your Image File Name Here without a path - ntsd -d
.
============= SERVICES / DRIVERS ===============
.
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys --> c:\windows\system32\drivers\ctxusbm.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-24 24652]
S2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2009-7-2 151552]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-7-10 30576]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-6-15 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]
.
=============== Created Last 30 ================
.
2011-07-14 22:28:38 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-14 01:42:01 139264 ----a-w- c:\windows\system32\igfxres.dll
2011-07-12 00:24:03 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-07-12 00:23:24 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d2fbb9c7-5b5a-4d05-b413-0dc80a361cea}\mpengine.dll
2011-07-11 23:46:36 -------- d-----w- C:\Intel
2011-07-11 22:59:25 666 ----a-w- c:\windows\speed.reg
2011-07-11 22:48:27 42858 ----a-w- c:\windows\system32\hsfci014.dll
2011-07-11 22:48:27 1033728 ----a-w- c:\windows\system32\drivers\HSF_DPV.SYS
2011-07-11 22:40:53 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-07-11 22:40:53 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-07-11 22:40:53 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-07-11 22:40:53 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-07-11 22:40:53 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-07-11 22:40:53 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-07-11 22:40:52 303104 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-07-11 00:22:52 78704 ----a-w- c:\windows\system32\nx6000res.dll
2011-07-11 00:22:52 636784 ----a-w- c:\windows\system32\LCCoin36.dll
2011-07-11 00:22:52 514416 ----a-w- c:\windows\system32\LcProxy2.ax
2011-07-11 00:22:52 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
2011-07-11 00:22:22 -------- d-----w- c:\program files\Microsoft LifeCam
2011-07-11 00:21:54 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-11 00:21:47 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-11 00:21:19 -------- d-----w- c:\windows\Logs
2011-07-10 17:20:12 -------- d-----w- c:\program files\CONEXANT
2011-07-10 13:52:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-07-10 13:45:21 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-09 19:46:41 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-07-09 19:46:37 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-07-09 19:46:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-07-09 19:29:47 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-07-09 19:27:28 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-07-09 19:24:43 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-07-09 19:14:22 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-07-09 14:53:00 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2011-07-09 14:52:59 86016 ----a-w- c:\windows\system32\preflib.dll
2011-07-09 14:52:57 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2011-07-09 14:52:56 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
2011-07-09 14:52:56 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2011-07-08 02:13:12 16384 ----a-w- c:\windows\system32\ipsink.ax
2011-07-08 02:13:12 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2011-07-08 02:12:55 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2011-07-08 02:12:47 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2011-07-08 02:12:39 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2011-07-08 02:12:30 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2011-07-08 02:12:21 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2011-07-08 02:12:11 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2011-07-08 02:09:14 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-07-08 02:09:07 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2011-07-08 02:09:07 61952 ----a-w- c:\windows\system32\kstvtune.ax
2011-07-08 02:09:07 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-07-08 02:09:07 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-07-08 02:09:06 43008 ----a-w- c:\windows\system32\ksxbar.ax
2011-07-07 02:58:59 69120 ------w- c:\windows\system32\wlanapi.dll
2011-07-07 02:58:58 32866 ------w- c:\windows\slrundll.exe
2011-07-07 02:58:57 -------- d-----w- c:\windows\system32\scripting
2011-07-07 02:58:56 -------- d-----w- c:\windows\l2schemas
2011-07-07 02:58:55 -------- d-----w- c:\windows\system32\en
2011-07-07 02:58:55 -------- d-----w- c:\windows\system32\bits
2011-07-07 02:48:42 19569 ----a-w- c:\windows\003014_.tmp
2011-07-07 02:48:32 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-07-07 02:48:32 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2011-07-07 02:43:00 -------- d-----w- c:\windows\EHome
2011-07-07 01:02:06 -------- d-----w- c:\windows\system32\XPSViewer
2011-07-07 01:00:44 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-07 01:00:26 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-07-07 01:00:26 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-07-07 01:00:26 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-07-07 01:00:26 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-07-07 01:00:26 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-07-07 01:00:26 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-07-07 01:00:26 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-07-07 01:00:26 117760 ------w- c:\windows\system32\prntvpt.dll
2011-07-07 01:00:25 -------- d-----w- C:\26e0381c782f070f733610226a8ba6
2011-07-07 00:51:41 -------- d-----w- c:\program files\MSXML 6.0
2011-07-05 18:15:11 -------- d-----w- c:\program files\Zone Labs
2011-07-05 18:15:11 -------- d-----w- c:\documents and settings\barb\application data\ZoneLabs
2011-07-04 22:52:14 -------- d-----w- c:\documents and settings\barb\local settings\application data\LogMeIn
2011-07-04 22:52:14 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
.
==================== Find3M ====================
.
2011-07-09 19:15:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-22 21:27:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-22 21:27:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-18 17:18:50 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 20:57:38.93 ===============
Dakeyras
2011-07-21, 12:36
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Create a System Restore Point


Create a new, clean System Restore point which we can use in case of future system problems during the Malware Removal process.
Press Start >> All Programs >> Accessories >>System Tools >> System Restore
Select Create a restore point, then Next, type a name like PMR One for example then press the Create button and once it's done press Close
Next:


I have run malware bytes in safe mode, it removed 37 infeections. I have run it again and it finds nothing.
I would like to review this log if available, it can be located as follows...


Launch/Start the application
Click on the Logs radio tab.
Post the contents of mbam-log-yyyy-mm-dd (tt-tt-tt).txt
Note: yyyy-mm-dd (tt-tt-tt) denote the date/time the log was created.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0 <-- We will update this in due course.
HijackThis 2.0.2 <-- Out of date.
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 25 <-- We will update this in due course.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Scan with aswMBR:

Please download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double-click the aswMBR.exe to run it
When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
Now click on the Scan button to start scan
On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Malwarebytes' Anti-Malware Log(if available).
aswMBR Log.
joemamma
2011-07-22, 02:51
Here are three logs from three times I ran the program.
joemamma
2011-07-22, 04:09
I ran aswmbr.exe in normal mode and during the scan got a BSOD with the following message.

Driver_IRQL_NOT_LESS_or_EQUAL.
offending file awwmbr.sys (0x00000D1,0xEZ8FA000,0x0000FF,0x0000000,0xB33ADB10)

I ran it in safe mode and here is the log. System is still very slow when not running in safe mode.
Dakeyras
2011-07-22, 12:49
Hi. :)


I ran aswmbr.exe in normal mode and during the scan got a BSOD with the following message.
OK and thanks for the update.


I ran it in safe mode and here is the log. System is still very slow when not running in safe mode.
Fair play, run the below scan for myself please in Normal Mode if possible, Safe Mode will suffice if any problems encountered.

A question for your good self, do you have a copy of the Genuine XP Installation CD?

Scan with MBRCheck:

Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) and save to your desktop.

Alternative Download is here (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe).


Double-click on MBRCheck.exe to run the application.
A window similar to this should open on your desktop:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/mbrcheckeg2-2.gif
If you are prompted with options, enter N at the prompt and press Enter .
Press Enter again.
A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run).
Please post the contents of the log in your next reply.
Next:

Please send the MBR.dat file created by aswMBR to a Zip file, then attach it in your next reply. Reason being I would like to carry out a analysis of the aforementioned, thank you.

Next:

Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) and run it.

Checkmark following checkbox:

List Minidump Files.

Click Go and post the result (Result.txt) in your next reply.
joemamma
2011-07-22, 19:42
I do have a Windows CD.
Here are the logs you asked for.
Dakeyras
2011-07-23, 14:01
Hi. :)

Show Hidden Files:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Next:

Using Windows Explorer (to get there right-click your Start button and go to Explore), please navigate to

C:\ >> WINDOWS >> Minidump >> Mini072111-01.dmp & Mini072111-02.dmp

Send both of these dmp files to a Zip file please, then attach it in your next reply, thank you.

Repair MBR:

We will need to use the XP CD-ROM you have for this proceddure.

Restart your computer with the Windows XP Setup disk in the CDROM drive.
If you are prompted to press a key to start the computer from CDROM, do so quickly. Otherwise it may try to boot from the hard drive.
A blue screen will appear and begin loading Windows XP Setup from the CD.
You will be prompted to "press F6 to install any third party SCSI or RAID drivers". Ignore this.
Depress the keyboard R key to enter the Recovery Console.
Next:

AT the C:\Windows> prompt

Type in the following exactly fixmbr and hit enter.
Then at the next prompt type in Exit and hit enter.
Windows should continue to load as normally.
Let myself know when completed the above and if your machine still has the same issue you mentioned in your first post in this topic.
joemamma
2011-07-23, 14:18
Mini Dump Logs
joemamma
2011-07-23, 14:21
Logs in Zip file
joemamma
2011-07-23, 14:47
Still 100% CPU on Normal Boot
Dakeyras
2011-07-23, 15:17
Hi. :)

Thanks for the attachment...OK lets proceed as follows.

Scan with TDSSKiller:

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract (unzip) it to your Desktop.


Double click on TDSSKiller.exe to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
joemamma
2011-07-23, 21:35
I ran this in safe mode and it found nothing. When i tried to run it in Normal mode i got the BSOD attached.
Dakeyras
2011-07-23, 22:25
Hi. :)

Carry out the below In Normal Mode if possible, if problems Safe Mode will suffice for now OK.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html) <-- Click on this link.Please include the C:\ComboFix.txt in your next reply for further review.
Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any other symptoms and or problems encountered?
ComboFix Log.
A new DDS Log.
joemamma
2011-07-24, 03:57
I tried to run combo fix in normal mode but got a BSOD. Error Message: "IO System Verification error in catchme.sys(WDM Driver Error)

I ran it in safe mode. Here is the log. Also when i ran dss in normal mode i got a BSOD. Here is dss from safe mode.
joemamma
2011-07-24, 03:58
CPU still at 100% in normal mode.
Dakeyras
2011-07-25, 12:33
Hi. :)

Please move the executable for ComboFix to the desktop as it needs to be there if we use it again and for when we uninstall it. It is currently residing here:-

c:\documents and settings\Barb\Desktop\Spyware Tools\combofix\ComboFix.exe

Have you uninstalled Microsoft Security Essentials?

Now the BSOD error you mentioned relates to ComboFix, though within the realms of possibility a hardware problem also. Have you changed/upgraded any memory modules recently?
joemamma
2011-07-26, 01:26
I have not istalled any memory. When the issues started I was trying to install a web cam. It was half way through the install and caused the pc to reboot with our completing the install. There was nothing listed in add/remove programs relating to the new web cam software and nothing in device manager. Since then I have updated all device drives from dell that i could find.
Dakeyras
2011-07-26, 11:55
Hi. :)

OK, thanks for the update, lets have another look at your machine with a different scanning application to see if will shed some light on the situation.

No need to attach the requested logs however merely post them back in this topic, thank you.

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).

Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
joemamma
2011-07-26, 19:19
OTL logfile created on: 7/26/2011 12:17:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Barb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 67.90% Memory free
1.84 Gb Paging File | 1.64 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.31 Gb Total Space | 30.08 Gb Free Space | 57.50% Space Free | Partition Type: NTFS
Drive D: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUZY | User Name: Barb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Barb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Barb\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (wsnm) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe (VMware, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (72576925) -- C:\WINDOWS\system32\drivers\55340009.sys (Kaspersky Lab, GERT)
DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (NWUSBCDFIL) -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.102: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Barb\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin


O1 HOSTS File: ([2011/07/23 20:30:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} https://vpn.johnseastern.com/ISBinstaller.cab (ISBinstaller Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Barb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/26 12:17:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/26 12:12:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTL.exe
[2011/07/23 20:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/23 20:29:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2011/07/23 20:20:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/23 19:49:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/23 19:21:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/23 19:21:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/23 19:21:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/23 19:21:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/23 19:02:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/23 18:50:32 | 004,150,846 | R--- | C] (Swearware) -- C:\Documents and Settings\Barb\Desktop\ComboFix.exe
[2011/07/23 14:35:31 | 000,094,512 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\55340009.sys
[2011/07/14 20:56:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Barb\Start Menu\Programs\Administrative Tools
[2011/07/14 20:55:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/07/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/07/14 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Spyware Tools
[2011/07/14 18:28:38 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/07/13 21:42:01 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/07/11 19:50:11 | 003,274,608 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\Copy of HD5001FW1033.exe
[2011/07/11 19:47:21 | 003,274,608 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\HD5001FW1033.exe
[2011/07/11 19:46:36 | 000,000,000 | ---D | C] -- C:\Intel
[2011/07/11 18:52:38 | 002,318,336 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2011/07/11 18:52:38 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2011/07/11 18:52:38 | 000,114,688 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2011/07/11 18:52:38 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2011/07/11 18:52:38 | 000,040,960 | ---- | C] (Intel(r) Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2011/07/11 18:48:27 | 001,033,728 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DPV.SYS
[2011/07/11 18:48:27 | 000,042,858 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfci014.dll
[2011/07/10 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft LifeCam
[2011/07/10 20:22:52 | 000,636,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin36.dll
[2011/07/10 20:22:52 | 000,514,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LcProxy2.ax
[2011/07/10 20:22:52 | 000,078,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nx6000res.dll
[2011/07/10 20:22:52 | 000,030,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nx6000.sys
[2011/07/10 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2011/07/10 20:21:54 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/07/10 20:21:47 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/07/10 20:21:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/07/10 13:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/07/10 09:52:04 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/07/09 21:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\AOL Saved PFC
[2011/07/09 15:46:41 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/07/09 15:46:37 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/07/09 15:46:33 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/07/09 15:29:47 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/07/09 15:27:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/07/09 15:24:43 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/07/09 15:14:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/07/09 10:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Wireless
[2011/07/09 10:53:00 | 000,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2011/07/09 10:52:57 | 000,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2011/07/09 10:52:56 | 002,129,920 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2011/07/08 18:56:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/07 22:13:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/07/07 22:09:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/07/07 22:09:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/07/07 22:09:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/07/07 22:09:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/07/07 22:09:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/07/06 22:59:29 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/07/06 22:59:28 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/07/06 22:59:15 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/07/06 22:59:15 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/07/06 22:59:15 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/07/06 22:59:14 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/07/06 22:59:13 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/07/06 22:59:13 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/07/06 22:59:13 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/07/06 22:59:13 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/07/06 22:59:13 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/07/06 22:59:13 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/07/06 22:59:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/07/06 22:59:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/07/06 22:59:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/07/06 22:59:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/07/06 22:59:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/07/06 22:59:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/07/06 22:59:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2011/07/06 22:59:12 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2011/07/06 22:59:11 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/07/06 22:59:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2011/07/06 22:59:10 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/07/06 22:59:10 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/07/06 22:59:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2011/07/06 22:59:10 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/07/06 22:59:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/07/06 22:59:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/07/06 22:59:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2011/07/06 22:59:10 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/07/06 22:59:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/07/06 22:59:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/07/06 22:59:07 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/07/06 22:59:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/07/06 22:59:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/07/06 22:59:06 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/07/06 22:59:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/07/06 22:59:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/07/06 22:59:05 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/07/06 22:59:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/07/06 22:59:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/07/06 22:59:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/07/06 22:59:03 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2011/07/06 22:59:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/07/06 22:59:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2011/07/06 22:59:02 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/07/06 22:59:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2011/07/06 22:59:01 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/07/06 22:59:01 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/07/06 22:59:01 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/07/06 22:59:01 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/07/06 22:59:01 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/07/06 22:59:01 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/07/06 22:59:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/07/06 22:59:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/07/06 22:58:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/07/06 22:58:58 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/07/06 22:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/07/06 22:58:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/07/06 22:58:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/07/06 22:58:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/07/06 22:50:35 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/07/06 22:50:35 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/07/06 22:50:35 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/07/06 22:50:35 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/07/06 22:50:34 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/07/06 22:50:34 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/07/06 22:50:34 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/07/06 22:50:34 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/07/06 22:50:34 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/07/06 22:50:34 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/07/06 22:50:34 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/07/06 22:50:34 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/07/06 22:50:34 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/07/06 22:50:34 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/07/06 22:50:34 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/07/06 22:50:34 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/07/06 22:50:34 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/07/06 22:50:33 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/07/06 22:50:33 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/07/06 22:50:33 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/07/06 22:50:33 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/07/06 22:50:33 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/07/06 22:50:33 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/07/06 22:50:33 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/07/06 22:50:33 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/07/06 22:50:32 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/07/06 22:50:32 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/07/06 22:50:32 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/07/06 22:50:32 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/07/06 22:50:32 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/07/06 22:50:32 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/07/06 22:50:32 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/07/06 22:50:32 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/07/06 22:50:32 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/07/06 22:50:31 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/07/06 22:50:31 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/07/06 22:50:29 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/07/06 22:50:28 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/07/06 22:50:28 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/07/06 22:50:28 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/07/06 22:50:27 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/07/06 22:50:27 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/07/06 22:50:27 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/07/06 22:50:27 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/07/06 22:50:27 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/07/06 22:50:27 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/07/06 22:50:26 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/07/06 22:50:26 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/07/06 22:50:26 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/07/06 22:50:26 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/07/06 22:50:26 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/07/06 22:50:25 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/07/06 22:50:25 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/07/06 22:50:25 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/07/06 22:50:25 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/07/06 22:50:25 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/07/06 22:50:25 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/07/06 22:48:32 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelppm.sys
[2011/07/06 22:43:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/06 22:43:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/07/06 21:50:33 | 022,660,464 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\LifeCam3.60.exe
[2011/07/06 21:42:49 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/07/06 21:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2011/07/06 21:02:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/07/06 21:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/07/06 21:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/07/06 21:00:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/07/06 21:00:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/07/06 21:00:26 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/07/06 21:00:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/07/06 21:00:26 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/07/06 21:00:26 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/07/06 21:00:25 | 000,000,000 | ---D | C] -- C:\26e0381c782f070f733610226a8ba6
[2011/07/06 20:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/07/05 14:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Application Data\ZoneLabs
[2011/07/05 14:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/07/04 18:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Local Settings\Application Data\LogMeIn
[2011/07/04 18:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/27 19:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Piper Pics
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/26 12:15:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/26 12:12:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTL.exe
[2011/07/23 20:54:11 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/23 20:54:11 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/23 20:49:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 20:30:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/23 19:49:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/23 19:19:57 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/23 18:50:36 | 004,150,846 | R--- | M] (Swearware) -- C:\Documents and Settings\Barb\Desktop\ComboFix.exe
[2011/07/23 14:35:32 | 000,094,512 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\55340009.sys
[2011/07/23 14:33:18 | 000,059,999 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.JPG
[2011/07/23 14:31:18 | 001,741,549 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.GIF
[2011/07/23 14:30:23 | 010,037,302 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.bmp
[2011/07/23 14:27:19 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3668883598-1458084838-1880407917-1006UA.job
[2011/07/23 14:26:46 | 004,630,413 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.zip
[2011/07/21 19:33:48 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Barb\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/21 19:33:46 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Google Chrome.lnk
[2011/07/14 20:55:29 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/14 20:36:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/14 18:08:45 | 000,227,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 20:04:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 19:47:21 | 003,274,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\HD5001FW1033.exe
[2011/07/11 19:47:21 | 003,274,608 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\Copy of HD5001FW1033.exe
[2011/07/11 18:59:26 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_INS_6000.MRK
[2011/07/11 18:59:26 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_INS_6000.MRK
[2011/07/10 21:58:44 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_rundll32_exe.job
[2011/07/10 21:58:20 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[2011/07/10 20:23:07 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2011/07/10 13:39:21 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Modem Helper.lnk
[2011/07/10 09:45:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/09 21:23:05 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/07/09 17:27:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3668883598-1458084838-1880407917-1006Core.job
[2011/07/09 15:15:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/06 22:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/06 21:50:33 | 022,660,464 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\LifeCam3.60.exe
[2011/07/06 21:11:52 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/04 20:58:27 | 000,305,664 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\1309778880380-mypinwheelquilt.pdf
[2011/06/29 22:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/23 19:49:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/23 19:49:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/23 19:21:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/23 19:21:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/23 19:21:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/23 19:21:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/23 19:21:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/23 14:31:15 | 001,741,549 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.GIF
[2011/07/23 14:27:53 | 010,037,302 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.bmp
[2011/07/23 14:26:41 | 004,630,413 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.zip
[2011/07/23 14:20:20 | 000,059,999 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\DSC_0003.JPG
[2011/07/14 20:55:29 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/07/11 19:51:26 | 000,115,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/11 18:59:26 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_INS_6000.MRK
[2011/07/11 18:59:26 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_INS_6000.MRK
[2011/07/11 18:59:25 | 000,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2011/07/11 18:52:39 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/07/11 18:52:39 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2011/07/11 18:52:39 | 000,023,216 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2011/07/11 18:52:39 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/07/11 18:48:27 | 000,129,405 | ---- | C] () -- C:\WINDOWS\System32\drivers\del1028.cty
[2011/07/10 21:51:51 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[2011/07/10 21:51:15 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_rundll32_exe.job
[2011/07/10 20:23:07 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[2011/07/10 13:39:21 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Modem Helper.lnk
[2011/07/10 09:47:54 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/09 21:23:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/09 10:52:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/07/09 10:52:56 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/07/07 21:24:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/06 22:50:32 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/07/06 22:50:31 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/07/06 22:50:28 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/07/04 20:58:27 | 000,305,664 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\1309778880380-mypinwheelquilt.pdf
[2010/01/19 18:57:24 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2009/08/18 12:32:58 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/08/18 12:32:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_6800.ini
[2009/08/18 12:32:57 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/18 12:32:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/08/18 12:32:54 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/04 11:04:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\housecall.guid.cache
[2009/04/29 20:17:30 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Barb\Application Data\PFP120JPR.{PB
[2009/04/29 20:17:30 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Barb\Application Data\PFP120JCM.{PB
[2009/04/29 20:17:08 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/04/29 20:17:08 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\90FD9E6706.sys
[2007/05/22 19:14:58 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/04/16 20:46:27 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/24 12:41:31 | 000,000,049 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/09/02 15:40:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/02 15:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/02 15:08:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2005/09/02 14:48:05 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2005/09/02 14:47:45 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2005/08/25 08:49:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/25 08:37:57 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/08/25 08:33:46 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/25 08:27:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/08/25 08:27:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2005/08/25 08:27:24 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/08/25 08:03:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2005/08/25 08:03:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/08/25 08:02:34 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,227,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 13:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 13:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 13:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 13:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >
joemamma
2011-07-26, 19:20
OTL Extras logfile created on: 7/26/2011 12:17:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Barb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 67.90% Memory free
1.84 Gb Paging File | 1.64 Gb Available in Paging File | 88.99% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.31 Gb Total Space | 30.08 Gb Free Space | 57.50% Space Free | Partition Type: NTFS
Drive D: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SUZY | User Name: Barb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Disabled:VMware View Client -- (VMware, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D8C48F7A-5BCE-49B0-9781-EEFCB4CAE6AA}" = VMware View Client
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ERUNT_is1" = ERUNT 1.1j
"HP Deskjet 5700 Series_Driver" = HP Deskjet 5700 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickBooks 2000" = QuickBooks Pro 2000
"RealPlayer 6.0" = RealPlayer Basic
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3668883598-1458084838-1880407917-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2011 8:48:02 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/20/2011 8:43:00 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/20/2011 8:48:02 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/22/2011 9:07:22 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/22/2011 9:12:21 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 7:45:44 AM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 10:20:52 AM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 2:48:07 PM | Computer Name = SUZY | Source = MPSampleSubmission | ID = 5000
Description =

Error - 7/23/2011 6:59:21 PM | Computer Name = SUZY | Source = Application Hang | ID = 1002
Description = Hanging application msseces.exe, version 2.1.1116.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2011 7:12:54 PM | Computer Name = SUZY | Source = Microsoft Security Client | ID = 1001
Description =

[ System Events ]
Error - 7/23/2011 8:19:24 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/23/2011 8:35:00 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/23/2011 8:36:33 PM | Computer Name = SUZY | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%2148074295

Error - 7/23/2011 8:36:58 PM | Computer Name = SUZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV ctxusbm Fips SBRE

Error - 7/23/2011 8:50:26 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/23/2011 8:51:38 PM | Computer Name = SUZY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV ctxusbm Fips intelppm SBRE

Error - 7/23/2011 8:56:37 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/23/2011 9:04:41 PM | Computer Name = SUZY | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JASON that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2EB84B37-4CD4-4635-B60.
The
master browser is stopping or an election is being forced.

Error - 7/24/2011 8:07:39 AM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/24/2011 2:41:08 PM | Computer Name = SUZY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
Dakeyras
2011-07-27, 11:52
Hi. :)

A few questions before we proceed any further...

1 - Have you uninstalled Microsoft Security Essentials?

2 - Going back to this you mentioned prior:-

When the issues started I was trying to install a web cam.
Are you referring to Microsoft LifeCam? If not which make/modal of Web Cam was it please.
joemamma
2011-07-27, 15:54
1. Yes I uninstalled MSE before I ran combo fix.
2. Yes it was a Microsoft LifeCam HD-5000 Web camera.
Dakeyras
2011-07-27, 22:05
Hi. :)

Thanks for answering my questions, lets proceed as follows shall we...Carry out the below in Normal Mode if possible.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Microsoft LifeCam
ViewpointMediaPlayer <-- Has undersirible characteristics.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\OTL-backup
and click on OK.

Custom OTL Script:

Double-click OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
DRV - (72576925) -- C:\WINDOWS\system32\drivers\55340009.sys (Kaspersky Lab, GERT)
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O15 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} https://vpn.johnseastern.com/ISBinstaller.cab (ISBinstaller Class)
[2011/07/10 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft LifeCam
[2011/07/10 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/07/06 21:50:33 | 022,660,464 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\LifeCam3.60.exe

:Files
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"=-
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"=-
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"=-
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft LifeCam]

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Re-install Microsoft Security Essentials:

Download Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/).
Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.
Note: If anything was removed by the AV you installed, please save a copy of the report created and post the contents in your next reply, thank you.

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
joemamma
2011-07-29, 04:33
Here is the OTL log.
I reinstalled MSE and ran a scan in safe mode which found nothing. I was unable to run it in normal mode. Normal mode still has 100% cpu.
Dakeyras
2011-07-29, 12:49
Hi. :)


Here is the OTL log.
You neglected to post it...please do so and we will go from there, thank you.
joemamma
2011-07-29, 13:05
Log File,
Dakeyras
2011-07-29, 13:55
Hi. :)

I would like to review a new OTL log ran in Normal Mode, I appreciate the current problems so we will attempt to work around that as follows...

Download & Run OTH:

Please download OTH (http://oldtimer.geekstogo.com/OTH.scr) to your Desktop.

Now double click on OTH.scr to start the application.
Click on Kill All Processes <-- The desktop and taskbar etc will disappear, this is normal as all running process will have been stopped.
Then click on Start Misc Program
Navigate to OTL.exe >> Open >> Run
With OTL.exe now running, click on Run Scan, then post the new log that opens in your next repy.
Return to OTH and click on Reboot.

Note: Only one log will be created this time, OTL.txt and this is all I require.
joemamma
2011-07-30, 01:01
Here you go.
Dakeyras
2011-07-30, 16:18
Hi. :)

Well as far as I can tell your machine appears to be malware free so that is not the source for the current issue...Most likely it is hardware related, as both myself and this forum primarily only provide Anti-Malware support I suggest you seek further assistance with this matter in a specific IT Support forum. So the best advice I can give is to is create a account at one of the following forums and post in the appropriate section.

By all means include a link back to this topic:

http://forums.spybot.info/showthread.php?t=63371

I am a member of all of the below myself and they have outstanding IT Tech Support Staff:

Specific Hardware Support:

Geeks to Go (http://www.geekstogo.com/forum/)
PC Pitstop (http://forums.pcpitstop.com/)
What the Tech (http://forums.whatthetech.com/forums.html)

Uninstall ComboFix:


Click on Start >> Run...
Now type in ComboFix /Uninstall into the and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png
Clean up with OTL:

Double-click OTL to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Next:

This forum topic is worth your time reading:-

So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)

Any questions? Feel free to ask, if not stay safe!
joemamma
2011-07-30, 20:02
Thank You so much for your help.
Dakeyras
2011-07-30, 22:20
You're most welcome and good luck resolving the remaining issue. :)
Dakeyras
2011-08-01, 10:34
Hi. :)

A few more things before I close this topic...we still need to install updated versions of both Adobe & Java. My advise is you bookmark this reply and install once the other issues have been rectified.

New Adobe Reader Installation:

Go here (ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.0/en_US/) and click on AdbeRdr1010_en_US.exe to download the latest version of Adobe Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X.
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button.
New Java Installation:

Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java SE 7 (JDK or JRE). Click on Download JRE.
Check (tick) Java SE Runtime Environment 7 License Agreement box.
Click on jre-7-windows-i586.exe link next to Windows x86 Offline to download it and save this to a convenient location.
Double-click on on jre-7-windows-i586.exe to install Java.
Dakeyras
2011-08-02, 12:04
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.