Hijack This default32.dll

Status
Not open for further replies.
Hi. :)

A few questions before we proceed any further...

1 - Have you uninstalled Microsoft Security Essentials?

2 - Going back to this you mentioned prior:-
When the issues started I was trying to install a web cam.
Click to expand...
Are you referring to Microsoft LifeCam? If not which make/modal of Web Cam was it please.
 
Microsoft Security Essentials

1. Yes I uninstalled MSE before I ran combo fix.
2. Yes it was a Microsoft LifeCam HD-5000 Web camera.
 
Hi. :)

Thanks for answering my questions, lets proceed as follows shall we...Carry out the below in Normal Mode if possible.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Microsoft LifeCam
ViewpointMediaPlayer <-- Has undersirible characteristics.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
Code: 
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\OTL-backup
and click on OK.

Custom OTL Script:
  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: 
:OTL
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
DRV - (72576925) -- C:\WINDOWS\system32\drivers\55340009.sys (Kaspersky Lab, GERT)
IE - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Barb\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O15 - HKU\S-1-5-21-3668883598-1458084838-1880407917-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {1BA7BD5D-2BE1-4C06-A53F-632BD1C003BA} https://vpn.johnseastern.com/ISBinstaller.cab (ISBinstaller Class)
[2011/07/10 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft LifeCam
[2011/07/10 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/07/06 21:50:33 | 022,660,464 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Barb\Desktop\LifeCam3.60.exe

:Files
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"=-
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"=-
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"=-
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft LifeCam]

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Re-install Microsoft Security Essentials:
Note: If anything was removed by the AV you installed, please save a copy of the report created and post the contents in your next reply, thank you.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
 
OTL Log

Here is the OTL log.
I reinstalled MSE and ran a scan in safe mode which found nothing. I was unable to run it in normal mode. Normal mode still has 100% cpu.
 
Hi. :)

I would like to review a new OTL log ran in Normal Mode, I appreciate the current problems so we will attempt to work around that as follows...

Download & Run OTH:

Please download OTH to your Desktop.
  • Now double click on OTH.scr to start the application.
  • Click on Kill All Processes <-- The desktop and taskbar etc will disappear, this is normal as all running process will have been stopped.
  • Then click on Start Misc Program
  • Navigate to OTL.exe >> Open >> Run
  • With OTL.exe now running, click on Run Scan, then post the new log that opens in your next repy.
  • Return to OTH and click on Reboot.
Note: Only one log will be created this time, OTL.txt and this is all I require.
 
Hi. :)

Well as far as I can tell your machine appears to be malware free so that is not the source for the current issue...Most likely it is hardware related, as both myself and this forum primarily only provide Anti-Malware support I suggest you seek further assistance with this matter in a specific IT Support forum. So the best advice I can give is to is create a account at one of the following forums and post in the appropriate section.

By all means include a link back to this topic:
http://forums.spybot.info/showthread.php?t=63371
Click to expand...

I am a member of all of the below myself and they have outstanding IT Tech Support Staff:

Specific Hardware Support:
Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png
Clean up with OTL:
  • Double-click OTL to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Next:

This forum topic is worth your time reading:-

So how did I get infected in the first place?

Any questions? Feel free to ask, if not stay safe!
 
Hi. :)

A few more things before I close this topic...we still need to install updated versions of both Adobe & Java. My advise is you bookmark this reply and install once the other issues have been rectified.

New Adobe Reader Installation:
  • Go here and click on AdbeRdr1010_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • After the new Reader is installed, Open Adobe Reader X.
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.
New Java Installation:
  • Click here to visit Java's website.
  • Scroll down to Java SE 7 (JDK or JRE). Click on Download JRE.
  • Check (tick) Java SE Runtime Environment 7 License Agreement box.
  • Click on jre-7-windows-i586.exe link next to Windows x86 Offline to download it and save this to a convenient location.
  • Double-click on on jre-7-windows-i586.exe to install Java.
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top